pypi

4,707 tracked vulnerabilities.

CVE-2026-27645 MEDIUM NUCLEI
changedetection.io < 0.54.1 - Reflected Cross-Site Scripting via RSS Single-Watch UUID Parameter
Feb 25, 2026
CVSS 6.1
EPSS 0.01
CVE-2026-27641 CRITICAL
Flask-Reuploaded <1.5.0 - Path Traversal
Feb 25, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-27628 HIGH
pypdf < 6.7.2 - Denial of Service via Infinite Loop
Feb 25, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-27614 CRITICAL
Bugsink < 2.0.13 - Unauthenticated Stored Cross-Site Scripting via Pygments Line Handling
Feb 25, 2026
CVSS 9.3
EPSS 0.00
CVE-2026-27156 MEDIUM
NiceGUI < 3.8.0 - Cross-Site Scripting via Element Method Execution
Feb 24, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-27483 HIGH NUCLEI
MindsDB < 25.9.1.1 - Authenticated Path Traversal and Remote Command Execution via /api/files Upload
Feb 24, 2026
CVSS 8.8
EPSS 0.23
CVE-2026-23984 MEDIUM
Apache Superset <6.0.0 - Auth Bypass
Feb 24, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-23983 MEDIUM
Apache Superset < 6.0.0 - Authenticated Sensitive Data Exposure via Tag Endpoint
Feb 24, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-23982 MEDIUM
Apache Superset <6.0.0 - Auth Bypass
Feb 24, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-23980 MEDIUM
Apache Superset <6.0.0 - SQL Injection
Feb 24, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-23969 MEDIUM
Apache Superset <4.1.2 - SQL Injection
Feb 24, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-26981 MEDIUM
OpenEXR 3.3.0-3.3.6/3.4.0-3.4.4 - Memory Corruption
Feb 24, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-26331 HIGH
yt-dlp 2023.06.21-2026.02.21 - Command Injection
Feb 24, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-26198 CRITICAL
Ormar 0.9.9-0.22.0 - SQL Injection via Unsanitized Column Names in Aggregate Queries
Feb 24, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-2970 MEDIUM
datapizza-ai 0.0.2 - Deserialization
Feb 23, 2026
CVSS 4.6
EPSS 0.00
CVE-2026-2969 MEDIUM
datapizza-ai 0.0.2 - Code Injection
Feb 23, 2026
CVSS 4.7
EPSS 0.00
CVE-2026-27482 MEDIUM
Ray < 2.54.0 - Unauthenticated Job Deletion via Dashboard DELETE Endpoint
Feb 21, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-27469 MEDIUM
Isso < 0.13.2 - Stored Cross-Site Scripting via Website and Author Comment Fields
Feb 21, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-27205 MEDIUM
Flask < 3.1.3 - Use of Cache Containing Sensitive Information via Session Access
Feb 21, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-27199 MEDIUM
Werkzeug < 3.1.6 - Denial of Service via Windows Device Name Path Handling
Feb 21, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-27197 CRITICAL
Sentry 21.12.0-26.1.0 - Auth Bypass
Feb 21, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-27194 CRITICAL
D-Tale < 3.20.0 save-column-filter - Remote Code Execution
Feb 21, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-2635 CRITICAL
MLflow - Unauthenticated Authentication Bypass via Default Credentials in basic_auth.ini
Feb 20, 2026
CVSS 9.8
EPSS 0.02
CVE-2026-2033 HIGH
MLflow Tracking Server - Path Traversal RCE
Feb 20, 2026
CVSS 8.1
EPSS 0.18
CVE-2026-27026 MEDIUM
pypdf < 6.7.1 - Denial of Service via Malformed FlateDecode Stream
Feb 20, 2026
CVSS 5.5
EPSS 0.00
Products
tensorflow 427 tensorflow-gpu 421 tensorflow-cpu 417 Django 147 apache-airflow 111 Plone 96 open-webui 86 mlflow 70 apache-superset 67 salt 67 ansible 66 pillow 52 nova 48 gradio 46 rdiffweb 43 matrix-synapse 42 pyload-ng 41 vyper 39 vllm 38 keystone 36 moin 35 aiohttp 33 opencv-contrib-python 30 opencv-python 30 PraisonAI 27 pgadmin4 26 pypdf 24 glance 22 langflow 22 ethyca-fides 21
Quick Filters
Critical CVEs With Exploits In CISA KEV