pypi
4,986 tracked vulnerabilities.
CVE-2026-35029
HIGH
NUCLEI
LiteLLM affected by privilege escalation via unrestricted proxy configuration endpoint
Apr 06, 2026
CVSS 8.8
EPSS 0.26
CVE-2026-34756
MEDIUM
vLLM Affected by Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API Server
Apr 06, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-34755
MEDIUM
vLLM Affected by Denial of Service via Unbounded Frame Count in video/jpeg Base64 Processing
Apr 06, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-34753
MEDIUM
vLLM affected by Server-Side Request Forgery (SSRF) in `download_bytes_from_url `
Apr 06, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-34589
MEDIUM
OpenEXR: DWA Lossy Decoder Heap Out-of-Bounds Write
Apr 06, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-34588
HIGH
OpenEXR PIZ Decoder - Out-of-Bounds Read/Write
Apr 06, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-34444
CRITICAL
Lupa <=2.6 getattr and setattr - Sandbox Escape
Apr 06, 2026
CVSS 10.0
EPSS 0.01
CVE-2026-33752
HIGH
Redirect-based SSRF leading to internal network access in curl_cffi (with TLS impersonation bypass)
Apr 06, 2026
CVSS 8.6
EPSS 0.00
CVE-2026-5559
MEDIUM
AntaresMugisho PyBlade AST Validation sandbox.py _is_safe_ast special elements used in a template engine
Apr 05, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-34955
HIGH
PraisonAI: Sandbox Escape via shell=True and Bypassable Blocklist in SubprocessSandbox
Apr 04, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-34954
HIGH
PraisonAI: SSRF in FileTools.download_file() via Unvalidated URL
Apr 03, 2026
CVSS 8.6
EPSS 0.00
CVE-2026-34953
CRITICAL
PraisonAI: Authentication Bypass in OAuthManager.validate_token()
Apr 03, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-34952
CRITICAL
PraisonAI: Missing Authentication in WebSocket Gateway
Apr 03, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-34939
MEDIUM
PraisonAI: ReDoS via Unvalidated User-Controlled Regex in MCPToolIndex.search_tools()
Apr 03, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-34938
CRITICAL
PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in execute_code
Apr 03, 2026
CVSS 10.0
EPSS 0.01
CVE-2026-34937
HIGH
PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution
Apr 03, 2026
CVSS 7.8
EPSS 0.01
CVE-2026-34936
HIGH
PraisonAI: SSRF via Unvalidated api_base in passthrough() Fallback
Apr 03, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-34935
CRITICAL
PraisonAI: OS Command Injection in MCPHandler.parse_mcp_command()
Apr 03, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-34934
CRITICAL
PraisonAI: Second-Order SQL Injection in `get_all_user_threads`
Apr 03, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-34824
HIGH
Mesop: Unbounded Thread Creation in WebSocket Handler Leads to Denial of Service
Apr 03, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-34052
MEDIUM
LTI JupyterHub Authenticator: Unbounded Memory Growth via Nonce Storage (Denial of Service)
Apr 03, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-33709
MEDIUM
JupyterHub <5.4.4 Login Flow - Open Redirect
Apr 03, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-33175
HIGH
OAuthenticator: Authentication Bypass in Auth0OAuthenticator via Unverified Email Claims
Apr 03, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-0545
CRITICAL
NUCLEI
Missing Authentication for Critical Function in mlflow/mlflow
Apr 03, 2026
CVSS 9.8
EPSS 0.04
CVE-2026-27124
MEDIUM
FastMCP: Missing Consent Verification in OAuth Proxy Callback Facilitates Confused Deputy Vulnerabilities
Apr 03, 2026
CVSS 6.1
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 91
mlflow 76
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters