pypi
4,707 tracked vulnerabilities.
CVE-2026-27025
MEDIUM
pypdf < 6.7.1 - Denial of Service via Malicious /ToUnicode Font Entry
Feb 20, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-27024
MEDIUM
pypdf < 6.7.1 - Denial of Service via Infinite Loop in TreeObject Children Access
Feb 20, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-2472
HIGH
Google Cloud Vertex AI SDK 1.98.0-1.131.0 - XSS
Feb 20, 2026
EPSS 0.00
CVE-2026-25739
MEDIUM
Indico < 3.3.10 - Stored Cross-Site Scripting via Material File Upload
Feb 19, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-25738
MEDIUM
Indico < 3.3.10 - Server-Side Request Forgery via User-Provided URL
Feb 19, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-24126
MEDIUM
Weblate <5.16.0 - Command Injection
Feb 19, 2026
CVSS 6.6
EPSS 0.00
CVE-2026-24708
HIGH
OpenStack Nova <30.2.2 - Memory Corruption
Feb 18, 2026
CVSS 8.2
EPSS 0.00
CVE-2026-2654
MEDIUM
huggingface smolagents 1.24.0 - SSRF
Feb 18, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-2415
MEDIUM
pretix 2026.1.0-2026.1.1 & 4.16.0-2026.1.1 - Info Disclosure & Dynamic Variable Evaluation via Email Templates
Feb 16, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-2531
MEDIUM
MindsDB < 25.14.1 - Server-Side Request Forgery via File Upload clear_filename Function
Feb 16, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-26217
HIGH
Crawl4AI < 0.8.0 - Unauthenticated Local File Inclusion via Docker API Endpoints
Feb 12, 2026
CVSS 8.6
EPSS 0.00
CVE-2026-26216
CRITICAL
Crawl4AI < 0.8.0 - Unauthenticated Remote Code Execution via Docker API Hooks Parameter
Feb 12, 2026
CVSS 10.0
EPSS 0.00
CVE-2026-1669
HIGH
Keras 3.0.0-3.13.1 - Arbitrary File Read via HDF5 External Dataset References
Feb 11, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-25990
HIGH
Pillow 10.3.0-12.1.0 - Out-of-bounds Write via Crafted PSD Image
Feb 11, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-26013
LOW
langchain-core < 1.2.11 - Server-Side Request Forgery via ChatOpenAI Image URL
Feb 10, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-26007
MEDIUM
cryptography < 46.0.5 - Insufficient Verification of Data Authenticity in Public Key Functions
Feb 10, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-25577
HIGH
emmett-core < 1.3.11 - Unauthenticated Denial of Service via Malformed Cookie Header
Feb 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-21531
CRITICAL
Azure Conversation Authoring Client Library - Remote Code Execution via Untrusted Data Deserialization
Feb 10, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-25528
MEDIUM
LangSmith SDK - Server-Side Request Forgery via Baggage Header Injection
Feb 09, 2026
CVSS 5.8
EPSS 0.00
CVE-2026-25480
MEDIUM
Litestar < 2.20.0 - Unauthenticated Cache Poisoning via FileStore Key Collision
Feb 09, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-25479
MEDIUM
Litestar < 2.20.0 - Host Validation Bypass via Regex Metacharacter Injection
Feb 09, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-25478
HIGH
Litestar < 2.20.0 - Permissive Cross-domain Security Policy via Unescaped Regex Metacharacters
Feb 09, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-24098
MEDIUM
Apache Airflow <3.1.7 - Info Disclosure
Feb 09, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-22922
MEDIUM
Apache Airflow <3.1.6 - Info Disclosure
Feb 09, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-25905
MEDIUM
mcp-run-python - Improper Isolation via Pyodide API Access
Feb 09, 2026
CVSS 5.8
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 111
Plone 96
open-webui 86
mlflow 70
apache-superset 67
salt 67
ansible 66
pillow 52
nova 48
gradio 46
rdiffweb 43
matrix-synapse 42
pyload-ng 41
vyper 39
vllm 38
keystone 36
moin 35
aiohttp 33
opencv-contrib-python 30
opencv-python 30
PraisonAI 27
pgadmin4 26
pypdf 24
glance 22
langflow 22
ethyca-fides 21
Quick Filters