pypi
4,986 tracked vulnerabilities.
CVE-2026-5463
HIGH
pymetasploit3 < 1.0.6 - Command Injection via Newline in Module Options
Apr 03, 2026
CVSS 8.6
EPSS 0.02
CVE-2026-35536
HIGH
Tornado <6.5.5 - Cookie Attribute Injection
Apr 03, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-34730
MEDIUM
Copier `_external_data` allows path traversal and absolute-path local file read without unsafe mode
Apr 02, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-34726
MEDIUM
Copier `_subdirectory` allows template root escape via parent-directory traversal
Apr 02, 2026
CVSS 4.4
EPSS 0.00
CVE-2026-34591
MEDIUM
Poetry Has Wheel Path Traversal Which Can Lead to Arbitrary File Write
Apr 02, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-35002
CRITICAL
Agno < 2.3.24 field_type Eval Injection Arbitrary Code Execution
Apr 02, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-33641
HIGH
Glances Vulnerable to Command Injection via Dynamic Configuration Values
Apr 02, 2026
CVSS 7.8
EPSS 0.01
CVE-2026-33533
MEDIUM
Glances Vulnerable to Cross-Origin System Information Disclosure via XML-RPC Server CORS Wildcard
Apr 02, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-32871
CRITICAL
FastMCP <3.2.0 OpenAPIProvider - Server-Side Request Forgery
Apr 02, 2026
CVSS 10.0
EPSS 0.01
CVE-2026-34544
HIGH
OpenEXR: integer overflow to OOB write in uncompress_b44_impl()
Apr 01, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-34543
HIGH
OpenEXR: Heap information disclosure in PXR24 decompression via unchecked decompressed size (undo_pxr24_impl)
Apr 01, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-34531
MEDIUM
Flask-HTTPAuth invokes token verification callback when missing or empty token was given by client
Apr 01, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-34525
MEDIUM
AIOHTTP: Duplicate Host header accepted
Apr 01, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-34520
CRITICAL
AIOHTTP: C parser (llhttp) accepts null bytes and control characters in response header values - header injection / security bypass
Apr 01, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-34519
MEDIUM
AIOHTTP: HTTP response splitting via \r in reason phrase
Apr 01, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-34518
MEDIUM
AIOHTTP: Cookie and Proxy-Authorization headers leaked on cross-origin redirect
Apr 01, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-34517
MEDIUM
AIOHTTP: Late size enforcement for non-file multipart fields causes memory DoS
Apr 01, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-34516
HIGH
AIOHTTP: Multipart Header Size Bypass
Apr 01, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-34515
HIGH
AIOHTTP: UNC SSRF/NTLMv2 Credential Theft/Local File Read in static resource handler on Windows
Apr 01, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-34514
MEDIUM
AIOHTTP: CRLF injection in multipart part content type header construction
Apr 01, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-34513
HIGH
AIOHTTP: Denial of Service (DoS) via Unbounded DNS Cache in TCPConnector
Apr 01, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-22815
HIGH
AIOHTTP: Uncapped memory usage possible through aiohttp allowing unlimited trailer headers
Apr 01, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-34447
MEDIUM
ONNX: External Data Symlink Traversal
Apr 01, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-34446
MEDIUM
ONNX: Arbitrary File Read via ExternalData Hardlink Bypass in ONNX load
Apr 01, 2026
CVSS 4.7
EPSS 0.00
CVE-2026-34445
HIGH
ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings.
Apr 01, 2026
CVSS 8.6
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 91
mlflow 76
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters