pypi
4,707 tracked vulnerabilities.
CVE-2026-25904
MEDIUM
mcp-run-python - Server-Side Request Forgery via Deno Sandbox Configuration
Feb 09, 2026
CVSS 5.8
EPSS 0.00
CVE-2026-25732
HIGH
NiceGUI < 3.7.0 - Path Traversal via FileUpload.name Property
Feb 06, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-25516
MEDIUM
NiceGUI < 3.7.0 - Stored Cross-Site Scripting via ui.markdown() Component
Feb 06, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-25632
CRITICAL
EPyT-Flow < 0.16.1 - Remote Code Execution via Untrusted JSON Deserialization
Feb 06, 2026
CVSS 10.0
EPSS 0.00
CVE-2026-25592
CRITICAL
Microsoft.SemanticKernel.Core < 1.71.0 - Arbitrary File Write via SessionsPythonPlugin
Feb 06, 2026
CVSS 9.9
EPSS 0.00
CVE-2026-25580
HIGH
Pydantic AI 0.0.26-1.56.0 - Server-Side Request Forgery via URL Download Functionality
Feb 06, 2026
CVSS 8.6
EPSS 0.00
CVE-2026-25640
HIGH
Pydantic AI 1.34.0-1.51.0 - Cross-Site Scripting via Unvalidated CDN URL Parameter
Feb 06, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-1709
CRITICAL
Keylime >=7.12.0 <7.12.2 - Unauthenticated Administrative Operations via TLS Authentication Bypass
Feb 06, 2026
CVSS 9.4
EPSS 0.00
CVE-2026-25650
HIGH
mcp-salesforce-connector < 0.1.10 - Exposure of Sensitive Information via Arbitrary Attribute Access
Feb 06, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-1707
HIGH
pgAdmin 9.11 - Privilege Escalation
Feb 05, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-25198
MEDIUM
web2py <= 2.27.1-stable+timestamp.2023.11.16.08.03.57 - Open Redirect via Crafted URL
Feb 05, 2026
CVSS 4.7
EPSS 0.00
CVE-2026-25517
LOW
Wagtail < 6.3.6 - Missing Authorization in Preview Endpoints
Feb 04, 2026
CVSS 2.7
EPSS 0.00
CVE-2026-25505
CRITICAL
bambuddy < 0.1.7 - Unauthenticated Use of Hard-coded Cryptographic Key
Feb 04, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-25481
CRITICAL
langroid < 0.59.32 - Remote Code Execution via Pandas Eval Bypass
Feb 04, 2026
CVSS 9.6
EPSS 0.00
CVE-2026-1312
MEDIUM
Django 4.2-4.2.27, 5.2-5.2.10, 6.0-6.0.1 - SQL Injection via QuerySet.order_by() with FilteredRelation
Feb 03, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-1287
MEDIUM
Django 4.2-4.2.27, 5.2-5.2.10, 6.0-6.0.1 - SQL Injection via FilteredRelation Column Aliases
Feb 03, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-1285
HIGH
Django 4.2-4.2.27, 5.2-5.2.10, 6.0-6.0.1 - Denial of Service via Unmatched HTML End Tags
Feb 03, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-1207
MEDIUM
NUCLEI
Django 4.2-4.2.27 5.2-5.2.10 6.0-6.0.1 - SQL Injection via RasterField Band Index Parameter
Feb 03, 2026
CVSS 5.4
EPSS 0.06
CVE-2026-22778
CRITICAL
vLLM 0.8.3-0.14.0 - Information Disclosure via Multimodal Endpoint Error Handling
Feb 02, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-1778
MEDIUM
Amazon SageMaker <v3.1.1,v2.256.0 - Info Disclosure
Feb 02, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-1777
HIGH
Amazon SageMaker Python SDK <v3.2.0,v2.256.0 - Info Disclosure
Feb 02, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-1703
LOW
pip < 26.0 - Path Traversal via Maliciously Crafted Wheel Archive
Feb 02, 2026
EPSS 0.00
CVE-2026-0599
HIGH
huggingface/text-generation-inference < 3.3.7 - Unauthenticated Resource Exhaustion via Markdown Image Link Fetching
Feb 02, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-1117
HIGH
parisneo/lollms < 2.0.0 - Unauthenticated Improper Access Control in Socket.IO Event Handlers
Feb 02, 2026
CVSS 8.2
EPSS 0.00
CVE-2026-25130
CRITICAL
CAI Framework <= 0.5.10 - Remote Code Execution via Argument Injection in find_file Tool
Jan 30, 2026
CVSS 9.6
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 111
Plone 96
open-webui 86
mlflow 70
apache-superset 67
salt 67
ansible 66
pillow 52
nova 48
gradio 46
rdiffweb 43
matrix-synapse 42
pyload-ng 41
vyper 39
vllm 38
keystone 36
moin 35
aiohttp 33
opencv-contrib-python 30
opencv-python 30
PraisonAI 27
pgadmin4 26
pypdf 24
glance 22
langflow 22
ethyca-fides 21
Quick Filters