pypi
4,986 tracked vulnerabilities.
CVE-2026-34222
HIGH
Open WebUI has Broken Access Control in Tool Valves
Apr 01, 2026
CVSS 7.7
EPSS 0.05
CVE-2026-27489
HIGH
ONNX: Path Traversal via Symlink
Apr 01, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-34452
MEDIUM
Claude SDK for Python: Memory Tool Path Validation Race Condition Allows Sandbox Escape
Mar 31, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-34450
MEDIUM
Claude SDK for Python: Insecure Default File Permissions in Local Filesystem Memory Tool
Mar 31, 2026
CVSS 4.4
EPSS 0.00
CVE-2026-34400
CRITICAL
alerta-server has potential SQL Injection vulnerability in Query String Syntax (q=) API
Mar 31, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-34203
LOW
Nautobot: Management of users via REST API does not apply configured password validators
Mar 31, 2026
CVSS 2.7
EPSS 0.00
CVE-2026-34231
MEDIUM
Slippers: Cross-Site Scripting (XSS) in `attrs` Template Tag
Mar 31, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-34172
HIGH
Giskard Agents have Server-side template injection via ChatWorkflow.chat() using non-sandboxed Jinja2 Environment
Mar 31, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-0596
HIGH
Command Injection in mlflow/mlflow
Mar 31, 2026
CVSS 7.8
EPSS 0.01
CVE-2026-34881
MEDIUM
OpenStack Glance <29.1.1, 30.x<30.1.1, 31.0.0 SSRF via Image Import URL Redirect
Mar 31, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-34073
MEDIUM
cryptography has incomplete DNS name constraint enforcement on peer names
Mar 31, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-34070
HIGH
LangChain Core has Path Traversal vulnerabilites in legacy `load_prompt` functions
Mar 31, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-32727
HIGH
SciTokens: Authorization Bypass via Path Traversal in Scope Validation
Mar 31, 2026
CVSS 8.1
EPSS 0.01
CVE-2026-32716
HIGH
SciTokens: Authorization Bypass via Incorrect Scope Path Prefix Checking
Mar 31, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-32714
CRITICAL
SciTokens vulnerable to SQL Injection in KeyCache
Mar 31, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-32794
MEDIUM
Apache Airflow Provider for Databricks: TLS Certificate Verification Disabled in Databricks Provider K8s Token Exchange
Mar 30, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-33992
MEDIUM
pyLoad: Server-Side Request Forgery via Download Link Submission Enables Cloud Metadata Exfiltration
Mar 27, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-33936
MEDIUM
python-ecdsa: Denial of Service via improper DER length validation in crafted private keys
Mar 27, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-33981
MEDIUM
Changedetection.io Discloses Environment Variables via jq env Builtin in Include Filters
Mar 27, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-33980
HIGH
Azure Data Explorer MCP Server <=0.1.1 - KQL Injection
Mar 27, 2026
CVSS 8.3
EPSS 0.00
CVE-2026-34046
HIGH
Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check
Mar 27, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-33873
CRITICAL
Langflow has Authenticated Code Execution in Agentic Assistant Validation
Mar 27, 2026
CVSS 9.9
EPSS 0.01
CVE-2026-33045
MEDIUM
Home Assistant has stored XSS in history-graphs
Mar 27, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-33044
MEDIUM
Home Assistant has stored XSS in Map-card through malicious device name
Mar 27, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-4963
MEDIUM
huggingface smolagents Incomplete Fix CVE-2025-9959 local_python_executor.py evaluate_with code injection
Mar 27, 2026
CVSS 6.3
EPSS 0.01
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 91
mlflow 76
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters