pypi

4,986 tracked vulnerabilities.

CVE-2026-34222 HIGH
Open WebUI has Broken Access Control in Tool Valves
Apr 01, 2026
CVSS 7.7
EPSS 0.05
CVE-2026-27489 HIGH
ONNX: Path Traversal via Symlink
Apr 01, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-34452 MEDIUM
Claude SDK for Python: Memory Tool Path Validation Race Condition Allows Sandbox Escape
Mar 31, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-34450 MEDIUM
Claude SDK for Python: Insecure Default File Permissions in Local Filesystem Memory Tool
Mar 31, 2026
CVSS 4.4
EPSS 0.00
CVE-2026-34400 CRITICAL
alerta-server has potential SQL Injection vulnerability in Query String Syntax (q=) API
Mar 31, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-34203 LOW
Nautobot: Management of users via REST API does not apply configured password validators
Mar 31, 2026
CVSS 2.7
EPSS 0.00
CVE-2026-34231 MEDIUM
Slippers: Cross-Site Scripting (XSS) in `attrs` Template Tag
Mar 31, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-34172 HIGH
Giskard Agents have Server-side template injection via ChatWorkflow.chat() using non-sandboxed Jinja2 Environment
Mar 31, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-0596 HIGH
Command Injection in mlflow/mlflow
Mar 31, 2026
CVSS 7.8
EPSS 0.01
CVE-2026-34881 MEDIUM
OpenStack Glance <29.1.1, 30.x<30.1.1, 31.0.0 SSRF via Image Import URL Redirect
Mar 31, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-34073 MEDIUM
cryptography has incomplete DNS name constraint enforcement on peer names
Mar 31, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-34070 HIGH
LangChain Core has Path Traversal vulnerabilites in legacy `load_prompt` functions
Mar 31, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-32727 HIGH
SciTokens: Authorization Bypass via Path Traversal in Scope Validation
Mar 31, 2026
CVSS 8.1
EPSS 0.01
CVE-2026-32716 HIGH
SciTokens: Authorization Bypass via Incorrect Scope Path Prefix Checking
Mar 31, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-32714 CRITICAL
SciTokens vulnerable to SQL Injection in KeyCache
Mar 31, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-32794 MEDIUM
Apache Airflow Provider for Databricks: TLS Certificate Verification Disabled in Databricks Provider K8s Token Exchange
Mar 30, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-33992 MEDIUM
pyLoad: Server-Side Request Forgery via Download Link Submission Enables Cloud Metadata Exfiltration
Mar 27, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-33936 MEDIUM
python-ecdsa: Denial of Service via improper DER length validation in crafted private keys
Mar 27, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-33981 MEDIUM
Changedetection.io Discloses Environment Variables via jq env Builtin in Include Filters
Mar 27, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-33980 HIGH
Azure Data Explorer MCP Server <=0.1.1 - KQL Injection
Mar 27, 2026
CVSS 8.3
EPSS 0.00
CVE-2026-34046 HIGH
Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check
Mar 27, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-33873 CRITICAL
Langflow has Authenticated Code Execution in Agentic Assistant Validation
Mar 27, 2026
CVSS 9.9
EPSS 0.01
CVE-2026-33045 MEDIUM
Home Assistant has stored XSS in history-graphs
Mar 27, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-33044 MEDIUM
Home Assistant has stored XSS in Map-card through malicious device name
Mar 27, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-4963 MEDIUM
huggingface smolagents Incomplete Fix CVE-2025-9959 local_python_executor.py evaluate_with code injection
Mar 27, 2026
CVSS 6.3
EPSS 0.01