pypi
4,986 tracked vulnerabilities.
CVE-2026-33744
HIGH
BentoML has Dockerfile Command Injection via system_packages in bentofile.yaml
Mar 27, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-33718
HIGH
OpenHands is Vulnerable to Command Injection through its Git Diff Handler
Mar 27, 2026
CVSS 7.6
EPSS 0.02
CVE-2026-33699
HIGH
pypdf: Possible infinite loop during recovery attempts in DictionaryObject.read_from_stream
Mar 27, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-29071
LOW
Open WebUI's Insecure Direct Object Reference (IDOR) allows access to other users' memories
Mar 27, 2026
CVSS 3.1
EPSS 0.00
CVE-2026-29070
MEDIUM
Open WebUI has unauthorized deletion of knowledge files
Mar 27, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-28788
HIGH
Open WebUI's process_files_batch() endpoint missing ownership check, allows unauthorized file overwrite
Mar 27, 2026
CVSS 7.1
EPSS 0.03
CVE-2026-28786
MEDIUM
Open WebUI vulnerable to Path Traversal in `POST /api/v1/audio/transcriptions`
Mar 27, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-27893
HIGH
vLLM's hardcoded trust_remote_code=True in NemotronVL and KimiK25 bypasses user security opt-out
Mar 27, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-33682
MEDIUM
Streamlit on Windows has Unauthenticated SSRF Vulnerability (NTLM Credential Exposure)
Mar 26, 2026
CVSS 4.7
EPSS 0.00
CVE-2026-33545
MEDIUM
MobSF has SQL Injection in its SQLite Database Viewer Utils
Mar 26, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-33430
HIGH
Briefcase: Windows MSI Installer Privilege Escalation via Insecure Directory Permissions
Mar 26, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-27602
HIGH
Modoboa <2.7.1 Domain Names - Authenticated OS Command Injection
Mar 25, 2026
CVSS 7.2
EPSS 0.01
CVE-2026-25645
MEDIUM
Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function
Mar 25, 2026
CVSS 4.4
EPSS 0.00
CVE-2026-24159
HIGH
NVIDIA NeMo Framework < 2.6.2 - Remote Code Execution via Untrusted Data Deserialization
Mar 24, 2026
CVSS 7.8
EPSS 0.01
CVE-2026-24157
HIGH
NVIDIA NeMo Framework < 2.6.2 - Remote Code Execution via Checkpoint Loading
Mar 24, 2026
CVSS 7.8
EPSS 0.01
CVE-2026-33509
HIGH
pyload-ng: SETTINGS Permission Users Can Achieve Remote Code Execution via Unrestricted Reconnect Script Configuration
Mar 24, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-33332
HIGH
NiceGUI's unvalidated chunk size parameter in media routes can cause memory exhaustion
Mar 24, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-33314
MEDIUM
pyload-ng: Improper Authentication and Origin Validation Error
Mar 24, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-33497
HIGH
Langflow: /profile_pictures/{folder_name}/{file_name} endpoint file reading
Mar 24, 2026
CVSS 7.5
EPSS 0.08
CVE-2026-33484
HIGH
Langflow has Unauthenticated IDOR on Image Downloads
Mar 24, 2026
CVSS 7.5
EPSS 0.06
CVE-2026-33310
HIGH
Intake <2.0.9 Parameter Defaults - Command Injection
Mar 24, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-33309
CRITICAL
Langflow 1.2.0-1.8.1 v2 File Upload - Arbitrary File Write
Mar 24, 2026
CVSS 9.9
EPSS 0.01
CVE-2026-33046
HIGH
Indico < 3.3.12 - Remote Code Execution via LaTeX Sanitizer Bypass
Mar 23, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-26209
HIGH
cbor2 < 5.9.0 - Denial of Service via Deeply Nested CBOR Structures
Mar 23, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-4539
LOW
pygments archetype.py AdlLexer redos
Mar 22, 2026
CVSS 3.3
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 91
mlflow 76
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters