pypi
4,707 tracked vulnerabilities.
CVE-2026-25211
LOW
llama-stack < 0.4.0rc3 - Sensitive Information Exposure in Initialization Log
Jan 30, 2026
CVSS 3.2
EPSS 0.00
CVE-2026-24780
HIGH
AutoGPT Platform < 0.6.44 - Authenticated Remote Code Execution via Disabled BlockInstallationBlock
Jan 29, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-24779
HIGH
vllm < 0.14.1 - Server-Side Request Forgery via MediaConnector URL Host Parsing Bypass
Jan 27, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-24747
HIGH
PyTorch < 2.10.0 - Remote Code Execution via Malicious Checkpoint File
Jan 27, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-24688
MEDIUM
pypdf < 6.6.2 - Denial of Service via Infinite Loop in Outline Processing
Jan 27, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-23892
MEDIUM
OctoPrint <1.11.5 - Info Disclosure
Jan 27, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-1213
MEDIUM
askbot <= 0.12.2 - Authenticated Profile Picture Modification
Jan 27, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-24490
HIGH
Mobile Security Framework < 4.4.5 - Stored Cross-Site Scripting via Android Manifest Host Attribute
Jan 27, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-24489
MEDIUM
Gakido < 0.1.1 - HTTP Header Injection via CRLF Sequence
Jan 27, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-24486
HIGH
Python-Multipart <0.0.22 - Path Traversal
Jan 27, 2026
CVSS 8.6
EPSS 0.01
CVE-2026-24408
NONE
sigstore-python < 4.2.0 - Cross-Site Request Forgery in OAuth Authentication Flow
Jan 26, 2026
EPSS 0.00
CVE-2026-24123
HIGH
BentoML < 1.4.34 - Path Traversal via bentofile.yaml Configuration Fields
Jan 26, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-22696
CRITICAL
dcap-qvl < 0.3.9 - Improper Certificate Validation in QE Identity Collateral
Jan 26, 2026
EPSS 0.00
CVE-2026-0994
HIGH
Protobuf - Denial of Service via Recursion Depth Bypass in Any Message Parsing
Jan 23, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-0770
CRITICAL
NUCLEI
Langflow validate exec_globals - Unauthenticated Root Code Execution
Jan 23, 2026
CVSS 9.8
EPSS 0.12
CVE-2026-24130
MEDIUM
Moonraker < 0.10.0 - LDAP Injection via Login Endpoint
Jan 22, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-1260
HIGH
Sentencepiece < 0.2.1 - Memory Corruption via Vulnerable Model File
Jan 22, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-24009
HIGH
docling-core 2.21.0-2.48.4 - Remote Code Execution via PyYAML Deserialization
Jan 22, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-24049
HIGH
wheel 0.40.0-0.46.1 - Arbitrary File Permission Modification via Malicious Wheel Archive
Jan 22, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-23946
MEDIUM
Tendenci <15.3.11 - Authenticated RCE
Jan 22, 2026
CVSS 6.8
EPSS 0.01
CVE-2026-23996
LOW
FastAPI Api Key <1.1.0 - Info Disclosure
Jan 21, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-23986
HIGH
copier < 9.11.2 - Arbitrary File Write via Symlink Following with _preserve_symlinks
Jan 21, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-23968
MEDIUM
copier < 9.11.2 - Arbitrary File Access via Symlink Following
Jan 21, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-22807
HIGH
vllm 0.10.1-0.13.0 - Remote Code Execution via Hugging Face auto_map Dynamic Module Loading
Jan 21, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-23949
HIGH
jaraco.context <6.1.0 - Path Traversal
Jan 20, 2026
CVSS 8.6
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 111
Plone 96
open-webui 86
mlflow 70
apache-superset 67
salt 67
ansible 66
pillow 52
nova 48
gradio 46
rdiffweb 43
matrix-synapse 42
pyload-ng 41
vyper 39
vllm 38
keystone 36
moin 35
aiohttp 33
opencv-contrib-python 30
opencv-python 30
PraisonAI 27
pgadmin4 26
pypdf 24
glance 22
langflow 22
ethyca-fides 21
Quick Filters