pypi

4,986 tracked vulnerabilities.

CVE-2026-33236 HIGH
NLTK <=3.9.3 Downloader XML Index - Arbitrary File Overwrite
Mar 20, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-33231 HIGH
NLTK has unauthenticated remote shutdown in nltk.app.wordnet_app
Mar 20, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-33230 MEDIUM
nltk Vulnerable to Cross-site Scripting
Mar 20, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-33155 HIGH
DeepDiff has Memory Exhaustion DoS through SAFE_TO_IMPORT
Mar 20, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-33154 HIGH
dynaconf Affected by Remote Code Execution (RCE) via Insecure Template Evaluation in @jinja Resolver
Mar 20, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-33140 MEDIUM
PySpector: Stored XSS in PySpector HTML Report Generation leads to Javascript Code Execution
Mar 20, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-33139 HIGH
PySpector: Plugin Sandbox Bypass leads to Arbitrary Code Execution
Mar 20, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-33010 HIGH
mcp-memory-service's Wildcard CORS with Credentials Enables Cross-Origin Memory Theft
Mar 20, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-33125 HIGH
Frigate Broken Access Control: Users assigned the viewer role can delete admin and other low-privileged accounts
Mar 20, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-33123 MEDIUM
pypdf has inefficient decoding of array-based streams
Mar 20, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-33057 CRITICAL NUCLEI
Mesop Affected by Unauthenticated Remote Code Execution via Test Suite Route /exec-py
Mar 20, 2026
CVSS 9.8
EPSS 0.05
CVE-2026-33054 CRITICAL
Mesop: Path Traversal utilizing `FileStateSessionBackend` leads to Application Denial of Service and File Write/Deletion
Mar 20, 2026
CVSS 10.0
EPSS 0.01
CVE-2026-33053 HIGH
Langflow has Missing Ownership Verification in API Key Deletion (IDOR)
Mar 20, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-33017 CRITICAL KEVNUCLEI
Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint
Mar 20, 2026
CVSS 9.8
EPSS 0.98
CVE-2026-32889 MEDIUM
tinytag: Denial of Service via non-terminating SYLT frame parsing loop
Mar 20, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-32875 HIGH
UltraJSON 5.10-5.11.0 Indent Handling - Integer Overflow Denial of Service
Mar 20, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-32874 HIGH
UltraJSON 5.4.0-5.11.0 - Large Integer Memory Leak Denial of Service
Mar 20, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-32711 HIGH
pydicom: Path traversal in FileSet/DICOMDIR ReferencedFileID allows file access outside the File-set root
Mar 20, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-27953 HIGH
ormar <0.23.1 Model Constructor - Pydantic Validation Bypass
Mar 19, 2026
CVSS 7.1
EPSS 0.01
CVE-2026-3029 HIGH
PyMuPDF 1.26.5 - Path Traversal and Arbitrary File Write
Mar 19, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-32722 LOW
Memray-generated HTML reports vulnerable to Stored XSS via unescaped command-line metadata
Mar 18, 2026
CVSS 3.6
EPSS 0.00
CVE-2026-32634 HIGH
Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers
Mar 18, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-32633 CRITICAL
Glances's Browser API Exposes Reusable Downstream Credentials via `/api/4/serverslist`
Mar 18, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-32632 MEDIUM
Glances's REST/WebUI Lacks Host Validation and Remains Exposed to DNS Rebinding
Mar 18, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-32611 HIGH
Glances DuckDB Export - SQL Injection
Mar 18, 2026
CVSS 7.0
EPSS 0.00