pypi
4,986 tracked vulnerabilities.
CVE-2026-33236
HIGH
NLTK <=3.9.3 Downloader XML Index - Arbitrary File Overwrite
Mar 20, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-33231
HIGH
NLTK has unauthenticated remote shutdown in nltk.app.wordnet_app
Mar 20, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-33230
MEDIUM
nltk Vulnerable to Cross-site Scripting
Mar 20, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-33155
HIGH
DeepDiff has Memory Exhaustion DoS through SAFE_TO_IMPORT
Mar 20, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-33154
HIGH
dynaconf Affected by Remote Code Execution (RCE) via Insecure Template Evaluation in @jinja Resolver
Mar 20, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-33140
MEDIUM
PySpector: Stored XSS in PySpector HTML Report Generation leads to Javascript Code Execution
Mar 20, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-33139
HIGH
PySpector: Plugin Sandbox Bypass leads to Arbitrary Code Execution
Mar 20, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-33010
HIGH
mcp-memory-service's Wildcard CORS with Credentials Enables Cross-Origin Memory Theft
Mar 20, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-33125
HIGH
Frigate Broken Access Control: Users assigned the viewer role can delete admin and other low-privileged accounts
Mar 20, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-33123
MEDIUM
pypdf has inefficient decoding of array-based streams
Mar 20, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-33057
CRITICAL
NUCLEI
Mesop Affected by Unauthenticated Remote Code Execution via Test Suite Route /exec-py
Mar 20, 2026
CVSS 9.8
EPSS 0.05
CVE-2026-33054
CRITICAL
Mesop: Path Traversal utilizing `FileStateSessionBackend` leads to Application Denial of Service and File Write/Deletion
Mar 20, 2026
CVSS 10.0
EPSS 0.01
CVE-2026-33053
HIGH
Langflow has Missing Ownership Verification in API Key Deletion (IDOR)
Mar 20, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-33017
CRITICAL
KEVNUCLEI
Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint
Mar 20, 2026
CVSS 9.8
EPSS 0.98
CVE-2026-32889
MEDIUM
tinytag: Denial of Service via non-terminating SYLT frame parsing loop
Mar 20, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-32875
HIGH
UltraJSON 5.10-5.11.0 Indent Handling - Integer Overflow Denial of Service
Mar 20, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-32874
HIGH
UltraJSON 5.4.0-5.11.0 - Large Integer Memory Leak Denial of Service
Mar 20, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-32711
HIGH
pydicom: Path traversal in FileSet/DICOMDIR ReferencedFileID allows file access outside the File-set root
Mar 20, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-27953
HIGH
ormar <0.23.1 Model Constructor - Pydantic Validation Bypass
Mar 19, 2026
CVSS 7.1
EPSS 0.01
CVE-2026-3029
HIGH
PyMuPDF 1.26.5 - Path Traversal and Arbitrary File Write
Mar 19, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-32722
LOW
Memray-generated HTML reports vulnerable to Stored XSS via unescaped command-line metadata
Mar 18, 2026
CVSS 3.6
EPSS 0.00
CVE-2026-32634
HIGH
Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers
Mar 18, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-32633
CRITICAL
Glances's Browser API Exposes Reusable Downstream Credentials via `/api/4/serverslist`
Mar 18, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-32632
MEDIUM
Glances's REST/WebUI Lacks Host Validation and Remains Exposed to DNS Rebinding
Mar 18, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-32611
HIGH
Glances DuckDB Export - SQL Injection
Mar 18, 2026
CVSS 7.0
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 91
mlflow 76
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters