pypi

4,707 tracked vulnerabilities.

CVE-2026-22219 HIGH
chainlit < 2.9.4 - Authenticated Server-Side Request Forgery via Project Element Update
Jan 20, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-23877 MEDIUM
Swing Music <2.1.4 - Path Traversal
Jan 19, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-23842 HIGH
ChatterBot < 1.2.11 - Denial of Service via SQLAlchemy Connection Pool Exhaustion
Jan 19, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-23833 HIGH
ESPHome 2025.9.0-2025.12.6 - Unauthenticated Denial of Service via API Protobuf Decoder Integer Overflow
Jan 19, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-23535 HIGH
wlc < 1.17.2 - Path Traversal via Multi-Translation Download
Jan 16, 2026
CVSS 8.0
EPSS 0.00
CVE-2026-23490 HIGH
pyasn1 < 0.6.2 - Denial of Service via Malformed RELATIVE-OID
Jan 16, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-23528 MEDIUM
Dask distributed < 2026.1.0 - Cross-Site Scripting via Jupyter Lab Dashboard Proxy
Jan 16, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-0897 HIGH
Keras 3.0.0-3.13.0 - Denial of Service via HDF5 Weight Loading
Jan 15, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-22779 MEDIUM
BlackSheep < 2.4.6 - HTTP Request/Response Splitting via CRLF Injection
Jan 14, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-21889 HIGH
Weblate < 5.15.2 - Unauthenticated Screenshot Access via Direct HTTP Request
Jan 14, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-22871 CRITICAL
GuardDog < 2.7.1 - Path Traversal and Arbitrary File Overwrite via safe_extract()
Jan 13, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-22870 HIGH
datadoghq/guarddog < 2.7.1 - Denial of Service via ZIP Bomb Extraction
Jan 13, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-21226 HIGH
Azure Core Shared Client Library for Python < 1.38.0 - Remote Code Execution via Untrusted Data Deserialization
Jan 13, 2026
CVSS 7.5
EPSS 0.03
CVE-2026-22798 MEDIUM
hermes 0.8.1-<0.9.1 - Sensitive Information Disclosure in Log Files via -O Argument
Jan 12, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-22251 MEDIUM
wlc < 1.17.0 - Exposure of Sensitive Information via Unscoped API Key
Jan 12, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-22250 LOW
wlc < 1.17.0 - Improper Certificate Validation
Jan 12, 2026
CVSS 2.5
EPSS 0.00
CVE-2026-22033 MEDIUM
Label Studio < 1.22.0 - Stored Cross-Site Scripting via Custom Hotkeys
Jan 12, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-22777 HIGH
ComfyUI-Manager <3.39.2, <4.0.5 - Code Injection
Jan 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-22773 MEDIUM
vLLM 0.6.4-0.11.9 - Denial of Service via Malformed 1x1 Pixel Image
Jan 10, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-22702 MEDIUM
virtualenv < 20.36.1 - Symlink Race Condition via Directory Creation
Jan 10, 2026
CVSS 4.5
EPSS 0.00
CVE-2026-22701 MEDIUM
filelock < 3.20.3 - TOCTOU Race Condition in SoftFileLock _acquire Method
Jan 10, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-22691 MEDIUM
pypdf < 6.6.0 - Denial of Service via Malformed startxref Processing
Jan 10, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-22690 MEDIUM
pypdf < 6.6.0 - Uncontrolled Resource Consumption via Missing /Root Object
Jan 10, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-22612 HIGH
fickling < 0.1.7 - Detection Bypass via Builtins Blindness
Jan 10, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-22609 HIGH
fickling < 0.1.7 - Incomplete List of Disallowed Inputs in unsafe_imports()
Jan 10, 2026
CVSS 7.8
EPSS 0.00
Products
tensorflow 427 tensorflow-gpu 421 tensorflow-cpu 417 Django 147 apache-airflow 111 Plone 96 open-webui 86 mlflow 70 apache-superset 67 salt 67 ansible 66 pillow 52 nova 48 gradio 46 rdiffweb 43 matrix-synapse 42 pyload-ng 41 vyper 39 vllm 38 keystone 36 moin 35 aiohttp 33 opencv-contrib-python 30 opencv-python 30 PraisonAI 27 pgadmin4 26 pypdf 24 glance 22 langflow 22 ethyca-fides 21
Quick Filters
Critical CVEs With Exploits In CISA KEV