pypi

4,979 tracked vulnerabilities.

CVE-2026-45106 MEDIUM
Weblate: Stored HTML injection in editor search preview
Jun 10, 2026
CVSS 4.6
EPSS 0.00
CVE-2026-46497 LOW
SSRF via sitemap-derived URLs in Crawlee for Python
Jun 10, 2026
EPSS 0.00
CVE-2026-46517 HIGH
LMDeploy: Hardcoded trust_remote_code=True is an implicit unsafe remote-code load path with no user opt-out
Jun 10, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-46432 HIGH
LMDeploy: Arbitrary code execution via hardcoded trust_remote_code=True in lmdeploy model initialization
Jun 10, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-44716 HIGH
Pipecat: Path Traversal in Pipecat Runner `/files` Endpoint — Arbitrary File Read via `%2F`-Encoded Separator
Jun 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-46374 HIGH
SQLFluff: Uncontrolled Resource Consumption in Parser
Jun 09, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-46373 HIGH
SQLFluff: Recursive Stack Overflow in Parser
Jun 09, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-44541 HIGH
Fides fides.js - DOM-Based Cross-Site Scripting via fides_description
Jun 08, 2026
EPSS 0.00
CVE-2026-46486 MEDIUM
Mobile Verification Toolkit (MVT): Path Traversal via unsanitized File identifiers in iOS Backup processing
Jun 08, 2026
EPSS 0.00
CVE-2026-45409 MEDIUM
Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix
Jun 05, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-45758 CRITICAL
Malicious code in guardrails-ai 0.10.1 (supply chain compromise)
Jun 05, 2026
CVSS 9.6
EPSS 0.00
CVE-2026-47707 MEDIUM
Strawberry GraphQL's Bypass of MaxAliasesLimiter via Fragment Spreads leading to GraphQL Alias Amplification
Jun 04, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-47706 MEDIUM
Strawberry GraphQL 0.71.0-0.315.6 Fragments - Denial of Service
Jun 04, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-45739 LOW
Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs
Jun 04, 2026
CVSS 3.1
EPSS 0.00
CVE-2026-6657 HIGH
CORS Origin Validation Bypass in jupyter-server
Jun 03, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-7666 LOW
Potential unencrypted email transmission via STARTTLS in the SMTP backend
Jun 03, 2026
CVSS 3.1
EPSS 0.00
CVE-2026-5241 CRITICAL
Policy Bypass in LightGlue Nested Config Resolution in huggingface/transformers
Jun 03, 2026
CVSS 9.6
EPSS 0.01
CVE-2026-44546 LOW
Header injection via WebSocket upgrade parser differential allows ASGI scope header spoofing
Jun 03, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-44545 MEDIUM
Unbounded WebSocket message and frame sizes can cause unauthenticated remote denial of service
Jun 03, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-4035 HIGH
MLflow < 3.11.0 - AI Gateway Secret Environment Variable Disclosure
Jun 03, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-10692 MEDIUM
johnhuang316 code-index-mcp search_code_advanced is_safe_regex_pattern redos
Jun 03, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-47265 HIGH
AIOHTTP vulnerable to cross-origin redirect with per-request cookies
Jun 02, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-34993 MEDIUM
AIOHTTP Vulnerable to Deserialization of Untrusted Data
Jun 02, 2026
CVSS 6.4
EPSS 0.00
CVE-2026-47117 CRITICAL
OpenMed < 1.5.2 Remote Code Execution via PII Model Loading
Jun 02, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-45554 MEDIUM
NiceGUI: Unauthenticated log-flood DoS via trailing slash on ESM and per-component resource routes
Jun 02, 2026
CVSS 5.3
EPSS 0.00