pypi
4,979 tracked vulnerabilities.
CVE-2026-45106
MEDIUM
Weblate: Stored HTML injection in editor search preview
Jun 10, 2026
CVSS 4.6
EPSS 0.00
CVE-2026-46497
LOW
SSRF via sitemap-derived URLs in Crawlee for Python
Jun 10, 2026
EPSS 0.00
CVE-2026-46517
HIGH
LMDeploy: Hardcoded trust_remote_code=True is an implicit unsafe remote-code load path with no user opt-out
Jun 10, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-46432
HIGH
LMDeploy: Arbitrary code execution via hardcoded trust_remote_code=True in lmdeploy model initialization
Jun 10, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-44716
HIGH
Pipecat: Path Traversal in Pipecat Runner `/files` Endpoint — Arbitrary File Read via `%2F`-Encoded Separator
Jun 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-46374
HIGH
SQLFluff: Uncontrolled Resource Consumption in Parser
Jun 09, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-46373
HIGH
SQLFluff: Recursive Stack Overflow in Parser
Jun 09, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-44541
HIGH
Fides fides.js - DOM-Based Cross-Site Scripting via fides_description
Jun 08, 2026
EPSS 0.00
CVE-2026-46486
MEDIUM
Mobile Verification Toolkit (MVT): Path Traversal via unsanitized File identifiers in iOS Backup processing
Jun 08, 2026
EPSS 0.00
CVE-2026-45409
MEDIUM
Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix
Jun 05, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-45758
CRITICAL
Malicious code in guardrails-ai 0.10.1 (supply chain compromise)
Jun 05, 2026
CVSS 9.6
EPSS 0.00
CVE-2026-47707
MEDIUM
Strawberry GraphQL's Bypass of MaxAliasesLimiter via Fragment Spreads leading to GraphQL Alias Amplification
Jun 04, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-47706
MEDIUM
Strawberry GraphQL 0.71.0-0.315.6 Fragments - Denial of Service
Jun 04, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-45739
LOW
Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs
Jun 04, 2026
CVSS 3.1
EPSS 0.00
CVE-2026-6657
HIGH
CORS Origin Validation Bypass in jupyter-server
Jun 03, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-7666
LOW
Potential unencrypted email transmission via STARTTLS in the SMTP backend
Jun 03, 2026
CVSS 3.1
EPSS 0.00
CVE-2026-5241
CRITICAL
Policy Bypass in LightGlue Nested Config Resolution in huggingface/transformers
Jun 03, 2026
CVSS 9.6
EPSS 0.01
CVE-2026-44546
LOW
Header injection via WebSocket upgrade parser differential allows ASGI scope header spoofing
Jun 03, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-44545
MEDIUM
Unbounded WebSocket message and frame sizes can cause unauthenticated remote denial of service
Jun 03, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-4035
HIGH
MLflow < 3.11.0 - AI Gateway Secret Environment Variable Disclosure
Jun 03, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-10692
MEDIUM
johnhuang316 code-index-mcp search_code_advanced is_safe_regex_pattern redos
Jun 03, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-47265
HIGH
AIOHTTP vulnerable to cross-origin redirect with per-request cookies
Jun 02, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-34993
MEDIUM
AIOHTTP Vulnerable to Deserialization of Untrusted Data
Jun 02, 2026
CVSS 6.4
EPSS 0.00
CVE-2026-47117
CRITICAL
OpenMed < 1.5.2 Remote Code Execution via PII Model Loading
Jun 02, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-45554
MEDIUM
NiceGUI: Unauthenticated log-flood DoS via trailing slash on ESM and per-component resource routes
Jun 02, 2026
CVSS 5.3
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 91
mlflow 76
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 47
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters