pypi
4,986 tracked vulnerabilities.
CVE-2026-32610
HIGH
Glances's Default CORS Configuration Allows Cross-Origin Credential Theft
Mar 18, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-32609
HIGH
Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials
Mar 18, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-32608
HIGH
Glances <4.5.2 Action Templates - Command Injection
Mar 18, 2026
CVSS 7.0
EPSS 0.00
CVE-2026-32596
HIGH
NUCLEI
Glances exposes the REST API without authentication
Mar 18, 2026
CVSS 7.5
EPSS 0.02
CVE-2026-30922
HIGH
pyasn1 Vulnerable to Denial of Service via Unbounded Recursion
Mar 18, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-28500
HIGH
ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack
Mar 18, 2026
CVSS 8.6
EPSS 0.00
CVE-2026-27459
CRITICAL
pyOpenSSL DTLS cookie callback buffer overflow
Mar 18, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-27448
MEDIUM
pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback
Mar 18, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-32981
HIGH
Ray Dashboard <= 2.8.0 Path Traversal Leading to Local File Disclosure
Mar 17, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-30911
HIGH
Apache Airflow: Execution API HITL Endpoints Missing Per-Task Authorization
Mar 17, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-28779
HIGH
Apache Airflow: Path of session token in cookie does not consider base_url - session hijacking via co-hosted applications
Mar 17, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-28563
MEDIUM
Apache Airflow: DAG authorization bypass
Mar 17, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-26929
MEDIUM
Apache Airflow: Wildcard DagVersion Listing Bypasses Per‑DAG RBAC and Leaks Metadata
Mar 17, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-4269
HIGH
Improper S3 ownership verification in Bedrock AgentCore Starter Toolkit
Mar 16, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-28498
HIGH
Authlib: Fail-Open Cryptographic Verification in OIDC Hash Binding
Mar 16, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-28490
MEDIUM
Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding Oracle
Mar 16, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-27962
CRITICAL
Authlib JWS JWK Header Injection: Signature Verification Bypass
Mar 16, 2026
CVSS 9.1
EPSS 0.01
CVE-2026-4270
MEDIUM
AWS API MCP Server 0.2.14-1.3.8 - File Access Restriction Bypass
Mar 16, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-4229
HIGH
vanna-ai vanna bigquery_vector.py remove_training_data sql injection
Mar 16, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-32640
CRITICAL
(SimpleEval) Objects (including modules) can leak dangerous modules through to direct access inside the sandbox.
Mar 16, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-32597
HIGH
PyJWT < 2.12.0 - Insufficient Verification of Data Authenticity via crit Header Parameter
Mar 13, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-31899
HIGH
CairoSVG < 2.9.0 - Denial of Service via Recursive <use> Element Amplification
Mar 13, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-32274
HIGH
Black < 26.3.1 - Path Traversal via --python-cell-magics Option
Mar 12, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-32247
HIGH
graphiti-core < 0.28.2 - Cypher Injection via SearchFilters.node_labels
Mar 12, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-32116
HIGH
Magic Wormhole 0.21.0-0.22.9 - Path Traversal
Mar 12, 2026
CVSS 8.1
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 91
mlflow 76
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters