pypi

4,707 tracked vulnerabilities.

CVE-2026-22608 HIGH
fickling < 0.1.7 - Remote Code Execution via Unblocked ctypes and pydoc Modules
Jan 10, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-22607 HIGH
fickling <= 0.1.6 - Incomplete List of Disallowed Inputs in cProfile Module Handling
Jan 10, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-22606 HIGH
fickling < 0.1.7 - Incomplete List of Disallowed Inputs in runpy Module Handling
Jan 10, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-22584 CRITICAL
Salesforce Uni2TS <= 1.2.0 - Code Injection via Executable Code in Non-Executable Files
Jan 09, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-21860 MEDIUM
Werkzeug < 3.1.5 - Path Traversal via Windows Device Name Bypass
Jan 08, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-22041 MEDIUM
Logging Redactor <0.0.6 - Type Error
Jan 08, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-21892 MEDIUM
Parsl < 2026.01.05 - Unauthenticated SQL Injection via Workflow ID Parameter
Jan 08, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-21874 MEDIUM
NiceGUI 2.10.0-3.4.1 - Unauthenticated Resource Exhaustion via Redis Connection Leak
Jan 08, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-21873 HIGH
NiceGUI 2.22.0-3.4.1 - Cross-Site Scripting via Pushstate Event Listener
Jan 08, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-21872 MEDIUM
NiceGUI 2.22.0-3.4.1 - Stored Cross-Site Scripting via Sub-Page Click Event Listener
Jan 08, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-21871 MEDIUM
NiceGUI 2.13.0-3.4.1 - Cross-Site Scripting via History API Navigation Helpers
Jan 08, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-21883 MEDIUM
Bokeh < 3.8.2 - WebSocket Hijacking via Flawed Origin Validation
Jan 08, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-21851 MEDIUM
MONAI <= 1.5.1 - Path Traversal via _download_from_ngc_private() Zip Slip
Jan 07, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-21441 HIGH
urllib3 1.22-2.6.2 - Denial of Service via HTTP Redirect Response Decompression
Jan 07, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-21439 MEDIUM
badkeys < 0.0.16 - Terminal Output Injection via ANSI Escape Sequences
Jan 06, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-21445 CRITICAL NUCLEI
Langflow < 1.7.1 - Unauthenticated Sensitive Data Exposure and Destructive Operations via API Endpoints
Jan 02, 2026
CVSS 9.1
EPSS 0.12
CVE-2025-55449 HIGH
AstrBotDevs AstrBot 3.5.15 - Auth Bypass
May 08, 2026
CVSS 7.3
EPSS 0.00
CVE-2025-61669 MEDIUM
jupyter_server next parameter open redirect can redirect users to external domains
May 05, 2026
CVSS 6.1
EPSS 0.00
CVE-2025-67796 HIGH
IKUS Rdiffweb <2.10.5 - Privilege Escalation
May 04, 2026
CVSS 8.1
EPSS 0.00
CVE-2025-13030 HIGH
django-mdeditor < 0.1.20 - Unauthenticated Arbitrary File Upload and Remote Code Execution via Image Upload Endpoint
Apr 30, 2026
CVSS 7.1
EPSS 0.00
CVE-2025-62373 CRITICAL
Pipecat vulnerable to Remote Code Execution by Pickle Deserialization via LivekitFrameSerializer
Apr 23, 2026
CVSS 9.8
EPSS 0.01
CVE-2025-66335 MEDIUM
Apache Doris MCP Server: MCP SQL inject
Apr 20, 2026
CVSS 5.3
EPSS 0.00
CVE-2025-54550 HIGH
Apache Airflow: RCE by race condition in example_xcom dag
Apr 15, 2026
CVSS 8.1
EPSS 0.00
CVE-2025-66236 HIGH
Apache Airflow: Secrets from Airflow config file logged in plain text in DAG run logs UI
Apr 13, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-57735 CRITICAL
Apache Airflow: Airflow Logout Not Invalidating JWT
Apr 09, 2026
CVSS 9.1
EPSS 0.00
Products
tensorflow 427 tensorflow-gpu 421 tensorflow-cpu 417 Django 147 apache-airflow 111 Plone 96 open-webui 86 mlflow 70 apache-superset 67 salt 67 ansible 66 pillow 52 nova 48 gradio 46 rdiffweb 43 matrix-synapse 42 pyload-ng 41 vyper 39 vllm 38 keystone 36 moin 35 aiohttp 33 opencv-contrib-python 30 opencv-python 30 PraisonAI 27 pgadmin4 26 pypdf 24 glance 22 langflow 22 ethyca-fides 21
Quick Filters
Critical CVEs With Exploits In CISA KEV