pypi

4,986 tracked vulnerabilities.

CVE-2026-32610 HIGH
Glances's Default CORS Configuration Allows Cross-Origin Credential Theft
Mar 18, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-32609 HIGH
Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials
Mar 18, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-32608 HIGH
Glances <4.5.2 Action Templates - Command Injection
Mar 18, 2026
CVSS 7.0
EPSS 0.00
CVE-2026-32596 HIGH NUCLEI
Glances exposes the REST API without authentication
Mar 18, 2026
CVSS 7.5
EPSS 0.02
CVE-2026-30922 HIGH
pyasn1 Vulnerable to Denial of Service via Unbounded Recursion
Mar 18, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-28500 HIGH
ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack
Mar 18, 2026
CVSS 8.6
EPSS 0.00
CVE-2026-27459 CRITICAL
pyOpenSSL DTLS cookie callback buffer overflow
Mar 18, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-27448 MEDIUM
pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback
Mar 18, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-32981 HIGH
Ray Dashboard <= 2.8.0 Path Traversal Leading to Local File Disclosure
Mar 17, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-30911 HIGH
Apache Airflow: Execution API HITL Endpoints Missing Per-Task Authorization
Mar 17, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-28779 HIGH
Apache Airflow: Path of session token in cookie does not consider base_url - session hijacking via co-hosted applications
Mar 17, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-28563 MEDIUM
Apache Airflow: DAG authorization bypass
Mar 17, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-26929 MEDIUM
Apache Airflow: Wildcard DagVersion Listing Bypasses Per‑DAG RBAC and Leaks Metadata
Mar 17, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-4269 HIGH
Improper S3 ownership verification in Bedrock AgentCore Starter Toolkit
Mar 16, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-28498 HIGH
Authlib: Fail-Open Cryptographic Verification in OIDC Hash Binding
Mar 16, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-28490 MEDIUM
Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding Oracle
Mar 16, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-27962 CRITICAL
Authlib JWS JWK Header Injection: Signature Verification Bypass
Mar 16, 2026
CVSS 9.1
EPSS 0.01
CVE-2026-4270 MEDIUM
AWS API MCP Server 0.2.14-1.3.8 - File Access Restriction Bypass
Mar 16, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-4229 HIGH
vanna-ai vanna bigquery_vector.py remove_training_data sql injection
Mar 16, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-32640 CRITICAL
(SimpleEval) Objects (including modules) can leak dangerous modules through to direct access inside the sandbox.
Mar 16, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-32597 HIGH
PyJWT < 2.12.0 - Insufficient Verification of Data Authenticity via crit Header Parameter
Mar 13, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-31899 HIGH
CairoSVG < 2.9.0 - Denial of Service via Recursive <use> Element Amplification
Mar 13, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-32274 HIGH
Black < 26.3.1 - Path Traversal via --python-cell-magics Option
Mar 12, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-32247 HIGH
graphiti-core < 0.28.2 - Cypher Injection via SearchFilters.node_labels
Mar 12, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-32116 HIGH
Magic Wormhole 0.21.0-0.22.9 - Path Traversal
Mar 12, 2026
CVSS 8.1
EPSS 0.00