pypi

4,986 tracked vulnerabilities.

CVE-2026-21887 HIGH
OpenCTI < 6.8.16 - Server-Side Request Forgery via Data Ingestion URL
Mar 12, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-3989 HIGH
SGLangs replay_request_dump.py - Deserialization
Mar 12, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-3060 CRITICAL
SGLang < 0.5.10 - Unauthenticated Remote Code Execution via Pickle Deserialization
Mar 12, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-3059 CRITICAL
SGLang Multimodal Module - Deserialization
Mar 12, 2026
CVSS 9.8
EPSS 0.02
CVE-2026-32112 MEDIUM
ha-mcp < 7.0.0 - Stored Cross-Site Scripting via OAuth Consent Form
Mar 11, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-32111 MEDIUM
Home Assistant MCP Server < 7.0.0 - OAuth ha_url Server-Side Request Forgery
Mar 11, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-32109 LOW
Copyparty < 1.20.12 - Stored Cross-Site Scripting via .prologue.html File Upload
Mar 11, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-32108 MEDIUM
Copyparty < 1.20.12 - Unauthenticated File Access via FTP/SFTP Share Bypass
Mar 11, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-31958 HIGH
Tornado < 6.5.5 - Denial of Service via Multipart Form Data Parsing
Mar 11, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-31826 MEDIUM
pypdf < 6.8.0 - Denial of Service via Large /Length Value in Content Stream
Mar 10, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-31815 MEDIUM
django-unicorn <0.67.0 - Auth Bypass
Mar 10, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-26118 HIGH
Azure MCP Server - Authenticated Server-Side Request Forgery
Mar 10, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-25960 HIGH
vLLM 0.15.1-0.17.0 - Server-Side Request Forgery via URL Parsing Inconsistency
Mar 09, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-0846 HIGH
nltk < 3.9.3 - Arbitrary File Read via filestring() Function
Mar 09, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-25604 MEDIUM
apache-airflow-providers-amazon < 9.22.0 - Origin Validation Error in AWS Auth Manager
Mar 09, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-29787 MEDIUM
mcp-memory-service <10.21.0 - Info Disclosure
Mar 07, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-29780 MEDIUM
eml-parser < 2.0.1 - Path Traversal and Arbitrary File Write via Unsanitized Attachment Filename
Mar 07, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-29778 HIGH
pyLoad 0.5.0b3.dev13-0.5.0b3.dev96 - Path Traversal
Mar 07, 2026
CVSS 7.1
EPSS 0.01
CVE-2026-30244 HIGH
Plane < 1.2.2 - Unauthenticated Sensitive Information Disclosure via Django REST Framework Permission Misconfiguration
Mar 06, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-30242 HIGH
Plane < 1.2.3 - Authenticated Server-Side Request Forgery via Webhook URL Validation Bypass
Mar 06, 2026
CVSS 8.5
EPSS 0.00
CVE-2026-29065 CRITICAL
changedetection.io <0.54.4 - Path Traversal
Mar 06, 2026
CVSS 9.1
EPSS 0.01
CVE-2026-29039 HIGH
changedetection.io <0.54.4 - Info Disclosure
Mar 06, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-29038 MEDIUM
changedetection.io < 0.54.4 - Reflected Cross-Site Scripting via RSS Tag Endpoint
Mar 06, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-28804 MEDIUM
pypdf < 6.7.5 - Denial of Service via ASCIIHexDecode Filter
Mar 06, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-28802 CRITICAL
Authlib 1.6.5-1.6.6 - Improper Verification of Cryptographic Signature
Mar 06, 2026
CVSS 9.8
EPSS 0.00