pypi
4,986 tracked vulnerabilities.
CVE-2026-21887
HIGH
OpenCTI < 6.8.16 - Server-Side Request Forgery via Data Ingestion URL
Mar 12, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-3989
HIGH
SGLangs replay_request_dump.py - Deserialization
Mar 12, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-3060
CRITICAL
SGLang < 0.5.10 - Unauthenticated Remote Code Execution via Pickle Deserialization
Mar 12, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-3059
CRITICAL
SGLang Multimodal Module - Deserialization
Mar 12, 2026
CVSS 9.8
EPSS 0.02
CVE-2026-32112
MEDIUM
ha-mcp < 7.0.0 - Stored Cross-Site Scripting via OAuth Consent Form
Mar 11, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-32111
MEDIUM
Home Assistant MCP Server < 7.0.0 - OAuth ha_url Server-Side Request Forgery
Mar 11, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-32109
LOW
Copyparty < 1.20.12 - Stored Cross-Site Scripting via .prologue.html File Upload
Mar 11, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-32108
MEDIUM
Copyparty < 1.20.12 - Unauthenticated File Access via FTP/SFTP Share Bypass
Mar 11, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-31958
HIGH
Tornado < 6.5.5 - Denial of Service via Multipart Form Data Parsing
Mar 11, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-31826
MEDIUM
pypdf < 6.8.0 - Denial of Service via Large /Length Value in Content Stream
Mar 10, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-31815
MEDIUM
django-unicorn <0.67.0 - Auth Bypass
Mar 10, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-26118
HIGH
Azure MCP Server - Authenticated Server-Side Request Forgery
Mar 10, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-25960
HIGH
vLLM 0.15.1-0.17.0 - Server-Side Request Forgery via URL Parsing Inconsistency
Mar 09, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-0846
HIGH
nltk < 3.9.3 - Arbitrary File Read via filestring() Function
Mar 09, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-25604
MEDIUM
apache-airflow-providers-amazon < 9.22.0 - Origin Validation Error in AWS Auth Manager
Mar 09, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-29787
MEDIUM
mcp-memory-service <10.21.0 - Info Disclosure
Mar 07, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-29780
MEDIUM
eml-parser < 2.0.1 - Path Traversal and Arbitrary File Write via Unsanitized Attachment Filename
Mar 07, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-29778
HIGH
pyLoad 0.5.0b3.dev13-0.5.0b3.dev96 - Path Traversal
Mar 07, 2026
CVSS 7.1
EPSS 0.01
CVE-2026-30244
HIGH
Plane < 1.2.2 - Unauthenticated Sensitive Information Disclosure via Django REST Framework Permission Misconfiguration
Mar 06, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-30242
HIGH
Plane < 1.2.3 - Authenticated Server-Side Request Forgery via Webhook URL Validation Bypass
Mar 06, 2026
CVSS 8.5
EPSS 0.00
CVE-2026-29065
CRITICAL
changedetection.io <0.54.4 - Path Traversal
Mar 06, 2026
CVSS 9.1
EPSS 0.01
CVE-2026-29039
HIGH
changedetection.io <0.54.4 - Info Disclosure
Mar 06, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-29038
MEDIUM
changedetection.io < 0.54.4 - Reflected Cross-Site Scripting via RSS Tag Endpoint
Mar 06, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-28804
MEDIUM
pypdf < 6.7.5 - Denial of Service via ASCIIHexDecode Filter
Mar 06, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-28802
CRITICAL
Authlib 1.6.5-1.6.6 - Improper Verification of Cryptographic Signature
Mar 06, 2026
CVSS 9.8
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 91
mlflow 76
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters