pypi

4,707 tracked vulnerabilities.

CVE-2025-64340 MEDIUM
FastMCP <3.2.0 Gemini CLI Install - Command Injection
Apr 03, 2026
CVSS 6.7
EPSS 0.00
CVE-2025-15379 CRITICAL
Command Injection in mlflow/mlflow
Mar 30, 2026
CVSS 9.8
EPSS 0.00
CVE-2025-15036 CRITICAL
Path Traversal Vulnerability in mlflow/mlflow
Mar 30, 2026
CVSS 10.0
EPSS 0.00
CVE-2025-15381 HIGH
Unauthorized Access to Tracing and Assessment Endpoints in mlflow/mlflow
Mar 27, 2026
CVSS 7.1
EPSS 0.00
CVE-2025-70887 HIGH
Signify <0.9.2 - Privilege Escalation
Mar 25, 2026
CVSS 8.8
EPSS 0.00
CVE-2025-15031 HIGH
Path Traversal Vulnerability in mlflow/mlflow
Mar 18, 2026
CVSS 8.1
EPSS 0.00
CVE-2025-69196 MEDIUM
FastMCP OAuth Proxy token reuse across MCP servers
Mar 16, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-14287 HIGH
mlflow/mlflow <3.7.0 - Command Injection
Mar 16, 2026
CVSS 8.8
EPSS 0.00
CVE-2025-69219 HIGH
apache-airflow-providers-http < 6.0.0 - Authenticated Remote Code Execution via Crafted Database Entry
Mar 09, 2026
CVSS 8.8
EPSS 0.00
CVE-2025-45691 HIGH
RAGAS 0.2.3-0.2.14 - Path Traversal
Mar 05, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-69534 HIGH
Python-Markdown < 3.8.1 - Unauthenticated Denial of Service via Malformed HTML-like Sequence
Mar 05, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-27555 MEDIUM
Apache Airflow < 2.11.1 - Authenticated Sensitive Information Exposure in Audit Logs
Feb 24, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-65995 MEDIUM
Airflow <3.1.4/2.11.1 - Info Disclosure
Feb 21, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-14009 CRITICAL
nltk < 3.9.3 - Remote Code Execution via Malicious Zip Package Extraction
Feb 18, 2026
CVSS 10.0
EPSS 0.01
CVE-2025-33253 HIGH
NVIDIA NeMo Framework <=2.6.1 - Malicious File Deserialization Remote Code Execution
Feb 18, 2026
CVSS 7.8
EPSS 0.00
CVE-2025-33245 HIGH
NVIDIA NeMo Framework <=2.6.1 - Malicious Data Deserialization Remote Code Execution
Feb 18, 2026
CVSS 8.0
EPSS 0.00
CVE-2025-69872 CRITICAL
DiskCache <= 5.6.3 - Remote Code Execution via Pickle Deserialization
Feb 11, 2026
CVSS 9.8
EPSS 0.00
CVE-2025-64712 CRITICAL
unstructured < 0.18.18 - Path Traversal and Arbitrary File Write via MSG Attachment Processing
Feb 04, 2026
CVSS 9.8
EPSS 0.00
CVE-2025-70560 HIGH
Boltz 2.0.0 - Remote Code Execution via Insecure Pickle Deserialization
Feb 03, 2026
CVSS 8.4
EPSS 0.00
CVE-2025-70559 MEDIUM
pdfminer.six < 20251230 - Remote Code Execution via Insecure CMap Cache Deserialization
Feb 03, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-14550 HIGH
Django 4.2-4.2.27, 5.2-5.2.10, 6.0-6.0.1 - Denial of Service via Duplicate ASGI Headers
Feb 03, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-13473 MEDIUM
Django <6.0.2-4.2.28 - Info Disclosure
Feb 03, 2026
CVSS 5.3
EPSS 0.00
CVE-2025-69207 MEDIUM
khoj < 2.0.0-beta.23 - Unauthenticated IDOR via Notion OAuth Callback State Parameter
Feb 02, 2026
CVSS 5.4
EPSS 0.00
CVE-2025-6208 MEDIUM
Llama Index <0.12.23 - Memory Corruption
Feb 02, 2026
CVSS 5.3
EPSS 0.00
CVE-2025-10279 HIGH
mlflow < 3.4.0 - Arbitrary Code Execution via Insecure Temporary Directory Permissions
Feb 02, 2026
CVSS 7.0
EPSS 0.00
Products
tensorflow 427 tensorflow-gpu 421 tensorflow-cpu 417 Django 147 apache-airflow 111 Plone 96 open-webui 86 mlflow 70 apache-superset 67 salt 67 ansible 66 pillow 52 nova 48 gradio 46 rdiffweb 43 matrix-synapse 42 pyload-ng 41 vyper 39 vllm 38 keystone 36 moin 35 aiohttp 33 opencv-contrib-python 30 opencv-python 30 PraisonAI 27 pgadmin4 26 pypdf 24 glance 22 langflow 22 ethyca-fides 21
Quick Filters
Critical CVEs With Exploits In CISA KEV