pypi

4,986 tracked vulnerabilities.

CVE-2026-28795 CRITICAL
OpenChatBI < 0.2.2 - Path Traversal via File Format Parameter
Mar 06, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-28438 CRITICAL
CocoIndex < 0.3.34 - SQL Injection via Doris Target Connector Table Name
Mar 06, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-28681 HIGH
IRRd 4.4.0-4.4.4/4.5.0 - Open Redirect
Mar 06, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-28413 MEDIUM
Products.isurlinportal <4.0.0 - Open Redirect
Mar 05, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-28277 MEDIUM
LangGraph SQLite Checkpoint <=1.0.9 - Deserialization
Mar 05, 2026
CVSS 6.8
EPSS 0.05
CVE-2026-25048 HIGH
xgrammar <0.1.32 - Memory Corruption
Mar 05, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-27982 MEDIUM
django-allauth <65.14.1 - Open Redirect
Mar 05, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-0847 HIGH
nltk <= 3.9.2 - Path Traversal in CorpusReader Classes
Mar 04, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-27932 HIGH
joserfc < 1.6.3 - Unauthenticated Denial of Service via PBES2 Count Parameter
Mar 03, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-27905 HIGH
BentoML < 1.4.36 - Arbitrary File Write via Symlink Target Bypass
Mar 03, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-27622 HIGH
OpenEXR < 3.2.6 - Out-of-bounds Write in CompositeDeepScanLine::readPixels
Mar 03, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-28518 HIGH
OpenViking <=0.2.1 - Path Traversal
Mar 03, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-25674 LOW
Django 6.0-6.0.2,5.2-5.2.11,4.2-4.2.28 - Privilege Escalation
Mar 03, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-25673 HIGH
Django 6.0-6.0.2/5.2-5.2.11/4.2-4.2.28 - DoS
Mar 03, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-2256 MEDIUM
ModelScope ms-agent <v1.6.0rc1 - Command Injection
Mar 02, 2026
CVSS 6.5
EPSS 0.02
CVE-2026-3408 MEDIUM
Open Babel <=3.1.1 - Memory Corruption
Mar 02, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-28416 HIGH
Gradio < 6.6.0 - Server-Side Request Forgery via Malicious Space Proxy URL
Feb 27, 2026
CVSS 8.2
EPSS 0.00
CVE-2026-28415 MEDIUM
Gradio < 6.6.0 - Open Redirect via Unvalidated _target_url Parameter
Feb 27, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-28414 HIGH NUCLEI
Gradio < 6.7.0 - Unauthenticated Absolute Path Traversal via Root-Relative Path Handling
Feb 27, 2026
CVSS 7.5
EPSS 0.03
CVE-2026-27167 NONE
Gradio 4.16.0-6.5.9 - Unauthenticated Hardcoded Credential Exposure via OAuth Mock Route
Feb 27, 2026
EPSS 0.00
CVE-2026-28352 MEDIUM
Indico < 3.3.11 - Unauthenticated Critical Function Access via Event Series API Endpoint
Feb 27, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-28351 MEDIUM
pypdf < 6.7.4 - Uncontrolled Resource Consumption via RunLengthDecode Filter
Feb 27, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-28370 CRITICAL
OpenStack Vitrage <12.0.1,13.0.0,14.0.0,15.0.0 - Code Injection
Feb 27, 2026
CVSS 9.1
EPSS 0.01
CVE-2026-27839 MEDIUM
wger <= 2.4 - Authenticated Authorization Bypass via Nutritional Values Endpoint
Feb 26, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-27838 LOW
wger < 2.4 - Authorization Bypass via Routine Detail Cache Key
Feb 26, 2026
CVSS 3.1
EPSS 0.00