pypi
4,707 tracked vulnerabilities.
CVE-2025-69662
HIGH
geopandas < 1.1.2 - SQL Injection via to_postgis() Function
Jan 30, 2026
CVSS 8.6
EPSS 0.00
CVE-2025-62349
MEDIUM
Salt 3006.12-3006.16 and 3007.4-3007.8 - Authentication Bypass via Protocol Downgrade
Jan 30, 2026
CVSS 6.2
EPSS 0.00
CVE-2025-62348
HIGH
Salt < 3006.17, 3006.0-3006.16, 3007.0-3007.8 - Remote Code Execution via Unsafe YAML Decode in junos Execution Module
Jan 30, 2026
CVSS 7.8
EPSS 0.00
CVE-2025-11687
MEDIUM
gi-docgen < 2025.5 - Cross-Site Scripting via q GET Parameter
Jan 26, 2026
CVSS 6.1
EPSS 0.00
CVE-2025-67221
HIGH
orjson < 3.11.4 - Denial of Service via Deeply Nested JSON Documents
Jan 22, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-71176
MEDIUM
pytest < 9.0.3 - Denial of Service via Insecure Temporary Directory Permissions
Jan 22, 2026
CVSS 6.8
EPSS 0.00
CVE-2025-68616
HIGH
WeasyPrint < 68.0 - Server-Side Request Forgery via HTTP Redirect Bypass
Jan 19, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-68675
HIGH
Apache Airflow <3.1.6 - Info Disclosure
Jan 16, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-68438
HIGH
Apache Airflow 3.1.0-3.1.5 - Exposure of Sensitive Information in Rendered Templates UI
Jan 16, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-68492
MEDIUM
Chainlit < 2.8.5 - Authorization Bypass via User-Controlled Key
Jan 14, 2026
CVSS 4.2
EPSS 0.00
CVE-2025-68472
HIGH
MindsDB < 25.11.1 - Unauthenticated Path Traversal and Arbitrary File Read via File Upload API
Jan 12, 2026
CVSS 8.1
EPSS 0.00
CVE-2025-14279
HIGH
MLFlow <= 3.4.0 - DNS Rebinding Attack via Missing Origin Header Validation
Jan 12, 2026
CVSS 8.1
EPSS 0.00
CVE-2025-15506
LOW
OpenColorIO < 2.5.1 - Out-of-Bounds Read in ConvertToRegularExpression
Jan 11, 2026
CVSS 3.3
EPSS 0.00
CVE-2025-15504
LOW
LIEF < 0.17.2 - Null Pointer Dereference in ELF Binary Parser
Jan 10, 2026
CVSS 3.3
EPSS 0.00
CVE-2025-68158
MEDIUM
Authlib 1.0.0-1.6.5 - Cross-Site Request Forgery via Cache-Backed State Storage
Jan 08, 2026
CVSS 5.7
EPSS 0.00
CVE-2025-15346
CRITICAL
wolfssl-py <= 5.8.2 - Improper Authentication via Missing WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT Flag
Jan 08, 2026
EPSS 0.00
CVE-2025-61492
CRITICAL
Terminal-Controller-MCP 0.1.7 - Command Injection
Jan 07, 2026
CVSS 10.0
EPSS 0.01
CVE-2025-69230
MEDIUM
aiohttp < 3.13.3 - Logging of Excessive Data via Cookie Header
Jan 06, 2026
CVSS 5.3
EPSS 0.00
CVE-2025-69229
MEDIUM
aiohttp < 3.13.3 - Denial of Service via Chunked Message Handling
Jan 06, 2026
CVSS 5.3
EPSS 0.00
CVE-2025-69228
HIGH
aiohttp < 3.13.3 - Denial of Service via Request.post() Memory Exhaustion
Jan 06, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-69227
HIGH
aiohttp < 3.13.3 - Denial of Service via POST Body Processing
Jan 06, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-69225
MEDIUM
aiohttp < 3.13.3 - HTTP Request Smuggling via Range Header
Jan 06, 2026
CVSS 5.3
EPSS 0.00
CVE-2025-69226
MEDIUM
aiohttp < 3.13.3 - Path Traversal in Static File Path Normalization
Jan 05, 2026
CVSS 5.3
EPSS 0.00
CVE-2025-69224
MEDIUM
aiohttp < 3.13.3 - HTTP Request Smuggling via Non-ASCII Character Bypass
Jan 05, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-69223
HIGH
aiohttp < 3.13.3 - Denial of Service via Zip Bomb Decompression
Jan 05, 2026
CVSS 7.5
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 111
Plone 96
open-webui 86
mlflow 70
apache-superset 67
salt 67
ansible 66
pillow 52
nova 48
gradio 46
rdiffweb 43
matrix-synapse 42
pyload-ng 41
vyper 39
vllm 38
keystone 36
moin 35
aiohttp 33
opencv-contrib-python 30
opencv-python 30
PraisonAI 27
pgadmin4 26
pypdf 24
glance 22
langflow 22
ethyca-fides 21
Quick Filters