pypi

4,986 tracked vulnerabilities.

CVE-2026-27835 MEDIUM
wger <= 2.4 - Unauthorized Data Access via RepetitionsConfigViewSet and MaxRepetitionsConfigViewSet
Feb 26, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-27457 MEDIUM
Weblate < 5.16.1 - Unauthorized Addon Information Exposure via REST API
Feb 26, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-27966 CRITICAL
Langflow < 1.8.0 - Remote Code Execution via CSV Agent Node
Feb 26, 2026
CVSS 9.8
EPSS 0.34
CVE-2026-27948 MEDIUM
Copyparty < 1.20.9 - Reflected Cross-Site Scripting via URL Parameter
Feb 26, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-27888 HIGH
pypdf < 6.7.3 - Denial of Service via XFA Property with FlateDecode Compression
Feb 26, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-27809 CRITICAL
psd-tools < 1.12.2 - Denial of Service via Malformed RLE-Compressed Image Data
Feb 26, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-27735 MEDIUM
mcp-server-git <2026.1.14 - Path Traversal
Feb 26, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-25736 MEDIUM
Rucio <35.8.3/<38.5.4/<39.3.1 - XSS
Feb 25, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-25735 MEDIUM
Rucio <35.8.3/<38.5.4/<39.3.1 - XSS
Feb 25, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-25734 MEDIUM
Rucio WebUI < 35.8.3 - Stored Cross-Site Scripting in RSE Metadata
Feb 25, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-25733 HIGH
Rucio <35.8.3, <38.5.4, <39.3.1 - XSS
Feb 25, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-25138 MEDIUM
Rucio <35.8.3/<38.5.4/<39.3.1 - Info Disclosure
Feb 25, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-25136 HIGH
Rucio < 35.8.3 - Reflected Cross-Site Scripting via WebUI ExceptionMessage
Feb 25, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-26717 MEDIUM
Richie < 3.3.0 - Observable Timing Discrepancy in HMAC Signature Verification
Feb 25, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-27695 MEDIUM
zae-limiter < 0.10.1 - Denial of Service via DynamoDB Partition Key Collision
Feb 25, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-27696 HIGH
changedetection.io < 0.54.1 - Server-Side Request Forgery via Watch URL Validation Bypass
Feb 25, 2026
CVSS 8.6
EPSS 0.00
CVE-2026-27645 MEDIUM NUCLEI
changedetection.io < 0.54.1 - Reflected Cross-Site Scripting via RSS Single-Watch UUID Parameter
Feb 25, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-27641 CRITICAL
Flask-Reuploaded <1.5.0 - Path Traversal
Feb 25, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-27628 HIGH
pypdf < 6.7.2 - Denial of Service via Infinite Loop
Feb 25, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-27614 CRITICAL
Bugsink < 2.0.13 - Unauthenticated Stored Cross-Site Scripting via Pygments Line Handling
Feb 25, 2026
CVSS 9.3
EPSS 0.00
CVE-2026-27156 MEDIUM
NiceGUI < 3.8.0 - Cross-Site Scripting via Element Method Execution
Feb 24, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-27483 HIGH NUCLEI
MindsDB < 25.9.1.1 - Authenticated Path Traversal and Remote Command Execution via /api/files Upload
Feb 24, 2026
CVSS 8.8
EPSS 0.11
CVE-2026-23984 MEDIUM
Apache Superset <6.0.0 - Auth Bypass
Feb 24, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-23983 MEDIUM
Apache Superset < 6.0.0 - Authenticated Sensitive Data Exposure via Tag Endpoint
Feb 24, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-23982 MEDIUM
Apache Superset <6.0.0 - Auth Bypass
Feb 24, 2026
CVSS 6.5
EPSS 0.00