pypi
4,986 tracked vulnerabilities.
CVE-2026-27835
MEDIUM
wger <= 2.4 - Unauthorized Data Access via RepetitionsConfigViewSet and MaxRepetitionsConfigViewSet
Feb 26, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-27457
MEDIUM
Weblate < 5.16.1 - Unauthorized Addon Information Exposure via REST API
Feb 26, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-27966
CRITICAL
Langflow < 1.8.0 - Remote Code Execution via CSV Agent Node
Feb 26, 2026
CVSS 9.8
EPSS 0.34
CVE-2026-27948
MEDIUM
Copyparty < 1.20.9 - Reflected Cross-Site Scripting via URL Parameter
Feb 26, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-27888
HIGH
pypdf < 6.7.3 - Denial of Service via XFA Property with FlateDecode Compression
Feb 26, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-27809
CRITICAL
psd-tools < 1.12.2 - Denial of Service via Malformed RLE-Compressed Image Data
Feb 26, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-27735
MEDIUM
mcp-server-git <2026.1.14 - Path Traversal
Feb 26, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-25736
MEDIUM
Rucio <35.8.3/<38.5.4/<39.3.1 - XSS
Feb 25, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-25735
MEDIUM
Rucio <35.8.3/<38.5.4/<39.3.1 - XSS
Feb 25, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-25734
MEDIUM
Rucio WebUI < 35.8.3 - Stored Cross-Site Scripting in RSE Metadata
Feb 25, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-25733
HIGH
Rucio <35.8.3, <38.5.4, <39.3.1 - XSS
Feb 25, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-25138
MEDIUM
Rucio <35.8.3/<38.5.4/<39.3.1 - Info Disclosure
Feb 25, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-25136
HIGH
Rucio < 35.8.3 - Reflected Cross-Site Scripting via WebUI ExceptionMessage
Feb 25, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-26717
MEDIUM
Richie < 3.3.0 - Observable Timing Discrepancy in HMAC Signature Verification
Feb 25, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-27695
MEDIUM
zae-limiter < 0.10.1 - Denial of Service via DynamoDB Partition Key Collision
Feb 25, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-27696
HIGH
changedetection.io < 0.54.1 - Server-Side Request Forgery via Watch URL Validation Bypass
Feb 25, 2026
CVSS 8.6
EPSS 0.00
CVE-2026-27645
MEDIUM
NUCLEI
changedetection.io < 0.54.1 - Reflected Cross-Site Scripting via RSS Single-Watch UUID Parameter
Feb 25, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-27641
CRITICAL
Flask-Reuploaded <1.5.0 - Path Traversal
Feb 25, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-27628
HIGH
pypdf < 6.7.2 - Denial of Service via Infinite Loop
Feb 25, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-27614
CRITICAL
Bugsink < 2.0.13 - Unauthenticated Stored Cross-Site Scripting via Pygments Line Handling
Feb 25, 2026
CVSS 9.3
EPSS 0.00
CVE-2026-27156
MEDIUM
NiceGUI < 3.8.0 - Cross-Site Scripting via Element Method Execution
Feb 24, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-27483
HIGH
NUCLEI
MindsDB < 25.9.1.1 - Authenticated Path Traversal and Remote Command Execution via /api/files Upload
Feb 24, 2026
CVSS 8.8
EPSS 0.11
CVE-2026-23984
MEDIUM
Apache Superset <6.0.0 - Auth Bypass
Feb 24, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-23983
MEDIUM
Apache Superset < 6.0.0 - Authenticated Sensitive Data Exposure via Tag Endpoint
Feb 24, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-23982
MEDIUM
Apache Superset <6.0.0 - Auth Bypass
Feb 24, 2026
CVSS 6.5
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 91
mlflow 76
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters