pypi

4,708 tracked vulnerabilities.

CVE-2025-11157 HIGH
feast < 0.54.0 - Remote Code Execution via YAML Deserialization in Kubernetes Materializer
Jan 01, 2026
CVSS 7.8
EPSS 0.00
CVE-2025-34469 HIGH
Cowrie < 2.9.0 - Unauthenticated Server-Side Request Forgery via wget and curl Emulation
Dec 31, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-69277 MEDIUM
libsodium <ad3004e - Memory Corruption
Dec 31, 2025
CVSS 4.5
EPSS 0.00
CVE-2025-68131 HIGH
cbor2 3.0.0-5.7.9 - Information Exposure via Shared Reference Tag
Dec 31, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-67729 HIGH
LMDeploy < 0.11.1 - Remote Code Execution via Insecure PyTorch Model Deserialization
Dec 26, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-68664 CRITICAL
LangChain <0.3.81 and 1.2.5 - Code Injection
Dec 23, 2025
CVSS 9.3
EPSS 0.02
CVE-2025-14931 CRITICAL
Hugging Face smolagents - Deserialization
Dec 23, 2025
CVSS 10.0
EPSS 0.03
CVE-2025-65713 MEDIUM
Home Assistant Core <2025.8.0 - Path Traversal
Dec 23, 2025
CVSS 4.0
EPSS 0.00
CVE-2025-67743 MEDIUM
local-deep-research 1.3.0-1.3.8 - Server-Side Request Forgery via Download Service
Dec 23, 2025
CVSS 6.3
EPSS 0.00
CVE-2025-68480 MEDIUM
marshmallow 3.0.0rc1-3.26.1 and 4.0.0-4.1.1 - Denial of Service via Schema.load
Dec 22, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-68481 MEDIUM
fastapi-users < 15.0.2 - Login Cross-Site Request Forgery via OAuth State Token
Dec 19, 2025
CVSS 5.9
EPSS 0.00
CVE-2025-68478 HIGH
langflow < 1.7.0 - Arbitrary File Write via Unrestricted fs_path Parameter
Dec 19, 2025
CVSS 7.1
EPSS 0.00
CVE-2025-68477 HIGH
Langflow < 1.7.0 - Server-Side Request Forgery via API Request Component
Dec 19, 2025
CVSS 7.7
EPSS 0.00
CVE-2025-14882 LOW
pretix 2025.10.0 - Authorization Bypass via File UUID
Dec 19, 2025
EPSS 0.00
CVE-2025-14881 LOW
pretix 1.0.0-2025.10.0 - Authorization Bypass via File UUID Access
Dec 19, 2025
EPSS 0.00
CVE-2025-14546 MEDIUM
fastapi-sso < 0.19.0 - Cross-Site Request Forgery via OAuth State Parameter
Dec 19, 2025
CVSS 6.3
EPSS 0.00
CVE-2025-68398 CRITICAL
Weblate < 5.15.1 - Path Traversal via Git Configuration Overwrite
Dec 18, 2025
CVSS 9.1
EPSS 0.00
CVE-2025-68279 HIGH
Weblate < 5.15.1 - Path Traversal via Crafted Symbolic Links
Dec 18, 2025
CVSS 7.7
EPSS 0.00
CVE-2025-68463 MEDIUM
Biopython < 1.86 - XML External Entity Injection in Bio.Entrez
Dec 18, 2025
CVSS 4.9
EPSS 0.00
CVE-2025-68145 CRITICAL
mcp-server-git < 2025.12.17 - Path Traversal via Repository Path Validation Bypass
Dec 17, 2025
CVSS 9.1
EPSS 0.00
CVE-2025-68144 HIGH
mcp-server-git <2025.12.17 - Code Injection
Dec 17, 2025
CVSS 7.1
EPSS 0.00
CVE-2025-68143 HIGH
Model Context Protocol Servers < 2025.9.25 - Path Traversal via git_init Tool
Dec 17, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-53000 HIGH
jupyter/nbconvert <= 7.16.6 - Unauthenticated Remote Code Execution via SVG to PDF Conversion
Dec 17, 2025
CVSS 7.8
EPSS 0.00
CVE-2025-67895 CRITICAL
Apache Airflow Providers Edge3 < 2.0.0 - Remote Code Execution via Edge3 Worker RPC
Dec 17, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-68146 MEDIUM
filelock < 3.20.1 - Time-of-Check-Time-of-Use Race Condition via Symlink Attack
Dec 16, 2025
CVSS 6.3
EPSS 0.00
Products
tensorflow 427 tensorflow-gpu 421 tensorflow-cpu 417 Django 147 apache-airflow 111 Plone 96 open-webui 86 mlflow 70 apache-superset 67 salt 67 ansible 66 pillow 52 nova 48 gradio 46 rdiffweb 43 matrix-synapse 42 pyload-ng 41 vyper 39 vllm 38 keystone 36 moin 35 aiohttp 33 opencv-contrib-python 30 opencv-python 30 PraisonAI 27 pgadmin4 26 pypdf 24 glance 22 langflow 22 ethyca-fides 21
Quick Filters
Critical CVEs With Exploits In CISA KEV