pypi

4,708 tracked vulnerabilities.

CVE-2025-68142 MEDIUM
PyMdown Extensions < 10.16.1 - Denial of Service via Figure Caption Extension ReDOS
Dec 16, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-68113 MEDIUM
ALTCHA Libraries - Cryptographic Semantic Binding Flaw via HMAC Signature Reinterpretation
Dec 16, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-67748 HIGH
fickling < 0.1.6 - Unsafe Pickle Misclassification via pty Module Import Bypass
Dec 16, 2025
CVSS 7.8
EPSS 0.00
CVE-2025-67747 HIGH
fickling < 0.1.6 - Arbitrary Code Execution via Marshal and Types Module Bypass
Dec 16, 2025
CVSS 7.8
EPSS 0.00
CVE-2025-67715 MEDIUM
Weblate < 5.15 - Unauthenticated User Information Disclosure via API
Dec 16, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-67492 MEDIUM
Weblate < 5.15 - Unauthenticated Repository Update Trigger via Webhook Payload
Dec 16, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-66407 MEDIUM
Weblate < 5.15 - Server-Side Request Forgery via Mercurial Repository URL
Dec 16, 2025
CVSS 5.0
EPSS 0.00
CVE-2025-64725 CRITICAL
Weblate < 5.15 - Incorrect User Management via Invitation Acceptance
Dec 15, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-65431 MEDIUM
allauth < 65.13.0 - Improper Authentication via Mutable preferred_username Identifier
Dec 15, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-65430 MEDIUM
allauth < 65.13.0 - Insufficient Session Expiration
Dec 15, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-66388 MEDIUM
Apache Airflow <3.1.4 - Info Disclosure
Dec 15, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-14692 MEDIUM
Mayan EDMS < 4.10.2 - Open Redirect via Authentication Endpoint
Dec 15, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-14691 MEDIUM
Mayan EDMS < 4.10.2 - Cross-Site Scripting in Authentication Endpoint
Dec 14, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-14542 HIGH
utcp < 1.1.0 - Trust Boundary Violation via Remote Manual Endpoint
Dec 13, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-13780 CRITICAL
pgAdmin < 9.10 - Remote Code Execution via PLAIN-Format Dump File Restore
Dec 11, 2025
CVSS 9.1
EPSS 0.00
CVE-2025-67720 MEDIUM
Pyrofork < 2.3.69 - Path Traversal via Telegram Media Filename
Dec 11, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-67644 HIGH
langgraph-checkpoint-sqlite < 3.0.1 - SQL Injection via Metadata Filter Key Interpolation
Dec 11, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-67511 CRITICAL
CAI Framework <= 0.5.9 - Command Injection via run_ssh_command_with_credentials
Dec 11, 2025
CVSS 9.6
EPSS 0.00
CVE-2025-67485 MEDIUM
mad-proxy <= 0.3 - Protection Mechanism Failure
Dec 10, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-67502 MEDIUM
Taguette < 1.5.2 - Open Redirect via Unvalidated Next Parameter
Dec 10, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-66645 HIGH
NiceGUI < 3.4.0 - Path Traversal via App.add_media_files()
Dec 09, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-66470 MEDIUM
NiceGUI < 3.4.0 - Stored Cross-Site Scripting via Interactive Image SVG ForeignObject Tag
Dec 09, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-66469 MEDIUM
NiceGUI < 3.4.0 - Reflected Cross-Site Scripting via CSS/SCSS/SASS Injection
Dec 09, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-34291 HIGH KEVNUCLEI
Langflow <= 1.6.9 - Account Takeover and Remote Code Execution via CORS Misconfiguration
Dec 05, 2025
CVSS 8.8
EPSS 0.30
CVE-2025-66471 HIGH
urllib3 1.0-2.5.9 - Denial of Service via Highly Compressed Data Handling
Dec 05, 2025
CVSS 7.5
EPSS 0.00
Products
tensorflow 427 tensorflow-gpu 421 tensorflow-cpu 417 Django 147 apache-airflow 111 Plone 96 open-webui 86 mlflow 70 apache-superset 67 salt 67 ansible 66 pillow 52 nova 48 gradio 46 rdiffweb 43 matrix-synapse 42 pyload-ng 41 vyper 39 vllm 38 keystone 36 moin 35 aiohttp 33 opencv-contrib-python 30 opencv-python 30 PraisonAI 27 pgadmin4 26 pypdf 24 glance 22 langflow 22 ethyca-fides 21
Quick Filters
Critical CVEs With Exploits In CISA KEV