pypi
4,986 tracked vulnerabilities.
CVE-2026-23980
MEDIUM
Apache Superset <6.0.0 - SQL Injection
Feb 24, 2026
CVSS 6.5
EPSS 0.01
CVE-2026-23969
MEDIUM
Apache Superset <4.1.2 - SQL Injection
Feb 24, 2026
CVSS 6.5
EPSS 0.01
CVE-2026-26981
MEDIUM
OpenEXR 3.3.0-3.3.6/3.4.0-3.4.4 - Memory Corruption
Feb 24, 2026
CVSS 6.5
EPSS 0.01
CVE-2026-26331
HIGH
yt-dlp 2023.06.21-2026.02.21 - Command Injection
Feb 24, 2026
CVSS 8.8
EPSS 0.02
CVE-2026-26198
CRITICAL
Ormar 0.9.9-0.22.0 - SQL Injection via Unsanitized Column Names in Aggregate Queries
Feb 24, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-2970
MEDIUM
datapizza-ai 0.0.2 - Deserialization
Feb 23, 2026
CVSS 4.6
EPSS 0.01
CVE-2026-2969
MEDIUM
datapizza-ai 0.0.2 - Code Injection
Feb 23, 2026
CVSS 4.7
EPSS 0.01
CVE-2026-27482
MEDIUM
Ray < 2.54.0 - Unauthenticated Job Deletion via Dashboard DELETE Endpoint
Feb 21, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-27469
MEDIUM
Isso < 0.13.2 - Stored Cross-Site Scripting via Website and Author Comment Fields
Feb 21, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-27205
MEDIUM
Flask < 3.1.3 - Use of Cache Containing Sensitive Information via Session Access
Feb 21, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-27199
MEDIUM
Werkzeug < 3.1.6 - Denial of Service via Windows Device Name Path Handling
Feb 21, 2026
CVSS 5.3
EPSS 0.01
CVE-2026-27197
CRITICAL
Sentry 21.12.0-26.1.0 - Auth Bypass
Feb 21, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-27194
CRITICAL
D-Tale < 3.20.0 save-column-filter - Remote Code Execution
Feb 21, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-2635
HIGH
MLflow - Unauthenticated Authentication Bypass via Default Credentials in basic_auth.ini
Feb 20, 2026
CVSS 7.3
EPSS 0.01
CVE-2026-2033
HIGH
MLflow Tracking Server - Path Traversal RCE
Feb 20, 2026
CVSS 7.3
EPSS 0.02
CVE-2026-27026
MEDIUM
pypdf < 6.7.1 - Denial of Service via Malformed FlateDecode Stream
Feb 20, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-27025
MEDIUM
pypdf < 6.7.1 - Denial of Service via Malicious /ToUnicode Font Entry
Feb 20, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-27024
MEDIUM
pypdf < 6.7.1 - Denial of Service via Infinite Loop in TreeObject Children Access
Feb 20, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-2472
HIGH
Google Cloud Vertex AI SDK 1.98.0-1.131.0 - XSS
Feb 20, 2026
CVSS 8.1
EPSS 0.01
CVE-2026-26193
HIGH
Open WebUI < 0.6.44 - Stored Cross-Site Scripting via Chat History Embeds Property
Feb 19, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-26192
HIGH
Open WebUI < 0.7.0 - Stored Cross-Site Scripting via Document Metadata HTML Property
Feb 19, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-26030
CRITICAL
Microsoft Semantic Kernel <1.39.4 - RCE
Feb 19, 2026
CVSS 9.9
EPSS 0.03
CVE-2026-25739
MEDIUM
Indico < 3.3.10 - Stored Cross-Site Scripting via Material File Upload
Feb 19, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-25738
MEDIUM
Indico < 3.3.10 - Server-Side Request Forgery via User-Provided URL
Feb 19, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-2705
MEDIUM
Open Babel <=3.1.1 - Memory Corruption
Feb 19, 2026
CVSS 4.3
EPSS 0.01
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 91
mlflow 76
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters