pypi

4,708 tracked vulnerabilities.

CVE-2025-66418 HIGH
urllib3 1.24-2.5.x - Denial of Service via Unbounded Decompression Chain
Dec 05, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-65958 HIGH
Open WebUI < 0.6.37 - Authenticated Server-Side Request Forgery
Dec 04, 2025
CVSS 8.5
EPSS 0.00
CVE-2025-63681 MEDIUM
open-webui <0.6.33 - Privilege Escalation
Dec 04, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-56427 HIGH
Composio 0.7.20 - Directory Traversal via _download_file_or_dir Function
Dec 04, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-14010 MEDIUM
community.general - Sensitive Credential Exposure via Verbose Debug Output
Dec 04, 2025
CVSS 5.5
EPSS 0.00
CVE-2025-66454 MEDIUM
arcade-mcp < 1.5.4 - Unauthenticated Authentication Bypass via Hardcoded Worker Secret
Dec 02, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-66416 HIGH
MCP Python SDK < 1.23.0 - DNS Rebinding Local Server Tool Invocation
Dec 02, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-65896 CRITICAL
long2ice asyncmy < 0.2.10 - SQL Injection via Crafted Dict Keys
Dec 02, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-64460 HIGH
Django 4.2-4.2.26 5.1-5.1.14 5.2a1-5.2.8 - Denial of Service via XML Deserializer
Dec 02, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-13372 MEDIUM
Django 4.2-4.2.26 5.1-5.1.14 5.2a1-5.2.8 - SQL Injection via FilteredRelation Column Aliases
Dec 02, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-65858 LOW
Calibre-Web 0.6.25 - Stored Cross-Site Scripting via Username Field
Dec 02, 2025
CVSS 3.5
EPSS 0.00
CVE-2025-66448 HIGH
vllm < 0.11.1 - Remote Code Execution via Nemotron_Nano_VL_Config Auto-Map Instantiation
Dec 01, 2025
CVSS 7.1
EPSS 0.00
CVE-2025-66424 MEDIUM
Tryton trytond <7.6.11 - Info Disclosure
Nov 30, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-66423 HIGH
Tryton trytond <6.0-7.6.11 - Info Disclosure
Nov 30, 2025
CVSS 7.1
EPSS 0.00
CVE-2025-66422 MEDIUM
Tryton trytond <7.6.11 - Info Disclosure
Nov 30, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-66221 MEDIUM
Werkzeug < 3.1.4 - Denial of Service via Windows Device Name Path Handling
Nov 29, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-66034 MEDIUM
fonttools 4.33.0-4.60.1 - Remote Code Execution via Malicious .designspace File Processing
Nov 29, 2025
CVSS 6.3
EPSS 0.00
CVE-2025-12638 HIGH
Keras < 3.12.0 - Path Traversal and Arbitrary File Write via tarfile.extractall()
Nov 28, 2025
CVSS 8.0
EPSS 0.00
CVE-2025-66371 MEDIUM
Peppol-py < 1.1.1 - XML External Entity Injection via Saxon Configuration
Nov 28, 2025
CVSS 5.0
EPSS 0.00
CVE-2025-66040 LOW
Spotipy < 2.25.2 - Cross-Site Scripting via OAuth Error Parameter
Nov 27, 2025
CVSS 3.6
EPSS 0.00
CVE-2025-62593 CRITICAL
Ray < 2.52.0 - Remote Code Execution via DNS Rebinding and User-Agent Spoofing
Nov 26, 2025
EPSS 0.00
CVE-2025-65681 LOW
Overhang.IO <20.0.2 - Info Disclosure
Nov 26, 2025
CVSS 3.3
EPSS 0.00
CVE-2025-66019 MEDIUM
pypdf < 6.4.0 - Uncontrolled Resource Consumption via LZWDecode Filter
Nov 26, 2025
EPSS 0.00
CVE-2025-62703 HIGH
Fugue < 0.9.1 - Remote Code Execution via Pickle Deserialization
Nov 25, 2025
CVSS 8.8
EPSS 0.01
CVE-2025-13609 HIGH
Keylime < 7.13.0 - Agent Identity Overwrite via Duplicate UUID Registration
Nov 24, 2025
CVSS 8.2
EPSS 0.00
Products
tensorflow 427 tensorflow-gpu 421 tensorflow-cpu 417 Django 147 apache-airflow 111 Plone 96 open-webui 86 mlflow 70 apache-superset 67 salt 67 ansible 66 pillow 52 nova 48 gradio 46 rdiffweb 43 matrix-synapse 42 pyload-ng 41 vyper 39 vllm 38 keystone 36 moin 35 aiohttp 33 opencv-contrib-python 30 opencv-python 30 PraisonAI 27 pgadmin4 26 pypdf 24 glance 22 langflow 22 ethyca-fides 21
Quick Filters
Critical CVEs With Exploits In CISA KEV