pypi

4,986 tracked vulnerabilities.

CVE-2026-2704 MEDIUM
Open Babel <=3.1.1 - Memory Corruption
Feb 19, 2026
CVSS 4.3
EPSS 0.01
CVE-2026-24126 MEDIUM
Weblate <5.16.0 - Command Injection
Feb 19, 2026
CVSS 6.6
EPSS 0.00
CVE-2026-24708 HIGH
OpenStack Nova <30.2.2 - Memory Corruption
Feb 18, 2026
CVSS 8.2
EPSS 0.00
CVE-2026-2654 MEDIUM
huggingface smolagents 1.24.0 - SSRF
Feb 18, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-25087 HIGH
Apache Arrow C++ 15.0.0-23.0.0 - Use After Free
Feb 17, 2026
CVSS 7.0
EPSS 0.01
CVE-2026-2415 MEDIUM
pretix 2026.1.0-2026.1.1 & 4.16.0-2026.1.1 - Info Disclosure & Dynamic Variable Evaluation via Email Templates
Feb 16, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-2531 MEDIUM
MindsDB < 25.14.1 - Server-Side Request Forgery via File Upload clear_filename Function
Feb 16, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-26217 HIGH
Crawl4AI < 0.8.0 - Unauthenticated Local File Inclusion via Docker API Endpoints
Feb 12, 2026
CVSS 8.6
EPSS 0.01
CVE-2026-26216 CRITICAL
Crawl4AI < 0.8.0 - Unauthenticated Remote Code Execution via Docker API Hooks Parameter
Feb 12, 2026
CVSS 10.0
EPSS 0.02
CVE-2026-1669 HIGH
Keras 3.0.0-3.13.1 - Arbitrary File Read via HDF5 External Dataset References
Feb 11, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-25990 HIGH
Pillow 10.3.0-12.1.0 - Out-of-bounds Write via Crafted PSD Image
Feb 11, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-26013 LOW
langchain-core < 1.2.11 - Server-Side Request Forgery via ChatOpenAI Image URL
Feb 10, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-26007 MEDIUM
cryptography < 46.0.5 - Insufficient Verification of Data Authenticity in Public Key Functions
Feb 10, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-25577 HIGH
emmett-core < 1.3.11 - Unauthenticated Denial of Service via Malformed Cookie Header
Feb 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-21531 CRITICAL
Azure Conversation Authoring Client Library - Remote Code Execution via Untrusted Data Deserialization
Feb 10, 2026
CVSS 9.8
EPSS 0.02
CVE-2026-25528 MEDIUM
LangSmith SDK - Server-Side Request Forgery via Baggage Header Injection
Feb 09, 2026
CVSS 5.8
EPSS 0.00
CVE-2026-25480 MEDIUM
Litestar < 2.20.0 - Unauthenticated Cache Poisoning via FileStore Key Collision
Feb 09, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-25479 MEDIUM
Litestar < 2.20.0 - Host Validation Bypass via Regex Metacharacter Injection
Feb 09, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-25478 HIGH
Litestar < 2.20.0 - Permissive Cross-domain Security Policy via Unescaped Regex Metacharacters
Feb 09, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-24098 MEDIUM
Apache Airflow <3.1.7 - Info Disclosure
Feb 09, 2026
CVSS 6.5
EPSS 0.01
CVE-2026-22922 MEDIUM
Apache Airflow <3.1.6 - Info Disclosure
Feb 09, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-25905 MEDIUM
mcp-run-python - Improper Isolation via Pyodide API Access
Feb 09, 2026
CVSS 5.8
EPSS 0.00
CVE-2026-25904 MEDIUM
mcp-run-python - Server-Side Request Forgery via Deno Sandbox Configuration
Feb 09, 2026
CVSS 5.8
EPSS 0.00
CVE-2026-25732 HIGH
NiceGUI < 3.7.0 - Path Traversal via FileUpload.name Property
Feb 06, 2026
CVSS 7.5
EPSS 0.03
CVE-2026-25516 MEDIUM
NiceGUI < 3.7.0 - Stored Cross-Site Scripting via ui.markdown() Component
Feb 06, 2026
CVSS 6.1
EPSS 0.00