pypi
4,986 tracked vulnerabilities.
CVE-2026-2704
MEDIUM
Open Babel <=3.1.1 - Memory Corruption
Feb 19, 2026
CVSS 4.3
EPSS 0.01
CVE-2026-24126
MEDIUM
Weblate <5.16.0 - Command Injection
Feb 19, 2026
CVSS 6.6
EPSS 0.00
CVE-2026-24708
HIGH
OpenStack Nova <30.2.2 - Memory Corruption
Feb 18, 2026
CVSS 8.2
EPSS 0.00
CVE-2026-2654
MEDIUM
huggingface smolagents 1.24.0 - SSRF
Feb 18, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-25087
HIGH
Apache Arrow C++ 15.0.0-23.0.0 - Use After Free
Feb 17, 2026
CVSS 7.0
EPSS 0.01
CVE-2026-2415
MEDIUM
pretix 2026.1.0-2026.1.1 & 4.16.0-2026.1.1 - Info Disclosure & Dynamic Variable Evaluation via Email Templates
Feb 16, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-2531
MEDIUM
MindsDB < 25.14.1 - Server-Side Request Forgery via File Upload clear_filename Function
Feb 16, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-26217
HIGH
Crawl4AI < 0.8.0 - Unauthenticated Local File Inclusion via Docker API Endpoints
Feb 12, 2026
CVSS 8.6
EPSS 0.01
CVE-2026-26216
CRITICAL
Crawl4AI < 0.8.0 - Unauthenticated Remote Code Execution via Docker API Hooks Parameter
Feb 12, 2026
CVSS 10.0
EPSS 0.02
CVE-2026-1669
HIGH
Keras 3.0.0-3.13.1 - Arbitrary File Read via HDF5 External Dataset References
Feb 11, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-25990
HIGH
Pillow 10.3.0-12.1.0 - Out-of-bounds Write via Crafted PSD Image
Feb 11, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-26013
LOW
langchain-core < 1.2.11 - Server-Side Request Forgery via ChatOpenAI Image URL
Feb 10, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-26007
MEDIUM
cryptography < 46.0.5 - Insufficient Verification of Data Authenticity in Public Key Functions
Feb 10, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-25577
HIGH
emmett-core < 1.3.11 - Unauthenticated Denial of Service via Malformed Cookie Header
Feb 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-21531
CRITICAL
Azure Conversation Authoring Client Library - Remote Code Execution via Untrusted Data Deserialization
Feb 10, 2026
CVSS 9.8
EPSS 0.02
CVE-2026-25528
MEDIUM
LangSmith SDK - Server-Side Request Forgery via Baggage Header Injection
Feb 09, 2026
CVSS 5.8
EPSS 0.00
CVE-2026-25480
MEDIUM
Litestar < 2.20.0 - Unauthenticated Cache Poisoning via FileStore Key Collision
Feb 09, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-25479
MEDIUM
Litestar < 2.20.0 - Host Validation Bypass via Regex Metacharacter Injection
Feb 09, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-25478
HIGH
Litestar < 2.20.0 - Permissive Cross-domain Security Policy via Unescaped Regex Metacharacters
Feb 09, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-24098
MEDIUM
Apache Airflow <3.1.7 - Info Disclosure
Feb 09, 2026
CVSS 6.5
EPSS 0.01
CVE-2026-22922
MEDIUM
Apache Airflow <3.1.6 - Info Disclosure
Feb 09, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-25905
MEDIUM
mcp-run-python - Improper Isolation via Pyodide API Access
Feb 09, 2026
CVSS 5.8
EPSS 0.00
CVE-2026-25904
MEDIUM
mcp-run-python - Server-Side Request Forgery via Deno Sandbox Configuration
Feb 09, 2026
CVSS 5.8
EPSS 0.00
CVE-2026-25732
HIGH
NiceGUI < 3.7.0 - Path Traversal via FileUpload.name Property
Feb 06, 2026
CVSS 7.5
EPSS 0.03
CVE-2026-25516
MEDIUM
NiceGUI < 3.7.0 - Stored Cross-Site Scripting via ui.markdown() Component
Feb 06, 2026
CVSS 6.1
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 91
mlflow 76
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters