Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / pypi

pypi

4,708 tracked vulnerabilities.

CVE-2025-65106 HIGH

langchain-core 1.0.0-1.0.6 - Template Injection via Untrusted Template Strings

CVE-2025-62609 HIGH

MLX < 0.29.4 - Denial of Service via Malicious GGUF File Loading

CVE-2025-62608 CRITICAL

MLX < 0.29.4 - Heap-based Buffer Overflow in NumPy File Parser

CVE-2025-62426 MEDIUM

vLLM 0.5.5-0.11.1 - Denial of Service via Unvalidated chat_template_kwargs Parameter

CVE-2025-62372 MEDIUM

vLLM 0.5.5-0.11.1 - Denial of Service via Multimodal Embedding Input Shape Mismatch

CVE-2025-62164 HIGH

vLLM 0.10.2-0.11.1 - Remote Code Execution via Malicious Prompt Embedding Tensors

CVE-2025-65015 HIGH

joserfc 1.3.3-1.3.4 and 1.4.0-1.4.1 - Denial of Service via Large JWT Payload

CVE-2025-60455 HIGH

Modular Max Serve <25.6 - Code Injection

CVE-2025-65073 HIGH

OpenStack Keystone < 26.0.1, 27.0.0, 28.0.0 - Incorrect Authorization via AWS Signature

CVE-2025-12765 HIGH

pgAdmin <= 9.9 - Improper Certificate Validation in LDAP Authentication

CVE-2025-12764 HIGH

pgAdmin <= 9.9 - LDAP Injection via Username Parameter

CVE-2025-12763 MEDIUM

pgAdmin 4 < 9.10 - OS Command Injection via Backup and Restore File Path

CVE-2025-12762 CRITICAL

pgAdmin 4 < 9.10 - Remote Code Execution via PLAIN-format Dump File Restore

CVE-2025-64512 HIGH

pdfminer.six < 20251107 - Remote Code Execution via Malicious Pickle File Deserialization

CVE-2025-64509 HIGH

Bugsink < 2.0.6 - Denial of Service via Brotli Decompression

CVE-2025-64508 HIGH

Bugsink < 2.0.5 - Denial of Service via Brotli Decompression Bomb

CVE-2025-64183 HIGH

OpenEXR 3.2.0-3.2.4 3.3.0-3.3.5 3.4.0-3.4.2 - Use-After-Free in PyObject_StealAttrString

CVE-2025-64182 HIGH

OpenEXR 3.2.0-3.2.4 3.3.0-3.3.5 3.4.0-3.4.2 - Heap Overflow via Legacy Python InputFile Wrapper

CVE-2025-64181 HIGH

OpenEXR 3.3.0-3.3.5 3.4.0-3.4.2 - Use of Uninitialized Variable in generic_unpack

CVE-2025-62780 LOW NUCLEI

changedetection.io < 0.50.34 - Stored Cross-Site Scripting via Watch Update API

CVE-2025-12967 HIGH

AWS Wrappers for Amazon Aurora PostgreSQL - Privilege Escalation

CVE-2025-64496 HIGH

Open WebUI < 0.6.35 - Remote Code Execution via Direct Connections SSE Event Injection

CVE-2025-64495 HIGH

Open WebUI < 0.6.35 - Stored Cross-Site Scripting via Rich Text Prompt Insertion

CVE-2025-64481 LOW

Datasette < 0.65.2 and 1.0a0-1.0a19 - Open Redirect via Double Slash Path

CVE-2025-64439 HIGH

langgraph-checkpoint < 3.0.0 - Remote Code Execution via JsonPlusSerializer Deserialization

Previous Page 36 of 189 Next

Products

tensorflow 427 tensorflow-gpu 421 tensorflow-cpu 417 Django 147 apache-airflow 111 Plone 96 open-webui 86 mlflow 70 apache-superset 67 salt 67 ansible 66 pillow 52 nova 48 gradio 46 rdiffweb 43 matrix-synapse 42 pyload-ng 41 vyper 39 vllm 38 keystone 36 moin 35 aiohttp 33 opencv-contrib-python 30 opencv-python 30 PraisonAI 27 pgadmin4 26 pypdf 24 glance 22 langflow 22 ethyca-fides 21

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy