pypi
4,986 tracked vulnerabilities.
CVE-2026-24747
HIGH
PyTorch < 2.10.0 - Remote Code Execution via Malicious Checkpoint File
Jan 27, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-24688
MEDIUM
pypdf < 6.6.2 - Denial of Service via Infinite Loop in Outline Processing
Jan 27, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-23892
MEDIUM
OctoPrint <1.11.5 - Info Disclosure
Jan 27, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-1213
MEDIUM
askbot <= 0.12.2 - Authenticated Profile Picture Modification
Jan 27, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-24490
HIGH
Mobile Security Framework < 4.4.5 - Stored Cross-Site Scripting via Android Manifest Host Attribute
Jan 27, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-24489
MEDIUM
Gakido < 0.1.1 - HTTP Header Injection via CRLF Sequence
Jan 27, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-24486
HIGH
Python-Multipart <0.0.22 - Path Traversal
Jan 27, 2026
CVSS 8.6
EPSS 0.02
CVE-2026-24408
NONE
sigstore-python < 4.2.0 - Cross-Site Request Forgery in OAuth Authentication Flow
Jan 26, 2026
EPSS 0.00
CVE-2026-24123
HIGH
BentoML < 1.4.34 - Path Traversal via bentofile.yaml Configuration Fields
Jan 26, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-22696
CRITICAL
dcap-qvl < 0.3.9 - Improper Certificate Validation in QE Identity Collateral
Jan 26, 2026
EPSS 0.00
CVE-2026-0994
HIGH
Protobuf - Denial of Service via Recursion Depth Bypass in Any Message Parsing
Jan 23, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-0770
CRITICAL
NUCLEI
Langflow validate exec_globals - Unauthenticated Root Code Execution
Jan 23, 2026
CVSS 9.8
EPSS 0.10
CVE-2026-24130
MEDIUM
Moonraker < 0.10.0 - LDAP Injection via Login Endpoint
Jan 22, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-1260
HIGH
Sentencepiece < 0.2.1 - Memory Corruption via Vulnerable Model File
Jan 22, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-24009
HIGH
docling-core 2.21.0-2.48.4 - Remote Code Execution via PyYAML Deserialization
Jan 22, 2026
CVSS 8.1
EPSS 0.01
CVE-2026-24049
HIGH
wheel 0.40.0-0.46.1 - Arbitrary File Permission Modification via Malicious Wheel Archive
Jan 22, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-23946
MEDIUM
Tendenci <15.3.11 - Authenticated RCE
Jan 22, 2026
CVSS 6.8
EPSS 0.01
CVE-2026-23996
LOW
FastAPI Api Key <1.1.0 - Info Disclosure
Jan 21, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-23986
HIGH
copier < 9.11.2 - Arbitrary File Write via Symlink Following with _preserve_symlinks
Jan 21, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-23968
MEDIUM
copier < 9.11.2 - Arbitrary File Access via Symlink Following
Jan 21, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-22807
HIGH
vllm 0.10.1-0.13.0 - Remote Code Execution via Hugging Face auto_map Dynamic Module Loading
Jan 21, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-23949
HIGH
jaraco.context <6.1.0 - Path Traversal
Jan 20, 2026
CVSS 8.6
EPSS 0.01
CVE-2026-22219
HIGH
chainlit < 2.9.4 - Authenticated Server-Side Request Forgery via Project Element Update
Jan 20, 2026
CVSS 7.7
EPSS 0.04
CVE-2026-23877
MEDIUM
Swing Music <2.1.4 - Path Traversal
Jan 19, 2026
CVSS 4.3
EPSS 0.01
CVE-2026-23842
HIGH
ChatterBot < 1.2.11 - Denial of Service via SQLAlchemy Connection Pool Exhaustion
Jan 19, 2026
CVSS 7.5
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 91
mlflow 76
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters