pypi
4,708 tracked vulnerabilities.
CVE-2025-57697
MEDIUM
AstrBot 3.5.22 - Arbitrary File Read via _encode_image_bs64 Function
Nov 07, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-57698
HIGH
AstrBot 3.5.22 - Path Traversal via Plugin Install-Upload Filename Handling
Nov 07, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-64187
MEDIUM
OctoPrint < 1.11.4 - Stored Cross-Site Scripting via Action Command Notifications
Nov 07, 2025
CVSS 4.4
EPSS 0.00
CVE-2025-64184
HIGH
Dosage < 3.2 - Path Traversal via HTTP Content-Type Header
Nov 07, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-64326
LOW
Weblate < 5.14.1 - IP Address Exposure in Audit Log
Nov 06, 2025
CVSS 2.6
EPSS 0.00
CVE-2025-64459
CRITICAL
Django 4.2-4.2.25 5.1-5.1.13 5.2a1-5.2.7 - SQL Injection via QuerySet Dictionary Expansion
Nov 05, 2025
CVSS 9.1
EPSS 0.00
CVE-2025-64458
HIGH
Django 4.2-4.2.25, 5.1-5.1.13, 5.2-5.2.7 - Denial of Service via NFKC Unicode Normalization
Nov 05, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-58337
MEDIUM
Doris MCP Server <0.6.0 - Auth Bypass
Nov 05, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-12695
MEDIUM
DSPy - Arbitrary File Read via PythonInterpreter Sandbox Escape
Nov 04, 2025
CVSS 5.9
EPSS 0.00
CVE-2025-64168
HIGH
Agno 2.0.0-2.2.1 - Unprotected User Data Exposure via Session State Race Condition
Oct 31, 2025
CVSS 7.1
EPSS 0.00
CVE-2025-63675
MEDIUM
cryptidy < 1.2.4 - Remote Code Execution via Pickle Deserialization
Oct 31, 2025
CVSS 6.9
EPSS 0.00
CVE-2025-6176
HIGH
Scrapy < 2.13.4 - Denial of Service via Brotli Decompression Bomb
Oct 31, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-12060
HIGH
Keras < 3.12.0 and 3.0.0-3.11.3 - Path Traversal via tarfile.extractall
Oct 30, 2025
EPSS 0.00
CVE-2025-50736
MEDIUM
Byaidu PDFMathTranslate <1.9.9 - Open Redirect
Oct 30, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-62503
MEDIUM
Apache Airflow 3.0.0 through 3.1.1 - Privilege Escalation
Oct 30, 2025
CVSS 4.6
EPSS 0.00
CVE-2025-62402
MEDIUM
Apache Airflow 3.0.0-3.1.0 - Unauthenticated Remote Code Execution via /api/v2/dagReports
Oct 30, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-54941
MEDIUM
Apache Airflow 3.0.0-3.0.5 - OS Command Injection via Example DAG Decorator
Oct 30, 2025
CVSS 4.6
EPSS 0.00
CVE-2025-11201
CRITICAL
MLflow < 3.0.0 - Unauthenticated Remote Code Execution via Model File Path Traversal
Oct 29, 2025
CVSS 9.8
EPSS 0.17
CVE-2025-11200
CRITICAL
MLflow < 2.21.0 and < 2.22.0rc0 - Unauthenticated Authentication Bypass via Weak Password Requirements
Oct 29, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-64104
HIGH
langgraph-checkpoint-sqlite < 2.0.11 - SQL Injection via Improper String Concatenation
Oct 29, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-64100
MEDIUM
CKAN <2.10.9, <2.11.4 - Info Disclosure
Oct 29, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-54384
MEDIUM
CKAN < 2.10.9 and 2.11.0-2.11.4 - Stored Cross-Site Scripting via markdown_extract Helper
Oct 29, 2025
CVSS 6.3
EPSS 0.00
CVE-2025-12058
MEDIUM
Keras < 3.12.0 - Arbitrary Local File Read and Server-Side Request Forgery via StringLookup Layer
Oct 29, 2025
EPSS 0.00
CVE-2025-62801
HIGH
fastmcp < 2.13.0 - OS Command Injection via server_name Field
Oct 28, 2025
CVSS 7.8
EPSS 0.00
CVE-2025-62800
MEDIUM
fastmcp < 2.13.0 - Reflected Cross-Site Scripting in OAuth Client Callback Page
Oct 28, 2025
CVSS 6.1
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 111
Plone 96
open-webui 86
mlflow 70
apache-superset 67
salt 67
ansible 66
pillow 52
nova 48
gradio 46
rdiffweb 43
matrix-synapse 42
pyload-ng 41
vyper 39
vllm 38
keystone 36
moin 35
aiohttp 33
opencv-contrib-python 30
opencv-python 30
PraisonAI 27
pgadmin4 26
pypdf 24
glance 22
langflow 22
ethyca-fides 21
Quick Filters