pypi
4,708 tracked vulnerabilities.
CVE-2025-62727
HIGH
Starlette 0.39.0-0.49.0 - Unauthenticated Denial of Service via HTTP Range Header
Oct 28, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-40843
MEDIUM
CodeChecker < 6.26.2 - Stack-based Buffer Overflow in ldlogger Library
Oct 28, 2025
CVSS 5.9
EPSS 0.00
CVE-2025-61385
CRITICAL
tlocke pg8000 <1.31.4 - SQL Injection
Oct 27, 2025
CVSS 9.6
EPSS 0.00
CVE-2025-8709
HIGH
langgraph-checkpoint-sqlite 2.0.10 - SQL Injection via Filter Operator Handling
Oct 26, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-62708
HIGH
pypdf < 6.1.3 - Denial of Service via LZWDecode Filter
Oct 22, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-62707
HIGH
pypdf < 6.1.3 - Denial of Service via DCTDecode Inline Image Parsing
Oct 22, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-62706
MEDIUM
Authlib < 1.6.5 - Denial of Service via Unbounded DEFLATE Decompression in JWE zip=DEF
Oct 22, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-62611
HIGH
aiomysql < 0.3.0 - Arbitrary File Read via LOAD_LOCAL Instruction
Oct 22, 2025
EPSS 0.00
CVE-2025-62607
MEDIUM
nautobot-ssot < 3.10.0 - Unauthenticated Information Disclosure via Configuration Page
Oct 22, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-11844
MEDIUM
Hugging Face Smolagents 1.20.0-1.21.9 - XPath Injection in search_item_ctrl_f
Oct 22, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-62528
MEDIUM
Taguette < 1.5.0 - Stored Cross-Site Scripting via Project Name or Description
Oct 20, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-62527
HIGH
Taguette < 1.5.0 - Email Address Hijacking via Password Reset Link
Oct 20, 2025
CVSS 7.1
EPSS 0.00
CVE-2025-62515
CRITICAL
pyquokka <= 0.3.1 - Remote Code Execution via Unsafe Pickle Deserialization in FlightServer
Oct 17, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-49655
CRITICAL
Keras 3.11.0-3.11.2 - Remote Code Execution via TorchModuleWrapper Deserialization
Oct 17, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-11849
CRITICAL
mammoth < 1.11.0 - Directory Traversal via DOCX Image External Link
Oct 17, 2025
CVSS 9.3
EPSS 0.00
CVE-2025-62379
LOW
Reflex 0.5.4-0.8.14 - Open Redirect via /auth-codespace Endpoint
Oct 15, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-62172
HIGH
Pypi Homeassistant < 2025.10.2 - Basic XSS
Oct 14, 2025
EPSS 0.00
CVE-2025-7707
HIGH
Llama_index 0.12.33 - Info Disclosure
Oct 13, 2025
CVSS 7.8
EPSS 0.00
CVE-2025-61912
MEDIUM
python-ldap < 3.4.5 - Denial of Service via Incorrect Null Byte Escaping in ldap.dn.escape_dn_chars()
Oct 10, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-61911
MEDIUM
python-ldap <3.4.5 - Code Injection
Oct 10, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-61920
HIGH
Authlib < 1.6.5 - Uncontrolled Resource Consumption via Oversized JWS/JWT Segments
Oct 10, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-61783
MEDIUM
Python Social Auth <5.6.0 - Info Disclosure
Oct 09, 2025
EPSS 0.00
CVE-2025-61773
HIGH
pyload-ng < 0.5.0b3.dev91 - Cross-Site Scripting via Captcha Script Endpoint and Click'N'Load Blueprint
Oct 09, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-10284
CRITICAL
BBOT < 2.7.0 - Remote Code Execution via Malicious Archive Extraction
Oct 09, 2025
CVSS 9.6
EPSS 0.00
CVE-2025-10283
CRITICAL
BBOT < 2.7.0 - Remote Code Execution via Git Repository Command Injection
Oct 09, 2025
CVSS 9.6
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 111
Plone 96
open-webui 86
mlflow 70
apache-superset 67
salt 67
ansible 66
pillow 52
nova 48
gradio 46
rdiffweb 43
matrix-synapse 42
pyload-ng 41
vyper 39
vllm 38
keystone 36
moin 35
aiohttp 33
opencv-contrib-python 30
opencv-python 30
PraisonAI 27
pgadmin4 26
pypdf 24
glance 22
langflow 22
ethyca-fides 21
Quick Filters