pypi
4,986 tracked vulnerabilities.
CVE-2026-22584
CRITICAL
Salesforce Uni2TS <= 1.2.0 - Code Injection via Executable Code in Non-Executable Files
Jan 09, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-21860
MEDIUM
Werkzeug < 3.1.5 - Path Traversal via Windows Device Name Bypass
Jan 08, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-22041
MEDIUM
Logging Redactor <0.0.6 - Type Error
Jan 08, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-21892
MEDIUM
Parsl < 2026.01.05 - Unauthenticated SQL Injection via Workflow ID Parameter
Jan 08, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-21874
MEDIUM
NiceGUI 2.10.0-3.4.1 - Unauthenticated Resource Exhaustion via Redis Connection Leak
Jan 08, 2026
CVSS 5.3
EPSS 0.01
CVE-2026-21873
HIGH
NiceGUI 2.22.0-3.4.1 - Cross-Site Scripting via Pushstate Event Listener
Jan 08, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-21872
MEDIUM
NiceGUI 2.22.0-3.4.1 - Stored Cross-Site Scripting via Sub-Page Click Event Listener
Jan 08, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-21871
MEDIUM
NiceGUI 2.13.0-3.4.1 - Cross-Site Scripting via History API Navigation Helpers
Jan 08, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-21883
MEDIUM
Bokeh < 3.8.2 - WebSocket Hijacking via Flawed Origin Validation
Jan 08, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-21851
MEDIUM
MONAI <= 1.5.1 - Path Traversal via _download_from_ngc_private() Zip Slip
Jan 07, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-21441
HIGH
urllib3 1.22-2.6.2 - Denial of Service via HTTP Redirect Response Decompression
Jan 07, 2026
CVSS 7.5
EPSS 0.03
CVE-2026-21439
MEDIUM
badkeys < 0.0.16 - Terminal Output Injection via ANSI Escape Sequences
Jan 06, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-21445
CRITICAL
NUCLEI
Langflow < 1.7.1 - Unauthenticated Sensitive Data Exposure and Destructive Operations via API Endpoints
Jan 02, 2026
CVSS 9.1
EPSS 0.21
CVE-2025-71361
HIGH
picklescan - Remote Code Execution via Undetected idlelib.calltip.Calltip.fetch_tip
Jun 24, 2026
CVSS 8.1
EPSS 0.00
CVE-2025-71354
HIGH
picklescan - Remote Code Execution via idlelib.debugobj.ObjectTreeItem.SetText
Jun 24, 2026
CVSS 8.1
EPSS 0.00
CVE-2025-71358
HIGH
picklescan - Remote Code Execution via idlelib.autocomplete.AutoComplete.get_entity
Jun 22, 2026
CVSS 8.1
EPSS 0.00
CVE-2025-71344
HIGH
picklescan - Arbitrary Code Execution via Undetected ensurepip._run_pip Function
Jun 22, 2026
CVSS 8.1
EPSS 0.00
CVE-2025-71339
HIGH
Picklescan - Arbitrary Code Execution via numpy.f2py.crackfortran._eval_length Gadget
Jun 22, 2026
CVSS 8.1
EPSS 0.00
CVE-2025-71325
CRITICAL
picklescan - Detection Bypass via STACK_GLOBAL Opcode Parsing Logic Flaw
Jun 17, 2026
CVSS 9.8
EPSS 0.00
CVE-2025-71323
CRITICAL
picklescan - Remote Code Execution via Unblocked ctypes Module
Jun 17, 2026
CVSS 9.8
EPSS 0.01
CVE-2025-71322
HIGH
PickleScan - Unsafe Globals Check Bypass via pty.spawn Function
Jun 17, 2026
CVSS 8.8
EPSS 0.00
CVE-2025-71321
CRITICAL
picklescan - Arbitrary File Writing via distutils Module Bypass
Jun 17, 2026
CVSS 9.8
EPSS 0.01
CVE-2025-71320
CRITICAL
picklescan - Remote Code Execution via Incomplete Disallowed Inputs
Jun 17, 2026
CVSS 9.8
EPSS 0.01
CVE-2025-26240
HIGH
JazzCore python-pdfkit 1.0.0 - Remote Code Execution via from_string JavaScript Injection
Jun 17, 2026
CVSS 8.4
EPSS 0.00
CVE-2025-51427
HIGH
ModelScope 1.25.0 - Remote Code Execution via Crafted Module in Configuration File
May 19, 2026
CVSS 7.3
EPSS 0.01
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 91
mlflow 76
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters