pypi

4,986 tracked vulnerabilities.

CVE-2026-22584 CRITICAL
Salesforce Uni2TS <= 1.2.0 - Code Injection via Executable Code in Non-Executable Files
Jan 09, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-21860 MEDIUM
Werkzeug < 3.1.5 - Path Traversal via Windows Device Name Bypass
Jan 08, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-22041 MEDIUM
Logging Redactor <0.0.6 - Type Error
Jan 08, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-21892 MEDIUM
Parsl < 2026.01.05 - Unauthenticated SQL Injection via Workflow ID Parameter
Jan 08, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-21874 MEDIUM
NiceGUI 2.10.0-3.4.1 - Unauthenticated Resource Exhaustion via Redis Connection Leak
Jan 08, 2026
CVSS 5.3
EPSS 0.01
CVE-2026-21873 HIGH
NiceGUI 2.22.0-3.4.1 - Cross-Site Scripting via Pushstate Event Listener
Jan 08, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-21872 MEDIUM
NiceGUI 2.22.0-3.4.1 - Stored Cross-Site Scripting via Sub-Page Click Event Listener
Jan 08, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-21871 MEDIUM
NiceGUI 2.13.0-3.4.1 - Cross-Site Scripting via History API Navigation Helpers
Jan 08, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-21883 MEDIUM
Bokeh < 3.8.2 - WebSocket Hijacking via Flawed Origin Validation
Jan 08, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-21851 MEDIUM
MONAI <= 1.5.1 - Path Traversal via _download_from_ngc_private() Zip Slip
Jan 07, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-21441 HIGH
urllib3 1.22-2.6.2 - Denial of Service via HTTP Redirect Response Decompression
Jan 07, 2026
CVSS 7.5
EPSS 0.03
CVE-2026-21439 MEDIUM
badkeys < 0.0.16 - Terminal Output Injection via ANSI Escape Sequences
Jan 06, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-21445 CRITICAL NUCLEI
Langflow < 1.7.1 - Unauthenticated Sensitive Data Exposure and Destructive Operations via API Endpoints
Jan 02, 2026
CVSS 9.1
EPSS 0.21
CVE-2025-71361 HIGH
picklescan - Remote Code Execution via Undetected idlelib.calltip.Calltip.fetch_tip
Jun 24, 2026
CVSS 8.1
EPSS 0.00
CVE-2025-71354 HIGH
picklescan - Remote Code Execution via idlelib.debugobj.ObjectTreeItem.SetText
Jun 24, 2026
CVSS 8.1
EPSS 0.00
CVE-2025-71358 HIGH
picklescan - Remote Code Execution via idlelib.autocomplete.AutoComplete.get_entity
Jun 22, 2026
CVSS 8.1
EPSS 0.00
CVE-2025-71344 HIGH
picklescan - Arbitrary Code Execution via Undetected ensurepip._run_pip Function
Jun 22, 2026
CVSS 8.1
EPSS 0.00
CVE-2025-71339 HIGH
Picklescan - Arbitrary Code Execution via numpy.f2py.crackfortran._eval_length Gadget
Jun 22, 2026
CVSS 8.1
EPSS 0.00
CVE-2025-71325 CRITICAL
picklescan - Detection Bypass via STACK_GLOBAL Opcode Parsing Logic Flaw
Jun 17, 2026
CVSS 9.8
EPSS 0.00
CVE-2025-71323 CRITICAL
picklescan - Remote Code Execution via Unblocked ctypes Module
Jun 17, 2026
CVSS 9.8
EPSS 0.01
CVE-2025-71322 HIGH
PickleScan - Unsafe Globals Check Bypass via pty.spawn Function
Jun 17, 2026
CVSS 8.8
EPSS 0.00
CVE-2025-71321 CRITICAL
picklescan - Arbitrary File Writing via distutils Module Bypass
Jun 17, 2026
CVSS 9.8
EPSS 0.01
CVE-2025-71320 CRITICAL
picklescan - Remote Code Execution via Incomplete Disallowed Inputs
Jun 17, 2026
CVSS 9.8
EPSS 0.01
CVE-2025-26240 HIGH
JazzCore python-pdfkit 1.0.0 - Remote Code Execution via from_string JavaScript Injection
Jun 17, 2026
CVSS 8.4
EPSS 0.00
CVE-2025-51427 HIGH
ModelScope 1.25.0 - Remote Code Execution via Crafted Module in Configuration File
May 19, 2026
CVSS 7.3
EPSS 0.01