pypi
4,708 tracked vulnerabilities.
CVE-2025-10282
MEDIUM
BBOT - Exposure of Sensitive Information via GitLab Module
Oct 09, 2025
CVSS 4.7
EPSS 0.00
CVE-2025-10281
MEDIUM
BBOT < 2.7.0 - Unauthenticated GitHub API Key Exposure via Malicious Git URL
Oct 09, 2025
CVSS 4.7
EPSS 0.00
CVE-2025-61672
MEDIUM
Synapse < 1.138.3 and 1.139.0 - Federation Degradation via Device Key Validation Bypass
Oct 08, 2025
EPSS 0.00
CVE-2025-6242
HIGH
vLLM MediaConnector - Multimodal URL Server-Side Request Forgery
Oct 07, 2025
CVSS 7.1
EPSS 0.00
CVE-2025-61784
HIGH
llama-factory < 0.9.4 - SSRF and LFI via _process_request
Oct 07, 2025
CVSS 7.6
EPSS 0.00
CVE-2025-59425
HIGH
vllm < 0.11.0 - Timing Attack via API Key Validation
Oct 07, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-6985
HIGH
langchain-text-splitters < 0.3.9 - XML External Entity Injection via HTMLSectionSplitter XSLT Parsing
Oct 06, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-61765
MEDIUM
python-socketio < 5.14.0 - Remote Code Execution via Pickle Deserialization
Oct 06, 2025
CVSS 6.4
EPSS 0.01
CVE-2025-59152
HIGH
Litestar 2.17.0 - Rate Limit Bypass via X-Forwarded-For Header Manipulation
Oct 06, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-8917
MEDIUM
clearml < 2.0.2 - Path Traversal and Arbitrary File Write via Symbolic and Hard Link Handling
Oct 05, 2025
CVSS 5.8
EPSS 0.00
CVE-2025-8406
HIGH
ZenML 0.83.1 - Path Traversal and Arbitrary File Write via PathMaterializer
Oct 05, 2025
CVSS 7.8
EPSS 0.00
CVE-2025-61677
LOW
DataChain < 0.34.2 - Remote Code Execution via Untrusted Data Deserialization
Oct 03, 2025
CVSS 2.5
EPSS 0.00
CVE-2025-53354
MEDIUM
NiceGUI < 3.0.0 - Cross-Site Scripting via ui.html()
Oct 03, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-60787
HIGH
MotionEye <= 0.43.1b4 - Authenticated Configuration Command Injection
Oct 03, 2025
CVSS 7.2
EPSS 0.58
CVE-2025-59682
LOW
Django 4.2-4.2.24, 5.1-5.1.12, 5.2-5.2.6 - Relative Path Traversal via Archive Extraction
Oct 01, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-59681
HIGH
Django 4.2-4.2.24, 5.1-5.1.12, 5.2-5.2.6 - SQL Injection via Column Alias Dictionary Expansion
Oct 01, 2025
CVSS 7.1
EPSS 0.00
CVE-2025-57275
MEDIUM
SPDK < 25.9 - Buffer Overflow in NVMe-oF Target Component
Oct 01, 2025
CVSS 5.5
EPSS 0.00
CVE-2025-61622
CRITICAL
pyfory 0.12.0-0.12.2 and pyfury 0.1.0-0.10.3 - Remote Code Execution via Pickle Deserialization
Oct 01, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-59940
MEDIUM
mkdocs-include-markdown-plugin < 7.1.8 - Improper Input Validation
Sep 29, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-7647
HIGH
Llama-index-core <0.12.44 - Info Disclosure
Sep 27, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-59842
MEDIUM
JupyterLab <4.4.8 - Info Disclosure
Sep 26, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-54831
MEDIUM
Apache Airflow <3.0.3 - Info Disclosure
Sep 26, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-10952
MEDIUM
geyang ml-logger < acf255b - Sensitive Information Exposure via stream_handler
Sep 25, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-10951
HIGH
geyang ml-logger - Path Traversal via File Argument in log_handler
Sep 25, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-10950
MEDIUM
geyang ml-logger < acf255bade5be6ad88d90735c8367b28cbe3a743 - Remote Code Execution via Deserialization in Ping Handler
Sep 25, 2025
CVSS 6.3
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 111
Plone 96
open-webui 86
mlflow 70
apache-superset 67
salt 67
ansible 66
pillow 52
nova 48
gradio 46
rdiffweb 43
matrix-synapse 42
pyload-ng 41
vyper 39
vllm 38
keystone 36
moin 35
aiohttp 33
opencv-contrib-python 30
opencv-python 30
PraisonAI 27
pgadmin4 26
pypdf 24
glance 22
langflow 22
ethyca-fides 21
Quick Filters