pypi
4,707 tracked vulnerabilities.
CVE-2026-42304
HIGH
Twisted: Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer Chains
May 13, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-44364
CRITICAL
misp-modules website - Missing CSRF protection in the website home blueprint
May 13, 2026
EPSS 0.00
CVE-2026-44363
MEDIUM
Unsafe remote resource fetching in expansion misp-modules
May 13, 2026
EPSS 0.00
CVE-2026-42032
CRITICAL
CKAN: Unauthenticated Authorization Bypass in `datastore_search_sql`
May 13, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-42031
CRITICAL
NUCLEI
CKAN: Unauthenticated SQL Injection and Authorization Bypass in `datastore_search_sql`
May 13, 2026
CVSS 9.8
EPSS 0.14
CVE-2026-41255
MEDIUM
CKAN: CSRF exemption primed by anonymous requests
May 13, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-41132
HIGH
CKAN: No certificate validation on STMP connection
May 13, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-44432
HIGH
urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API
May 13, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-44431
MEDIUM
urllib3: Sensitive headers forwarded across origins in proxied low-level redirects
May 13, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-42557
HIGH
jupyterlab: Command linker attributes in HTML enable one-click command execution from untrusted content
May 13, 2026
EPSS 0.00
CVE-2026-42266
HIGH
jupyterlab: Extension Manager API/GUI Policy Discrepancy allowing 3rd party (malicious) extensions install via POST request.
May 13, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-44307
HIGH
Mako: Path traversal via backslash URI on Windows in TemplateLookup
May 12, 2026
EPSS 0.00
CVE-2026-44305
MEDIUM
Lemur: LDAP TLS certificate verification globally disabled enables credential interception
May 12, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-44304
HIGH
Lemur: LDAP Filter Injection enables post-authentication privilege escalation
May 12, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-43948
CRITICAL
wger: cross-tenant password reset and plaintext disclosure via gym=None bypass
May 12, 2026
CVSS 9.9
EPSS 0.00
CVE-2026-42545
MEDIUM
Granian: DoS via WSGI response header panic
May 12, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-42544
HIGH
Granian: Unauthenticated DoS via WebSocket subprotocol header panic
May 12, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-42196
CRITICAL
django-s3file: Relative path traversal
May 12, 2026
EPSS 0.00
CVE-2026-44223
MEDIUM
vLLM: extract_hidden_states speculative decoding crashes server on any request with penalty parameters
May 12, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-44222
MEDIUM
vLLM: Remote DoS via Special-Token Placeholders
May 12, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-44220
LOW
ciguard: discover_pipeline_files follows symlinks out of scan root
May 12, 2026
CVSS 3.2
EPSS 0.00
CVE-2026-44219
LOW
ciguard: SCA HTTP client reads response body without size cap
May 12, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-44218
LOW
ciguard: Container image runs as root (no USER directive)
May 12, 2026
CVSS 3.0
EPSS 0.00
CVE-2026-43891
HIGH
changedetection.io: Arbitrary Local File Read via crafted backup restore
May 12, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-42303
MEDIUM
Fides: Privacy Request Identity Verification Bypass Vulnerability via Duplicate Detection
May 12, 2026
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 111
Plone 96
open-webui 86
mlflow 70
apache-superset 67
salt 67
ansible 66
pillow 52
nova 48
gradio 46
rdiffweb 43
matrix-synapse 42
pyload-ng 41
vyper 39
vllm 38
keystone 36
moin 35
aiohttp 33
opencv-contrib-python 30
opencv-python 30
PraisonAI 27
pgadmin4 26
pypdf 24
glance 22
langflow 22
ethyca-fides 21
Quick Filters