pypi

4,979 tracked vulnerabilities.

CVE-2026-45553 HIGH
NiceGUI: Local file disclosure via Docutils file insertion in ui.restructured_text()
Jun 02, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-5422 HIGH
Path Traversal in jupyter/jupyter
Jun 02, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-3514 HIGH
Authentication Bypass in prefecthq/prefect
Jun 02, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-3198 MEDIUM
Improper Access Control in mlflow/mlflow
Jun 02, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-10566 MEDIUM
FoundationAgents MetaGPT schema.py Message.check_instruct_content deserialization
Jun 02, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-25879 CRITICAL
Langroid < 0.63.0 - SQL Injection via LLM Prompt Injection
Jun 01, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-10300 LOW
SGLang 0.5.10.post1 - Reachable Assertion via lora_path Argument
Jun 01, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-45727 HIGH
CloakBrowser < 0.3.28 - Unauthenticated Path Traversal and Arbitrary Directory Deletion via Fingerprint Parameter
Jun 01, 2026
EPSS 0.00
CVE-2026-8643 MEDIUM
pip can extract console_scripts and gui_scripts outside installation directory
Jun 01, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-49298 HIGH
Apache Airflow: JWT Token Exposure in KubernetesExecutor Command-Line Arguments
Jun 01, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-49267 MEDIUM
Apache Airflow: No certificate validation on SMTP STARTTLS connections
Jun 01, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-48726 MEDIUM
Apache Airflow: revoke_token() unreachable in FabAuthManager / KeycloakAuthManager logout path
Jun 01, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-46764 MEDIUM
Apache Airflow: Event Log detail endpoint bypasses DAG-scoped event log permission filter
Jun 01, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-45426 LOW
Apache Airflow Log Server - JWT Authorization Bypass
Jun 01, 2026
CVSS 3.1
EPSS 0.00
CVE-2026-45360 HIGH
Apache Airflow: Arbitrary import in custom deadline-reference deserialization
Jun 01, 2026
CVSS 7.3
EPSS 0.01
CVE-2026-42360 MEDIUM
Apache Airflow: Rendered template truncation bypasses nested sensitive-key masking
Jun 01, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-42359 HIGH
Apache Airflow: Authenticated RCE via XCom PATCH endpoint — XComUpdateBody missing FORBIDDEN_XCOM_KEYS validator
Jun 01, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-42358 MEDIUM
Apache Airflow: Variable masker depth-limit bypass returns cleartext nested secrets
Jun 01, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-42252 CRITICAL
Apache Airflow: BashOperator Jinja2 injection via dag_run.conf — low-privilege user pattern
Jun 01, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-41084 HIGH
Apache Airflow: API authorization bypass: bulk TaskInstances allows cross-DAG mutation
Jun 01, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-41017 MEDIUM
Apache Airflow: JWT cookie missing Secure flag in JWTRefreshMiddleware behind HTTPS-terminating proxy
Jun 01, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-41014 MEDIUM
Apache Airflow: per-DAG RBAC bypass on /ui/partitioned_dag_runs endpoints
Jun 01, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-40963 LOW
Apache Airflow: DAG authorization bypass on /ui/structure/structure_data
Jun 01, 2026
CVSS 3.1
EPSS 0.00
CVE-2026-40961 HIGH
Apache Airflow: Open Redirect Bypass Vulnerability
Jun 01, 2026
CVSS 7.2
EPSS 0.01
CVE-2026-40861 MEDIUM
Apache Airflow: Arbitrary File Read via Log Symlink following in FileTaskHandler
Jun 01, 2026
CVSS 6.5
EPSS 0.01