pypi
4,979 tracked vulnerabilities.
CVE-2026-45553
HIGH
NiceGUI: Local file disclosure via Docutils file insertion in ui.restructured_text()
Jun 02, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-5422
HIGH
Path Traversal in jupyter/jupyter
Jun 02, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-3514
HIGH
Authentication Bypass in prefecthq/prefect
Jun 02, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-3198
MEDIUM
Improper Access Control in mlflow/mlflow
Jun 02, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-10566
MEDIUM
FoundationAgents MetaGPT schema.py Message.check_instruct_content deserialization
Jun 02, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-25879
CRITICAL
Langroid < 0.63.0 - SQL Injection via LLM Prompt Injection
Jun 01, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-10300
LOW
SGLang 0.5.10.post1 - Reachable Assertion via lora_path Argument
Jun 01, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-45727
HIGH
CloakBrowser < 0.3.28 - Unauthenticated Path Traversal and Arbitrary Directory Deletion via Fingerprint Parameter
Jun 01, 2026
EPSS 0.00
CVE-2026-8643
MEDIUM
pip can extract console_scripts and gui_scripts outside installation directory
Jun 01, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-49298
HIGH
Apache Airflow: JWT Token Exposure in KubernetesExecutor Command-Line Arguments
Jun 01, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-49267
MEDIUM
Apache Airflow: No certificate validation on SMTP STARTTLS connections
Jun 01, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-48726
MEDIUM
Apache Airflow: revoke_token() unreachable in FabAuthManager / KeycloakAuthManager logout path
Jun 01, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-46764
MEDIUM
Apache Airflow: Event Log detail endpoint bypasses DAG-scoped event log permission filter
Jun 01, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-45426
LOW
Apache Airflow Log Server - JWT Authorization Bypass
Jun 01, 2026
CVSS 3.1
EPSS 0.00
CVE-2026-45360
HIGH
Apache Airflow: Arbitrary import in custom deadline-reference deserialization
Jun 01, 2026
CVSS 7.3
EPSS 0.01
CVE-2026-42360
MEDIUM
Apache Airflow: Rendered template truncation bypasses nested sensitive-key masking
Jun 01, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-42359
HIGH
Apache Airflow: Authenticated RCE via XCom PATCH endpoint — XComUpdateBody missing FORBIDDEN_XCOM_KEYS validator
Jun 01, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-42358
MEDIUM
Apache Airflow: Variable masker depth-limit bypass returns cleartext nested secrets
Jun 01, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-42252
CRITICAL
Apache Airflow: BashOperator Jinja2 injection via dag_run.conf — low-privilege user pattern
Jun 01, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-41084
HIGH
Apache Airflow: API authorization bypass: bulk TaskInstances allows cross-DAG mutation
Jun 01, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-41017
MEDIUM
Apache Airflow: JWT cookie missing Secure flag in JWTRefreshMiddleware behind HTTPS-terminating proxy
Jun 01, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-41014
MEDIUM
Apache Airflow: per-DAG RBAC bypass on /ui/partitioned_dag_runs endpoints
Jun 01, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-40963
LOW
Apache Airflow: DAG authorization bypass on /ui/structure/structure_data
Jun 01, 2026
CVSS 3.1
EPSS 0.00
CVE-2026-40961
HIGH
Apache Airflow: Open Redirect Bypass Vulnerability
Jun 01, 2026
CVSS 7.2
EPSS 0.01
CVE-2026-40861
MEDIUM
Apache Airflow: Arbitrary File Read via Log Symlink following in FileTaskHandler
Jun 01, 2026
CVSS 6.5
EPSS 0.01
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 91
mlflow 76
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 47
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters