pypi

4,986 tracked vulnerabilities.

CVE-2025-65719 CRITICAL
Kubectl MCP Server 1.1.1 - Remote Code Execution
May 12, 2026
CVSS 9.8
EPSS 0.01
CVE-2025-55449 HIGH
AstrBotDevs AstrBot 3.5.15 - Auth Bypass
May 08, 2026
CVSS 7.3
EPSS 0.00
CVE-2025-61669 MEDIUM
jupyter_server next parameter open redirect can redirect users to external domains
May 05, 2026
CVSS 6.1
EPSS 0.00
CVE-2025-67796 HIGH
IKUS Rdiffweb <2.10.5 - Privilege Escalation
May 04, 2026
CVSS 8.1
EPSS 0.00
CVE-2025-13030 HIGH
django-mdeditor < 0.1.20 - Unauthenticated Arbitrary File Upload and Remote Code Execution via Image Upload Endpoint
Apr 30, 2026
CVSS 7.1
EPSS 0.00
CVE-2025-62373 CRITICAL
Pipecat vulnerable to Remote Code Execution by Pickle Deserialization via LivekitFrameSerializer
Apr 23, 2026
CVSS 9.8
EPSS 0.01
CVE-2025-66335 MEDIUM
Apache Doris MCP Server: MCP SQL inject
Apr 20, 2026
CVSS 5.3
EPSS 0.01
CVE-2025-54550 HIGH
Apache Airflow: RCE by race condition in example_xcom dag
Apr 15, 2026
CVSS 8.1
EPSS 0.01
CVE-2025-66236 HIGH
Apache Airflow: Secrets from Airflow config file logged in plain text in DAG run logs UI
Apr 13, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-57735 CRITICAL
Apache Airflow: Airflow Logout Not Invalidating JWT
Apr 09, 2026
CVSS 9.1
EPSS 0.01
CVE-2025-64340 MEDIUM
FastMCP <3.2.0 Gemini CLI Install - Command Injection
Apr 03, 2026
CVSS 6.7
EPSS 0.01
CVE-2025-15379 CRITICAL
Command Injection in mlflow/mlflow
Mar 30, 2026
CVSS 9.8
EPSS 0.02
CVE-2025-15036 CRITICAL
Path Traversal Vulnerability in mlflow/mlflow
Mar 30, 2026
CVSS 10.0
EPSS 0.01
CVE-2025-15381 HIGH
Unauthorized Access to Tracing and Assessment Endpoints in mlflow/mlflow
Mar 27, 2026
CVSS 7.1
EPSS 0.00
CVE-2025-70887 HIGH
Signify <0.9.2 - Privilege Escalation
Mar 25, 2026
CVSS 8.8
EPSS 0.00
CVE-2025-15031 CRITICAL
Path Traversal Vulnerability in mlflow/mlflow
Mar 18, 2026
CVSS 9.1
EPSS 0.01
CVE-2025-69196 MEDIUM
FastMCP OAuth Proxy token reuse across MCP servers
Mar 16, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-14287 HIGH
mlflow/mlflow <3.7.0 - Command Injection
Mar 16, 2026
CVSS 8.8
EPSS 0.01
CVE-2025-69219 HIGH
apache-airflow-providers-http < 6.0.0 - Authenticated Remote Code Execution via Crafted Database Entry
Mar 09, 2026
CVSS 8.8
EPSS 0.01
CVE-2025-45691 HIGH
RAGAS 0.2.3-0.2.14 - Path Traversal
Mar 05, 2026
CVSS 7.5
EPSS 0.01
CVE-2025-69534 HIGH
Python-Markdown < 3.8.1 - Unauthenticated Denial of Service via Malformed HTML-like Sequence
Mar 05, 2026
CVSS 7.5
EPSS 0.01
CVE-2025-27555 MEDIUM
Apache Airflow < 2.11.1 - Authenticated Sensitive Information Exposure in Audit Logs
Feb 24, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-65995 MEDIUM
Airflow <3.1.4/2.11.1 - Info Disclosure
Feb 21, 2026
CVSS 6.5
EPSS 0.01
CVE-2025-14009 HIGH
nltk < 3.9.3 - Remote Code Execution via Malicious Zip Package Extraction
Feb 18, 2026
CVSS 8.8
EPSS 0.01
CVE-2025-33253 HIGH
NVIDIA NeMo Framework <=2.6.1 - Malicious File Deserialization Remote Code Execution
Feb 18, 2026
CVSS 7.8
EPSS 0.00