pypi
4,708 tracked vulnerabilities.
CVE-2025-55178
MEDIUM
Llama Stack < 0.2.20 - Remote Code Execution via Unverified Parameters in resolve_ast_by_type
Sep 24, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-8869
MEDIUM
pip < 25.3 - Directory Traversal via Symbolic Link Handling in Tar Extraction
Sep 24, 2025
EPSS 0.00
CVE-2025-6921
HIGH
huggingface/transformers < 4.53.0 - Regular Expression Denial of Service in AdamWeightDecay Optimizer
Sep 23, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-59420
HIGH
Authlib < 1.6.4 - Insufficient Verification of Data Authenticity via Critical Header Parameter Bypass
Sep 22, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-6544
CRITICAL
h2oai/h2o-3 <= 3.46.0.8 - Remote Code Execution via JDBC Connection Parameter Deserialization
Sep 21, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-9906
HIGH
Keras 3.0.0-3.10.9 - Remote Code Execution via Model.load_model Deserialization
Sep 19, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-9905
HIGH
Keras 3.0.0 to 3.11.3 HDF5 Model Load - Python Code Execution
Sep 19, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-6237
CRITICAL
invokeai < 6.7.0 - Path Traversal and Arbitrary File Deletion via Image Download Endpoint
Sep 18, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-10157
HIGH
mmaitre314 picklescan <=0.0.30 - Auth Bypass
Sep 17, 2025
CVSS 7.8
EPSS 0.00
CVE-2025-10156
CRITICAL
mmaitre314 picklescan < 0.0.31 - Security Scan Bypass via Malformed ZIP CRC
Sep 17, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-10155
HIGH
picklescan <= 0.0.30 - Remote Code Execution via PyTorch File Extension Bypass
Sep 17, 2025
CVSS 7.8
EPSS 0.00
CVE-2025-59377
LOW
feisky mcp-kubernetes-server <= 0.1.11 - OS Command Injection via /mcp/kubectl Endpoint
Sep 15, 2025
CVSS 3.7
EPSS 0.00
CVE-2025-59376
LOW
feisky mcp-kubernetes-server < 0.1.11 - Command Injection via Chained Command Bypass
Sep 15, 2025
CVSS 3.7
EPSS 0.00
CVE-2025-6051
MEDIUM
Hugging Face Transformers <4.52.4 - DoS
Sep 14, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-6638
HIGH
Hugging Face Transformers < 4.53.0 - Regular Expression Denial of Service in MarianTokenizer
Sep 12, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-58065
MEDIUM
Flask-AppBuilder < 4.8.1 - Improper Authentication via Password Reset Endpoint
Sep 11, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-10193
HIGH
Neo4j Cypher MCP server 0.2.2-0.3.0 - DNS Rebinding Attack via Same-Origin Policy Bypass
Sep 11, 2025
EPSS 0.00
CVE-2025-59035
MEDIUM
Indico < 3.3.8 - Cross-Site Scripting in LaTeX Math Renderer
Sep 10, 2025
CVSS 4.6
EPSS 0.00
CVE-2025-59034
MEDIUM
Indico < 3.3.8 - Unauthenticated User Profile Information Disclosure via Legacy API
Sep 10, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-59042
HIGH
PyInstaller < 6.0.0 - Unauthenticated Arbitrary Code Execution via Malicious Directory Creation
Sep 09, 2025
EPSS 0.00
CVE-2025-59036
MEDIUM
Infrahub <1.3.9-1.4.5 - Auth Bypass
Sep 09, 2025
CVSS 5.5
EPSS 0.00
CVE-2025-58753
HIGH
Copyparty <1.19.8 - Info Disclosure
Sep 09, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-58180
HIGH
OctoPrint <= 1.11.2 - Authenticated OS Command Injection via Crafted Filename in Event Handler
Sep 09, 2025
CVSS 8.8
EPSS 0.02
CVE-2025-10164
HIGH
sglang - Remote Code Execution via Pickle Deserialization
Sep 09, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-58757
HIGH
MONAI < 1.5.0 - Remote Code Execution via Pickle Deserialization
Sep 09, 2025
CVSS 8.8
EPSS 0.01
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 111
Plone 96
open-webui 86
mlflow 70
apache-superset 67
salt 67
ansible 66
pillow 52
nova 48
gradio 46
rdiffweb 43
matrix-synapse 42
pyload-ng 41
vyper 39
vllm 38
keystone 36
moin 35
aiohttp 33
opencv-contrib-python 30
opencv-python 30
PraisonAI 27
pgadmin4 26
pypdf 24
glance 22
langflow 22
ethyca-fides 21
Quick Filters