pypi

4,986 tracked vulnerabilities.

CVE-2025-15504 LOW
LIEF < 0.17.2 - Null Pointer Dereference in ELF Binary Parser
Jan 10, 2026
CVSS 3.3
EPSS 0.00
CVE-2025-68158 MEDIUM
Authlib 1.0.0-1.6.5 - Cross-Site Request Forgery via Cache-Backed State Storage
Jan 08, 2026
CVSS 5.7
EPSS 0.00
CVE-2025-15346 CRITICAL
wolfssl-py <= 5.8.2 - Improper Authentication via Missing WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT Flag
Jan 08, 2026
EPSS 0.00
CVE-2025-61492 CRITICAL
Terminal-Controller-MCP 0.1.7 - Command Injection
Jan 07, 2026
CVSS 10.0
EPSS 0.02
CVE-2025-69230 MEDIUM
aiohttp < 3.13.3 - Logging of Excessive Data via Cookie Header
Jan 06, 2026
CVSS 5.3
EPSS 0.00
CVE-2025-69229 MEDIUM
aiohttp < 3.13.3 - Denial of Service via Chunked Message Handling
Jan 06, 2026
CVSS 5.3
EPSS 0.00
CVE-2025-69228 HIGH
aiohttp < 3.13.3 - Denial of Service via Request.post() Memory Exhaustion
Jan 06, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-69227 HIGH
aiohttp < 3.13.3 - Denial of Service via POST Body Processing
Jan 06, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-69225 MEDIUM
aiohttp < 3.13.3 - HTTP Request Smuggling via Range Header
Jan 06, 2026
CVSS 5.3
EPSS 0.00
CVE-2025-69226 MEDIUM
aiohttp < 3.13.3 - Path Traversal in Static File Path Normalization
Jan 05, 2026
CVSS 5.3
EPSS 0.00
CVE-2025-69224 MEDIUM
aiohttp < 3.13.3 - HTTP Request Smuggling via Non-ASCII Character Bypass
Jan 05, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-69223 HIGH
aiohttp < 3.13.3 - Denial of Service via Zip Bomb Decompression
Jan 05, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-67303 HIGH NUCLEI
ComfyUI-Manager <3.38 - Info Disclosure
Jan 05, 2026
CVSS 7.5
EPSS 0.01
CVE-2025-11157 HIGH
feast < 0.54.0 - Remote Code Execution via YAML Deserialization in Kubernetes Materializer
Jan 01, 2026
CVSS 7.8
EPSS 0.00
CVE-2025-34469 HIGH
Cowrie < 2.9.0 - Unauthenticated Server-Side Request Forgery via wget and curl Emulation
Dec 31, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-69277 MEDIUM
libsodium <ad3004e - Memory Corruption
Dec 31, 2025
CVSS 4.5
EPSS 0.00
CVE-2025-68131 HIGH
cbor2 3.0.0-5.7.9 - Information Exposure via Shared Reference Tag
Dec 31, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-67729 HIGH
LMDeploy < 0.11.1 - Remote Code Execution via Insecure PyTorch Model Deserialization
Dec 26, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-68664 CRITICAL
LangChain <0.3.81 and 1.2.5 - Code Injection
Dec 23, 2025
CVSS 9.3
EPSS 0.14
CVE-2025-14931 CRITICAL
Hugging Face smolagents - Deserialization
Dec 23, 2025
CVSS 10.0
EPSS 0.01
CVE-2025-65713 MEDIUM
Home Assistant Core <2025.8.0 - Path Traversal
Dec 23, 2025
CVSS 4.0
EPSS 0.00
CVE-2025-67743 MEDIUM
local-deep-research 1.3.0-1.3.8 - Server-Side Request Forgery via Download Service
Dec 23, 2025
CVSS 6.3
EPSS 0.00
CVE-2025-68480 MEDIUM
marshmallow 3.0.0rc1-3.26.1 and 4.0.0-4.1.1 - Denial of Service via Schema.load
Dec 22, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-68481 MEDIUM
fastapi-users < 15.0.2 - Login Cross-Site Request Forgery via OAuth State Token
Dec 19, 2025
CVSS 5.9
EPSS 0.00
CVE-2025-68478 HIGH
langflow < 1.7.0 - Arbitrary File Write via Unrestricted fs_path Parameter
Dec 19, 2025
CVSS 7.1
EPSS 0.04