pypi
4,708 tracked vulnerabilities.
CVE-2025-5197
MEDIUM
Hugging Face Transformers < 4.53.0 - Regular Expression Denial of Service in convert_tf_weight_name_to_pt_weight_name
Aug 06, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-54802
CRITICAL
pyload-ng < 0.5.0b3.dev90 - Unauthenticated Path Traversal and Arbitrary File Write via CNL Blueprint Package Parameter
Aug 05, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-54796
HIGH
copyparty < 1.18.9 - Denial of Service via Filter Parameter Regular Expression
Aug 02, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-53012
HIGH
MaterialX 1.39.2 - Denial of Service via Nested Import Chain Depth Exhaustion
Aug 01, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-53011
HIGH
MaterialX 1.39.2 - Denial of Service via Malicious MTLX File Parsing
Aug 01, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-53010
HIGH
MaterialX 1.39.2 - Denial of Service via Null Pointer Dereference in MTLX Shader Node Parsing
Aug 01, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-53009
HIGH
MaterialX <= 1.39.2 - Stack-based Buffer Overflow in MTLX File Parsing
Aug 01, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-48074
MEDIUM
OpenEXR 3.3.2 - Allocation of Resources Without Limits via Unvalidated DataWindow Size
Aug 01, 2025
CVSS 5.5
EPSS 0.00
CVE-2025-50460
CRITICAL
ms-swift 3.3.0 - Remote Code Execution via Unsafe YAML Deserialization
Aug 01, 2025
CVSS 9.8
EPSS 0.04
CVE-2025-48073
MEDIUM
OpenEXR 3.3.2 - Denial of Service via NULL Pointer Dereference in Deep Scanline Image Processing
Jul 31, 2025
CVSS 6.2
EPSS 0.00
CVE-2025-48072
CRITICAL
OpenEXR 3.3.2 - Heap-Based Buffer Overflow via DWAA-Packed Scan-Line EXR File Decompression
Jul 31, 2025
CVSS 9.1
EPSS 0.00
CVE-2025-48071
HIGH
OpenEXR 3.3.0-3.3.2 - Heap-based Buffer Overflow via ZIPS-packed Deep Scan-line EXR Chunk Header
Jul 31, 2025
CVSS 7.8
EPSS 0.00
CVE-2025-54589
MEDIUM
NUCLEI
copyparty < 1.18.7 - Reflected Cross-Site Scripting via Recent Uploads Filter Parameter
Jul 31, 2025
CVSS 6.3
EPSS 0.01
CVE-2025-54433
HIGH
Bugsink < 1.4.3, 1.5.0-1.5.4, 1.6.0-1.6.3, 1.7.0-1.7.3 - Path Traversal and Arbitrary File Write via Untrusted Event ID
Jul 30, 2025
EPSS 0.01
CVE-2025-54381
CRITICAL
BentoML 1.4.0-1.4.19 - Unauthenticated Server-Side Request Forgery via URL-Based File Upload
Jul 29, 2025
CVSS 9.9
EPSS 0.01
CVE-2025-54423
MEDIUM
copyparty <= 1.18.4 - Unauthenticated Stored Cross-Site Scripting via Multimedia Tag Handling
Jul 28, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-5120
CRITICAL
huggingface/smolagents < 1.17.0 - Remote Code Execution via local_python_executor.py Sandbox Escape
Jul 27, 2025
CVSS 10.0
EPSS 0.02
CVE-2025-54413
HIGH
skops < 0.12.0 - Remote Code Execution via MethodNode Inconsistency
Jul 26, 2025
EPSS 0.00
CVE-2025-54412
HIGH
skops < 0.12.0 - Arbitrary Code Execution via OperatorFuncNode Inconsistency
Jul 26, 2025
EPSS 0.00
CVE-2025-7404
CRITICAL
Calibre Web 0.6.24 and Autocaliweb 0.7.0 - Blind OS Command Injection
Jul 24, 2025
CVSS 9.8
EPSS 0.02
CVE-2025-6998
HIGH
Pypi Calibreweb - Denial of Service
Jul 24, 2025
EPSS 0.00
CVE-2025-54365
HIGH
fastapi-guard 3.0.1 - Regular Expression Denial of Service via Script Tag Attribute Bypass
Jul 23, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-50481
MEDIUM
Mezzanine CMS 6.1.0 - Stored Cross-Site Scripting via Blog Post Injection
Jul 23, 2025
CVSS 4.8
EPSS 0.00
CVE-2025-54140
HIGH
pyload-ng 0.5.0b3.dev89 - Authenticated Path Traversal and Arbitrary File Write via /json/upload Endpoint
Jul 22, 2025
CVSS 7.5
EPSS 0.02
CVE-2025-51464
HIGH
aimstack aim 3.28.0 - Stored Cross-Site Scripting via /api/reports Endpoint
Jul 22, 2025
CVSS 8.8
EPSS 0.02
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 111
Plone 96
open-webui 86
mlflow 70
apache-superset 67
salt 67
ansible 66
pillow 52
nova 48
gradio 46
rdiffweb 43
matrix-synapse 42
pyload-ng 41
vyper 39
vllm 38
keystone 36
moin 35
aiohttp 33
opencv-contrib-python 30
opencv-python 30
PraisonAI 27
pgadmin4 26
pypdf 24
glance 22
langflow 22
ethyca-fides 21
Quick Filters