pypi

4,987 tracked vulnerabilities.

CVE-2025-68478 HIGH
langflow < 1.7.0 - Arbitrary File Write via Unrestricted fs_path Parameter
Dec 19, 2025
CVSS 7.1
EPSS 0.04
CVE-2025-68477 HIGH
Langflow < 1.7.0 - Server-Side Request Forgery via API Request Component
Dec 19, 2025
CVSS 7.7
EPSS 0.06
CVE-2025-14882 LOW
pretix 2025.10.0 - Authorization Bypass via File UUID
Dec 19, 2025
EPSS 0.00
CVE-2025-14881 LOW
pretix 1.0.0-2025.10.0 - Authorization Bypass via File UUID Access
Dec 19, 2025
EPSS 0.00
CVE-2025-14546 MEDIUM
fastapi-sso < 0.19.0 - Cross-Site Request Forgery via OAuth State Parameter
Dec 19, 2025
CVSS 6.3
EPSS 0.00
CVE-2025-68398 CRITICAL
Weblate < 5.15.1 - Path Traversal via Git Configuration Overwrite
Dec 18, 2025
CVSS 9.1
EPSS 0.00
CVE-2025-68279 HIGH
Weblate < 5.15.1 - Path Traversal via Crafted Symbolic Links
Dec 18, 2025
CVSS 7.7
EPSS 0.00
CVE-2025-68463 MEDIUM
Biopython < 1.86 - XML External Entity Injection in Bio.Entrez
Dec 18, 2025
CVSS 4.9
EPSS 0.00
CVE-2025-68145 CRITICAL
mcp-server-git < 2025.12.17 - Path Traversal via Repository Path Validation Bypass
Dec 17, 2025
CVSS 9.1
EPSS 0.06
CVE-2025-68144 HIGH
mcp-server-git <2025.12.17 - Code Injection
Dec 17, 2025
CVSS 7.1
EPSS 0.07
CVE-2025-68143 HIGH
Model Context Protocol Servers < 2025.9.25 - Path Traversal via git_init Tool
Dec 17, 2025
CVSS 8.8
EPSS 0.08
CVE-2025-53000 HIGH
jupyter/nbconvert <= 7.16.6 - Unauthenticated Remote Code Execution via SVG to PDF Conversion
Dec 17, 2025
CVSS 7.8
EPSS 0.00
CVE-2025-67895 CRITICAL
Apache Airflow Providers Edge3 < 2.0.0 - Remote Code Execution via Edge3 Worker RPC
Dec 17, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-68146 MEDIUM
filelock < 3.20.1 - Time-of-Check-Time-of-Use Race Condition via Symlink Attack
Dec 16, 2025
CVSS 6.3
EPSS 0.00
CVE-2025-68142 MEDIUM
PyMdown Extensions < 10.16.1 - Denial of Service via Figure Caption Extension ReDOS
Dec 16, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-68113 MEDIUM
ALTCHA Libraries - Cryptographic Semantic Binding Flaw via HMAC Signature Reinterpretation
Dec 16, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-67748 HIGH
fickling < 0.1.6 - Unsafe Pickle Misclassification via pty Module Import Bypass
Dec 16, 2025
CVSS 7.8
EPSS 0.00
CVE-2025-67747 HIGH
fickling < 0.1.6 - Arbitrary Code Execution via Marshal and Types Module Bypass
Dec 16, 2025
CVSS 7.8
EPSS 0.00
CVE-2025-67715 MEDIUM
Weblate < 5.15 - Unauthenticated User Information Disclosure via API
Dec 16, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-67492 MEDIUM
Weblate < 5.15 - Unauthenticated Repository Update Trigger via Webhook Payload
Dec 16, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-66407 MEDIUM
Weblate < 5.15 - Server-Side Request Forgery via Mercurial Repository URL
Dec 16, 2025
CVSS 5.0
EPSS 0.00
CVE-2025-64725 CRITICAL
Weblate < 5.15 - Incorrect User Management via Invitation Acceptance
Dec 15, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-65431 MEDIUM
allauth < 65.13.0 - Improper Authentication via Mutable preferred_username Identifier
Dec 15, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-65430 MEDIUM
allauth < 65.13.0 - Insufficient Session Expiration
Dec 15, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-66388 MEDIUM
Apache Airflow <3.1.4 - Info Disclosure
Dec 15, 2025
CVSS 6.5
EPSS 0.00