pypi
4,987 tracked vulnerabilities.
CVE-2025-14692
MEDIUM
Mayan EDMS < 4.10.2 - Open Redirect via Authentication Endpoint
Dec 15, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-14691
MEDIUM
Mayan EDMS < 4.10.2 - Cross-Site Scripting in Authentication Endpoint
Dec 14, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-14542
HIGH
utcp < 1.1.0 - Trust Boundary Violation via Remote Manual Endpoint
Dec 13, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-13780
CRITICAL
pgAdmin < 9.10 - Remote Code Execution via PLAIN-Format Dump File Restore
Dec 11, 2025
CVSS 9.1
EPSS 0.01
CVE-2025-67720
MEDIUM
Pyrofork < 2.3.69 - Path Traversal via Telegram Media Filename
Dec 11, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-67644
HIGH
langgraph-checkpoint-sqlite < 3.0.1 - SQL Injection via Metadata Filter Key Interpolation
Dec 11, 2025
CVSS 7.3
EPSS 0.02
CVE-2025-67511
CRITICAL
CAI Framework <= 0.5.9 - Command Injection via run_ssh_command_with_credentials
Dec 11, 2025
CVSS 9.6
EPSS 0.02
CVE-2025-67485
MEDIUM
mad-proxy <= 0.3 - Protection Mechanism Failure
Dec 10, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-67502
MEDIUM
Taguette < 1.5.2 - Open Redirect via Unvalidated Next Parameter
Dec 10, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-66645
HIGH
NiceGUI < 3.4.0 - Path Traversal via App.add_media_files()
Dec 09, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-66470
MEDIUM
NiceGUI < 3.4.0 - Stored Cross-Site Scripting via Interactive Image SVG ForeignObject Tag
Dec 09, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-66469
MEDIUM
NiceGUI < 3.4.0 - Reflected Cross-Site Scripting via CSS/SCSS/SASS Injection
Dec 09, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-34291
HIGH
KEVNUCLEI
Langflow <= 1.6.9 - Account Takeover and Remote Code Execution via CORS Misconfiguration
Dec 05, 2025
CVSS 8.8
EPSS 0.79
CVE-2025-66471
HIGH
urllib3 1.0-2.5.9 - Denial of Service via Highly Compressed Data Handling
Dec 05, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-66418
HIGH
urllib3 1.24-2.5.x - Denial of Service via Unbounded Decompression Chain
Dec 05, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-65958
HIGH
Open WebUI < 0.6.37 - Authenticated Server-Side Request Forgery
Dec 04, 2025
CVSS 8.5
EPSS 0.04
CVE-2025-63681
MEDIUM
open-webui <0.6.33 - Privilege Escalation
Dec 04, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-56427
HIGH
Composio 0.7.20 - Directory Traversal via _download_file_or_dir Function
Dec 04, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-14010
MEDIUM
community.general - Sensitive Credential Exposure via Verbose Debug Output
Dec 04, 2025
CVSS 5.5
EPSS 0.00
CVE-2025-66454
MEDIUM
arcade-mcp < 1.5.4 - Unauthenticated Authentication Bypass via Hardcoded Worker Secret
Dec 02, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-66416
HIGH
MCP Python SDK < 1.23.0 - DNS Rebinding Local Server Tool Invocation
Dec 02, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-65896
CRITICAL
long2ice asyncmy < 0.2.10 - SQL Injection via Crafted Dict Keys
Dec 02, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-64460
HIGH
Django 4.2-4.2.26 5.1-5.1.14 5.2a1-5.2.8 - Denial of Service via XML Deserializer
Dec 02, 2025
CVSS 7.5
EPSS 0.02
CVE-2025-13372
MEDIUM
Django 4.2-4.2.26 5.1-5.1.14 5.2a1-5.2.8 - SQL Injection via FilteredRelation Column Aliases
Dec 02, 2025
CVSS 4.3
EPSS 0.01
CVE-2025-65858
LOW
Calibre-Web 0.6.25 - Stored Cross-Site Scripting via Username Field
Dec 02, 2025
CVSS 3.5
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 91
mlflow 77
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters