pypi

4,987 tracked vulnerabilities.

CVE-2025-66448 HIGH
vllm < 0.11.1 - Remote Code Execution via Nemotron_Nano_VL_Config Auto-Map Instantiation
Dec 01, 2025
CVSS 7.1
EPSS 0.01
CVE-2025-66424 MEDIUM
Tryton trytond <7.6.11 - Info Disclosure
Nov 30, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-66423 HIGH
Tryton trytond <6.0-7.6.11 - Info Disclosure
Nov 30, 2025
CVSS 7.1
EPSS 0.00
CVE-2025-66422 MEDIUM
Tryton trytond <7.6.11 - Info Disclosure
Nov 30, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-66221 MEDIUM
Werkzeug < 3.1.4 - Denial of Service via Windows Device Name Path Handling
Nov 29, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-66034 MEDIUM
fonttools 4.33.0-4.60.1 - Remote Code Execution via Malicious .designspace File Processing
Nov 29, 2025
CVSS 6.3
EPSS 0.00
CVE-2025-12638 HIGH
Keras < 3.12.0 - Path Traversal and Arbitrary File Write via tarfile.extractall()
Nov 28, 2025
CVSS 8.0
EPSS 0.01
CVE-2025-66371 MEDIUM
Peppol-py < 1.1.1 - XML External Entity Injection via Saxon Configuration
Nov 28, 2025
CVSS 5.0
EPSS 0.00
CVE-2025-13742 MEDIUM
pretix < 2025.7.2 - Email Content Spoofing via Attendee Name Placeholder
Nov 27, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-66040 LOW
Spotipy < 2.25.2 - Cross-Site Scripting via OAuth Error Parameter
Nov 27, 2025
CVSS 3.6
EPSS 0.00
CVE-2025-62593 CRITICAL
Ray < 2.52.0 - Remote Code Execution via DNS Rebinding and User-Agent Spoofing
Nov 26, 2025
EPSS 0.00
CVE-2025-65681 LOW
Overhang.IO <20.0.2 - Info Disclosure
Nov 26, 2025
CVSS 3.3
EPSS 0.00
CVE-2025-66019 MEDIUM
pypdf < 6.4.0 - Uncontrolled Resource Consumption via LZWDecode Filter
Nov 26, 2025
EPSS 0.00
CVE-2025-62703 HIGH
Fugue < 0.9.1 - Remote Code Execution via Pickle Deserialization
Nov 25, 2025
CVSS 8.8
EPSS 0.01
CVE-2025-13609 HIGH
Keylime < 7.13.0 - Agent Identity Overwrite via Duplicate UUID Registration
Nov 24, 2025
CVSS 8.2
EPSS 0.00
CVE-2025-65106 HIGH
langchain-core 1.0.0-1.0.6 - Template Injection via Untrusted Template Strings
Nov 21, 2025
EPSS 0.00
CVE-2025-62609 HIGH
MLX < 0.29.4 - Denial of Service via Malicious GGUF File Loading
Nov 21, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-62608 CRITICAL
MLX < 0.29.4 - Heap-based Buffer Overflow in NumPy File Parser
Nov 21, 2025
CVSS 9.1
EPSS 0.00
CVE-2025-62426 MEDIUM
vLLM 0.5.5-0.11.1 - Denial of Service via Unvalidated chat_template_kwargs Parameter
Nov 21, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-62372 MEDIUM
vLLM 0.5.5-0.11.1 - Denial of Service via Multimodal Embedding Input Shape Mismatch
Nov 21, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-62164 HIGH
vLLM 0.10.2-0.11.1 - Remote Code Execution via Malicious Prompt Embedding Tensors
Nov 21, 2025
CVSS 8.8
EPSS 0.01
CVE-2025-65015 HIGH
joserfc 1.3.3-1.3.4 and 1.4.0-1.4.1 - Denial of Service via Large JWT Payload
Nov 18, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-60455 HIGH
Modular Max Serve <25.6 - Code Injection
Nov 18, 2025
CVSS 8.4
EPSS 0.00
CVE-2025-65073 HIGH
OpenStack Keystone < 26.0.1, 27.0.0, 28.0.0 - Incorrect Authorization via AWS Signature
Nov 17, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-12765 HIGH
pgAdmin <= 9.9 - Improper Certificate Validation in LDAP Authentication
Nov 13, 2025
CVSS 7.5
EPSS 0.00