pypi

4,987 tracked vulnerabilities.

CVE-2025-12764 HIGH
pgAdmin <= 9.9 - LDAP Injection via Username Parameter
Nov 13, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-12763 MEDIUM
pgAdmin 4 < 9.10 - OS Command Injection via Backup and Restore File Path
Nov 13, 2025
CVSS 6.8
EPSS 0.01
CVE-2025-12762 CRITICAL
pgAdmin 4 < 9.10 - Remote Code Execution via PLAIN-format Dump File Restore
Nov 13, 2025
CVSS 9.1
EPSS 0.12
CVE-2025-64512 HIGH
pdfminer.six < 20251107 - Remote Code Execution via Malicious Pickle File Deserialization
Nov 10, 2025
CVSS 8.6
EPSS 0.00
CVE-2025-64509 HIGH
Bugsink < 2.0.6 - Denial of Service via Brotli Decompression
Nov 10, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-64508 HIGH
Bugsink < 2.0.5 - Denial of Service via Brotli Decompression Bomb
Nov 10, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-64183 HIGH
OpenEXR 3.2.0-3.2.4 3.3.0-3.3.5 3.4.0-3.4.2 - Use-After-Free in PyObject_StealAttrString
Nov 10, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-64182 HIGH
OpenEXR 3.2.0-3.2.4 3.3.0-3.3.5 3.4.0-3.4.2 - Heap Overflow via Legacy Python InputFile Wrapper
Nov 10, 2025
CVSS 7.8
EPSS 0.00
CVE-2025-64181 HIGH
OpenEXR 3.3.0-3.3.5 3.4.0-3.4.2 - Use of Uninitialized Variable in generic_unpack
Nov 10, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-62780 LOW NUCLEI
changedetection.io < 0.50.34 - Stored Cross-Site Scripting via Watch Update API
Nov 10, 2025
CVSS 3.5
EPSS 0.00
CVE-2025-12967 HIGH
AWS Wrappers for Amazon Aurora PostgreSQL - Privilege Escalation
Nov 10, 2025
CVSS 8.0
EPSS 0.00
CVE-2025-64496 HIGH
Open WebUI < 0.6.35 - Remote Code Execution via Direct Connections SSE Event Injection
Nov 08, 2025
CVSS 7.3
EPSS 0.08
CVE-2025-64495 HIGH
Open WebUI < 0.6.35 - Stored Cross-Site Scripting via Rich Text Prompt Insertion
Nov 08, 2025
CVSS 8.7
EPSS 0.00
CVE-2025-64481 LOW
Datasette < 0.65.2 and 1.0a0-1.0a19 - Open Redirect via Double Slash Path
Nov 07, 2025
EPSS 0.00
CVE-2025-64439 HIGH
langgraph-checkpoint < 3.0.0 - Remote Code Execution via JsonPlusSerializer Deserialization
Nov 07, 2025
EPSS 0.01
CVE-2025-57697 MEDIUM
AstrBot 3.5.22 - Arbitrary File Read via _encode_image_bs64 Function
Nov 07, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-57698 HIGH
AstrBot 3.5.22 - Path Traversal via Plugin Install-Upload Filename Handling
Nov 07, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-64187 MEDIUM
OctoPrint < 1.11.4 - Stored Cross-Site Scripting via Action Command Notifications
Nov 07, 2025
CVSS 4.4
EPSS 0.00
CVE-2025-64184 HIGH
Dosage < 3.2 - Path Traversal via HTTP Content-Type Header
Nov 07, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-64326 LOW
Weblate < 5.14.1 - IP Address Exposure in Audit Log
Nov 06, 2025
CVSS 2.6
EPSS 0.00
CVE-2025-64459 CRITICAL
Django 4.2-4.2.25 5.1-5.1.13 5.2a1-5.2.7 - SQL Injection via QuerySet Dictionary Expansion
Nov 05, 2025
CVSS 9.1
EPSS 0.19
CVE-2025-64458 HIGH
Django 4.2-4.2.25, 5.1-5.1.13, 5.2-5.2.7 - Denial of Service via NFKC Unicode Normalization
Nov 05, 2025
CVSS 7.5
EPSS 0.02
CVE-2025-58337 MEDIUM
Doris MCP Server <0.6.0 - Auth Bypass
Nov 05, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-12695 MEDIUM
DSPy - Arbitrary File Read via PythonInterpreter Sandbox Escape
Nov 04, 2025
CVSS 5.9
EPSS 0.00
CVE-2025-64168 HIGH
Agno 2.0.0-2.2.1 - Unprotected User Data Exposure via Session State Race Condition
Oct 31, 2025
CVSS 7.1
EPSS 0.00