pypi
4,987 tracked vulnerabilities.
CVE-2025-12764
HIGH
pgAdmin <= 9.9 - LDAP Injection via Username Parameter
Nov 13, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-12763
MEDIUM
pgAdmin 4 < 9.10 - OS Command Injection via Backup and Restore File Path
Nov 13, 2025
CVSS 6.8
EPSS 0.01
CVE-2025-12762
CRITICAL
pgAdmin 4 < 9.10 - Remote Code Execution via PLAIN-format Dump File Restore
Nov 13, 2025
CVSS 9.1
EPSS 0.12
CVE-2025-64512
HIGH
pdfminer.six < 20251107 - Remote Code Execution via Malicious Pickle File Deserialization
Nov 10, 2025
CVSS 8.6
EPSS 0.00
CVE-2025-64509
HIGH
Bugsink < 2.0.6 - Denial of Service via Brotli Decompression
Nov 10, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-64508
HIGH
Bugsink < 2.0.5 - Denial of Service via Brotli Decompression Bomb
Nov 10, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-64183
HIGH
OpenEXR 3.2.0-3.2.4 3.3.0-3.3.5 3.4.0-3.4.2 - Use-After-Free in PyObject_StealAttrString
Nov 10, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-64182
HIGH
OpenEXR 3.2.0-3.2.4 3.3.0-3.3.5 3.4.0-3.4.2 - Heap Overflow via Legacy Python InputFile Wrapper
Nov 10, 2025
CVSS 7.8
EPSS 0.00
CVE-2025-64181
HIGH
OpenEXR 3.3.0-3.3.5 3.4.0-3.4.2 - Use of Uninitialized Variable in generic_unpack
Nov 10, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-62780
LOW
NUCLEI
changedetection.io < 0.50.34 - Stored Cross-Site Scripting via Watch Update API
Nov 10, 2025
CVSS 3.5
EPSS 0.00
CVE-2025-12967
HIGH
AWS Wrappers for Amazon Aurora PostgreSQL - Privilege Escalation
Nov 10, 2025
CVSS 8.0
EPSS 0.00
CVE-2025-64496
HIGH
Open WebUI < 0.6.35 - Remote Code Execution via Direct Connections SSE Event Injection
Nov 08, 2025
CVSS 7.3
EPSS 0.08
CVE-2025-64495
HIGH
Open WebUI < 0.6.35 - Stored Cross-Site Scripting via Rich Text Prompt Insertion
Nov 08, 2025
CVSS 8.7
EPSS 0.00
CVE-2025-64481
LOW
Datasette < 0.65.2 and 1.0a0-1.0a19 - Open Redirect via Double Slash Path
Nov 07, 2025
EPSS 0.00
CVE-2025-64439
HIGH
langgraph-checkpoint < 3.0.0 - Remote Code Execution via JsonPlusSerializer Deserialization
Nov 07, 2025
EPSS 0.01
CVE-2025-57697
MEDIUM
AstrBot 3.5.22 - Arbitrary File Read via _encode_image_bs64 Function
Nov 07, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-57698
HIGH
AstrBot 3.5.22 - Path Traversal via Plugin Install-Upload Filename Handling
Nov 07, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-64187
MEDIUM
OctoPrint < 1.11.4 - Stored Cross-Site Scripting via Action Command Notifications
Nov 07, 2025
CVSS 4.4
EPSS 0.00
CVE-2025-64184
HIGH
Dosage < 3.2 - Path Traversal via HTTP Content-Type Header
Nov 07, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-64326
LOW
Weblate < 5.14.1 - IP Address Exposure in Audit Log
Nov 06, 2025
CVSS 2.6
EPSS 0.00
CVE-2025-64459
CRITICAL
Django 4.2-4.2.25 5.1-5.1.13 5.2a1-5.2.7 - SQL Injection via QuerySet Dictionary Expansion
Nov 05, 2025
CVSS 9.1
EPSS 0.19
CVE-2025-64458
HIGH
Django 4.2-4.2.25, 5.1-5.1.13, 5.2-5.2.7 - Denial of Service via NFKC Unicode Normalization
Nov 05, 2025
CVSS 7.5
EPSS 0.02
CVE-2025-58337
MEDIUM
Doris MCP Server <0.6.0 - Auth Bypass
Nov 05, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-12695
MEDIUM
DSPy - Arbitrary File Read via PythonInterpreter Sandbox Escape
Nov 04, 2025
CVSS 5.9
EPSS 0.00
CVE-2025-64168
HIGH
Agno 2.0.0-2.2.1 - Unprotected User Data Exposure via Session State Race Condition
Oct 31, 2025
CVSS 7.1
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 91
mlflow 77
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters