pypi
4,708 tracked vulnerabilities.
CVE-2025-22241
MEDIUM
Salt 3006.x < 3006.12 and 3007.x < 3007.4 - Path Traversal in VirtKey Class
Jun 13, 2025
CVSS 5.6
EPSS 0.00
CVE-2025-22240
MEDIUM
Salt 3006.x < 3006.12 and 3007.x < 3007.4 - Arbitrary File Deletion via GitFS find_file Method
Jun 13, 2025
CVSS 6.3
EPSS 0.00
CVE-2025-22239
HIGH
Salt 3006.0rc1-3006.11 and 3007.0-3007.3 - Arbitrary Event Injection via _minion_event Method
Jun 13, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-22238
MEDIUM
Salt 3006.0rc1-3006.11 and 3007.0-3007.3 - Path Traversal and Arbitrary File Write in Minion File Cache
Jun 13, 2025
CVSS 4.2
EPSS 0.00
CVE-2025-22237
MEDIUM
SaltStack <version> - Command Injection
Jun 13, 2025
CVSS 6.7
EPSS 0.00
CVE-2025-22236
HIGH
Salt 3007.0-3007.3 and 3006.0-3006.11 - Minion Event Bus Authorization Bypass
Jun 13, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-43866
HIGH
vantage6 < 4.11.0 - Use of Insufficiently Random Values for JWT Secret Key
Jun 12, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-43863
CRITICAL
vantage6 < 4.11.0 - Authenticated Password Brute-Force via Change Password Functionality
Jun 12, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-49143
MEDIUM
Nautobot < 1.6.32 - Unauthenticated Exposure of Sensitive Information via MEDIA_ROOT URL Endpoint
Jun 10, 2025
CVSS 5.9
EPSS 0.00
CVE-2025-49142
HIGH
Nautobot <2.4.10-1.6.32 - Code Injection
Jun 10, 2025
CVSS 7.1
EPSS 0.00
CVE-2025-48879
MEDIUM
OctoPrint <= 1.11.1 - Unauthenticated Denial of Service via Malformed Multipart Form Data
Jun 10, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-48067
MEDIUM
OctoPrint <1.11.1 - Info Disclosure
Jun 10, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-49653
HIGH
BackendAI - Exposure of Sensitive Information in Active Sessions
Jun 09, 2025
CVSS 8.0
EPSS 0.00
CVE-2025-49652
CRITICAL
BackendAI < 25.15.6 - Unauthenticated User Registration Bypass
Jun 09, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-49651
HIGH
BackendAI - Unauthenticated Session Takeover via Missing Authorization
Jun 09, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-49619
HIGH
Skyvern SSTI Remote Code Execution
Jun 07, 2025
CVSS 8.5
EPSS 0.74
CVE-2025-1793
CRITICAL
run-llama/llama_index <v0.12.21 - SQL Injection
Jun 05, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-48432
MEDIUM
Django <5.2.3-4.2.23 - Info Disclosure
Jun 05, 2025
CVSS 4.0
EPSS 0.00
CVE-2025-30167
HIGH
Jupyter Core <5.8.0 - Info Disclosure
Jun 03, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-48995
MEDIUM
SignXML < 4.0.4 - Observable Timing Discrepancy in HMAC Verification
Jun 02, 2025
EPSS 0.00
CVE-2025-48994
MEDIUM
SignXML <4.0.4 - Algorithm Confusion
Jun 02, 2025
EPSS 0.00
CVE-2025-48957
HIGH
AstrBot 3.4.4-3.5.12 - Path Traversal and Information Disclosure via Dashboard Feature
Jun 02, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-48944
MEDIUM
vLLM 0.8.0-0.9.0 - Denial of Service via Malformed Tools Input
May 30, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-48943
MEDIUM
vLLM 0.8.0-0.8.9 - Denial of Service via Invalid Regex in Structured Output
May 30, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-48942
MEDIUM
vllm 0.8.0-0.9.0 - Denial of Service via Invalid JSON Schema in /v1/completions API
May 30, 2025
CVSS 6.5
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 111
Plone 96
open-webui 86
mlflow 70
apache-superset 67
salt 67
ansible 66
pillow 52
nova 48
gradio 46
rdiffweb 43
matrix-synapse 42
pyload-ng 41
vyper 39
vllm 38
keystone 36
moin 35
aiohttp 33
opencv-contrib-python 30
opencv-python 30
PraisonAI 27
pgadmin4 26
pypdf 24
glance 22
langflow 22
ethyca-fides 21
Quick Filters