pypi
4,708 tracked vulnerabilities.
CVE-2025-48887
MEDIUM
vLLM 0.6.4-0.8.2 - Regular Expression Denial of Service in Pythonic Tool Parser
May 30, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-48912
MEDIUM
Apache Superset <4.1.2 - Privilege Escalation
May 30, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-48889
MEDIUM
Gradio < 5.31.0 - Unauthenticated Arbitrary File Copy via Flagging Feature
May 30, 2025
CVSS 5.3
EPSS 0.01
CVE-2025-46722
MEDIUM
vllm 0.7.0-0.8.9 - Hash Collision via Incomplete Image Metadata Serialization
May 29, 2025
CVSS 4.2
EPSS 0.00
CVE-2025-46570
LOW
vllm < 0.9.0 - Observable Timing Discrepancy in PageAttention Prefill
May 29, 2025
CVSS 2.6
EPSS 0.00
CVE-2025-5321
MEDIUM
Aim run_view RestrictedPythonQuery - Remote Privilege Escalation
May 29, 2025
CVSS 6.3
EPSS 0.00
CVE-2025-5320
LOW
gradio-app gradio <= 5.29.1 - Insufficient Verification of Data Authenticity in CORS Handler
May 29, 2025
CVSS 3.7
EPSS 0.00
CVE-2025-1753
HIGH
LLama-Index CLI <0.12.20 - Command Injection
May 28, 2025
CVSS 7.8
EPSS 0.00
CVE-2025-5279
HIGH
Amazon Redshift Python Connector 2.0.872-2.1.7 - Improper Certificate Validation
May 27, 2025
EPSS 0.00
CVE-2025-48383
HIGH
Django-Select2 <8.4.1 - Info Disclosure
May 27, 2025
CVSS 8.2
EPSS 0.00
CVE-2025-5175
MEDIUM
erdogant pypickle < 2.0.0 - Improper Authorization in Save Function
May 26, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-5174
MEDIUM
erdogant pypickle < 2.0.0 - Deserialization of Untrusted Data via load Function
May 26, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-5173
MEDIUM
HumanSignal label-studio-ml-backend - Deserialization of Untrusted Data in PT File Handler
May 26, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-5150
MEDIUM
docarray < 0.40.1 - Prototype Pollution via __getitem__ Function
May 25, 2025
CVSS 6.3
EPSS 0.00
CVE-2025-5148
MEDIUM
FunAudioLLM InspireMusic - Remote Code Execution via Pickle Deserialization in load_state_dict
May 25, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-47277
CRITICAL
vLLM 0.6.5-0.8.4 - Remote Code Execution via PyNcclPipe KV Cache Transfer Deserialization
May 20, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-46725
CRITICAL
langroid < 0.53.15 - Remote Code Execution via LanceDocChatAgent QueryPlan.dataframe_calc
May 20, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-46724
CRITICAL
langroid < 0.53.15 - Code Injection via TableChatAgent pandas eval()
May 20, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-2099
HIGH
huggingface/transformers < 4.48.3 - Regular Expression Denial of Service in preprocess_string()
May 19, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-47273
HIGH
setuptools < 78.1.1 - Path Traversal and Arbitrary File Write via PackageIndex
May 17, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-32962
MEDIUM
Flask-AppBuilder < 4.6.2 - Unauthenticated Open Redirect via Host Header Manipulation
May 16, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-47287
HIGH
Tornado < 6.5.0 - Denial of Service via Multipart Form Data Parser
May 15, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-47774
LOW
Vyper <= 0.4.2rc1 - Side Effect Elision via Zero-Length Slice Operation
May 15, 2025
EPSS 0.00
CVE-2025-47285
LOW
Vyper <= 0.4.2rc1 - Insufficient Control Flow Management in concat() Function
May 15, 2025
EPSS 0.00
CVE-2025-47783
MEDIUM
Label Studio < 1.18.0 - Stored Cross-Site Scripting via Projects Upload Example Endpoint
May 14, 2025
CVSS 6.1
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 111
Plone 96
open-webui 86
mlflow 70
apache-superset 67
salt 67
ansible 66
pillow 52
nova 48
gradio 46
rdiffweb 43
matrix-synapse 42
pyload-ng 41
vyper 39
vllm 38
keystone 36
moin 35
aiohttp 33
opencv-contrib-python 30
opencv-python 30
PraisonAI 27
pgadmin4 26
pypdf 24
glance 22
langflow 22
ethyca-fides 21
Quick Filters