pypi

4,987 tracked vulnerabilities.

CVE-2025-63675 MEDIUM
cryptidy < 1.2.4 - Remote Code Execution via Pickle Deserialization
Oct 31, 2025
CVSS 6.9
EPSS 0.00
CVE-2025-6176 HIGH
Scrapy < 2.13.4 - Denial of Service via Brotli Decompression Bomb
Oct 31, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-12060 HIGH
Keras < 3.12.0 and 3.0.0-3.11.3 - Path Traversal via tarfile.extractall
Oct 30, 2025
EPSS 0.01
CVE-2025-50736 MEDIUM
Byaidu PDFMathTranslate <1.9.9 - Open Redirect
Oct 30, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-62503 MEDIUM
Apache Airflow 3.0.0 through 3.1.1 - Privilege Escalation
Oct 30, 2025
CVSS 4.6
EPSS 0.00
CVE-2025-62402 MEDIUM
Apache Airflow 3.0.0-3.1.0 - Unauthenticated Remote Code Execution via /api/v2/dagReports
Oct 30, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-54941 MEDIUM
Apache Airflow 3.0.0-3.0.5 - OS Command Injection via Example DAG Decorator
Oct 30, 2025
CVSS 4.6
EPSS 0.00
CVE-2025-11201 CRITICAL
MLflow < 3.0.0 - Unauthenticated Remote Code Execution via Model File Path Traversal
Oct 29, 2025
CVSS 9.8
EPSS 0.27
CVE-2025-11200 CRITICAL
MLflow < 2.21.0 and < 2.22.0rc0 - Unauthenticated Authentication Bypass via Weak Password Requirements
Oct 29, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-64104 HIGH
langgraph-checkpoint-sqlite < 2.0.11 - SQL Injection via Improper String Concatenation
Oct 29, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-64100 MEDIUM
CKAN <2.10.9, <2.11.4 - Info Disclosure
Oct 29, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-54384 MEDIUM
CKAN < 2.10.9 and 2.11.0-2.11.4 - Stored Cross-Site Scripting via markdown_extract Helper
Oct 29, 2025
CVSS 6.3
EPSS 0.00
CVE-2025-12058 MEDIUM
Keras < 3.12.0 - Arbitrary Local File Read and Server-Side Request Forgery via StringLookup Layer
Oct 29, 2025
EPSS 0.00
CVE-2025-62801 HIGH
fastmcp < 2.13.0 - OS Command Injection via server_name Field
Oct 28, 2025
CVSS 7.8
EPSS 0.00
CVE-2025-62800 MEDIUM
fastmcp < 2.13.0 - Reflected Cross-Site Scripting in OAuth Client Callback Page
Oct 28, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-62727 HIGH
Starlette 0.39.0-0.49.0 - Unauthenticated Denial of Service via HTTP Range Header
Oct 28, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-40843 MEDIUM
CodeChecker < 6.26.2 - Stack-based Buffer Overflow in ldlogger Library
Oct 28, 2025
CVSS 5.9
EPSS 0.00
CVE-2025-61385 CRITICAL
tlocke pg8000 <1.31.4 - SQL Injection
Oct 27, 2025
CVSS 9.6
EPSS 0.00
CVE-2025-8709 HIGH
langgraph-checkpoint-sqlite 2.0.10 - SQL Injection via Filter Operator Handling
Oct 26, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-62708 HIGH
pypdf < 6.1.3 - Denial of Service via LZWDecode Filter
Oct 22, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-62707 HIGH
pypdf < 6.1.3 - Denial of Service via DCTDecode Inline Image Parsing
Oct 22, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-62706 MEDIUM
Authlib < 1.6.5 - Denial of Service via Unbounded DEFLATE Decompression in JWE zip=DEF
Oct 22, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-62611 HIGH
aiomysql < 0.3.0 - Arbitrary File Read via LOAD_LOCAL Instruction
Oct 22, 2025
EPSS 0.00
CVE-2025-62607 MEDIUM
nautobot-ssot < 3.10.0 - Unauthenticated Information Disclosure via Configuration Page
Oct 22, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-11844 MEDIUM
Hugging Face Smolagents 1.20.0-1.21.9 - XPath Injection in search_item_ctrl_f
Oct 22, 2025
CVSS 5.4
EPSS 0.00