pypi
4,987 tracked vulnerabilities.
CVE-2025-63675
MEDIUM
cryptidy < 1.2.4 - Remote Code Execution via Pickle Deserialization
Oct 31, 2025
CVSS 6.9
EPSS 0.00
CVE-2025-6176
HIGH
Scrapy < 2.13.4 - Denial of Service via Brotli Decompression Bomb
Oct 31, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-12060
HIGH
Keras < 3.12.0 and 3.0.0-3.11.3 - Path Traversal via tarfile.extractall
Oct 30, 2025
EPSS 0.01
CVE-2025-50736
MEDIUM
Byaidu PDFMathTranslate <1.9.9 - Open Redirect
Oct 30, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-62503
MEDIUM
Apache Airflow 3.0.0 through 3.1.1 - Privilege Escalation
Oct 30, 2025
CVSS 4.6
EPSS 0.00
CVE-2025-62402
MEDIUM
Apache Airflow 3.0.0-3.1.0 - Unauthenticated Remote Code Execution via /api/v2/dagReports
Oct 30, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-54941
MEDIUM
Apache Airflow 3.0.0-3.0.5 - OS Command Injection via Example DAG Decorator
Oct 30, 2025
CVSS 4.6
EPSS 0.00
CVE-2025-11201
CRITICAL
MLflow < 3.0.0 - Unauthenticated Remote Code Execution via Model File Path Traversal
Oct 29, 2025
CVSS 9.8
EPSS 0.27
CVE-2025-11200
CRITICAL
MLflow < 2.21.0 and < 2.22.0rc0 - Unauthenticated Authentication Bypass via Weak Password Requirements
Oct 29, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-64104
HIGH
langgraph-checkpoint-sqlite < 2.0.11 - SQL Injection via Improper String Concatenation
Oct 29, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-64100
MEDIUM
CKAN <2.10.9, <2.11.4 - Info Disclosure
Oct 29, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-54384
MEDIUM
CKAN < 2.10.9 and 2.11.0-2.11.4 - Stored Cross-Site Scripting via markdown_extract Helper
Oct 29, 2025
CVSS 6.3
EPSS 0.00
CVE-2025-12058
MEDIUM
Keras < 3.12.0 - Arbitrary Local File Read and Server-Side Request Forgery via StringLookup Layer
Oct 29, 2025
EPSS 0.00
CVE-2025-62801
HIGH
fastmcp < 2.13.0 - OS Command Injection via server_name Field
Oct 28, 2025
CVSS 7.8
EPSS 0.00
CVE-2025-62800
MEDIUM
fastmcp < 2.13.0 - Reflected Cross-Site Scripting in OAuth Client Callback Page
Oct 28, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-62727
HIGH
Starlette 0.39.0-0.49.0 - Unauthenticated Denial of Service via HTTP Range Header
Oct 28, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-40843
MEDIUM
CodeChecker < 6.26.2 - Stack-based Buffer Overflow in ldlogger Library
Oct 28, 2025
CVSS 5.9
EPSS 0.00
CVE-2025-61385
CRITICAL
tlocke pg8000 <1.31.4 - SQL Injection
Oct 27, 2025
CVSS 9.6
EPSS 0.00
CVE-2025-8709
HIGH
langgraph-checkpoint-sqlite 2.0.10 - SQL Injection via Filter Operator Handling
Oct 26, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-62708
HIGH
pypdf < 6.1.3 - Denial of Service via LZWDecode Filter
Oct 22, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-62707
HIGH
pypdf < 6.1.3 - Denial of Service via DCTDecode Inline Image Parsing
Oct 22, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-62706
MEDIUM
Authlib < 1.6.5 - Denial of Service via Unbounded DEFLATE Decompression in JWE zip=DEF
Oct 22, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-62611
HIGH
aiomysql < 0.3.0 - Arbitrary File Read via LOAD_LOCAL Instruction
Oct 22, 2025
EPSS 0.00
CVE-2025-62607
MEDIUM
nautobot-ssot < 3.10.0 - Unauthenticated Information Disclosure via Configuration Page
Oct 22, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-11844
MEDIUM
Hugging Face Smolagents 1.20.0-1.21.9 - XPath Injection in search_item_ctrl_f
Oct 22, 2025
CVSS 5.4
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 91
mlflow 77
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters