pypi

4,708 tracked vulnerabilities.

CVE-2025-47782 HIGH
motioneye 0.43.1b1-0.43.1b3 - Authenticated OS Command Injection via Camera Device Path
May 14, 2025
EPSS 0.00
CVE-2025-26864 HIGH
Apache IoTDB 0.10.0-1.3.3 and 2.0.1-beta - Sensitive Information Exposure via OpenIdAuthorizer
May 14, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-47278 LOW
Flask 3.1.0 - Incorrect Key Order in Fallback Key Configuration
May 13, 2025
EPSS 0.00
CVE-2025-27696 HIGH
Apache Superset <= 4.1.1 - Authenticated Ownership Takeover via Dashboard Chart or Dataset
May 13, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-1752 HIGH
run-llama/llama_index ~ latest(v0.12.15 - DoS
May 10, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-44021 LOW
OpenStack Ironic < 24.1.3, 24-24.1.3, 25-26.1.1, 27-29.0.1 - Arbitrary File Write via Image Handling
May 08, 2025
CVSS 2.8
EPSS 0.00
CVE-2025-32873 MEDIUM
Django 4.2-4.2.20, 5.1-5.1.8, 5.2-5.2.0 - Denial of Service via Incomplete HTML Tag Processing
May 08, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-30165 HIGH
vLLM 0.5.2-0.10.0 - Remote Code Execution via Pickle Deserialization in ZeroMQ Communication
May 06, 2025
CVSS 8.0
EPSS 0.00
CVE-2025-46730 MEDIUM
Mobile Security Framework <= 4.3.2 - Denial of Service via ZIP Bomb Extraction
May 05, 2025
CVSS 6.8
EPSS 0.00
CVE-2025-46726 CRITICAL
langroid < 0.53.4 - XML External Entity Injection via XMLToolMessage
May 05, 2025
CVSS 9.1
EPSS 0.00
CVE-2025-46335 MEDIUM
Mobile Security Framework < 4.3.3 - Stored Cross-Site Scripting via SVG File Upload
May 05, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-29573 MEDIUM
Mezzanine 6.0.0 - Stored Cross-Site Scripting in Forms Module View Entries Feature
May 05, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-47241 MEDIUM
browser-use < 0.1.45 - Authorization Bypass via Non-Canonical URL Path
May 03, 2025
CVSS 4.0
EPSS 0.00
CVE-2025-46567 MEDIUM
LLaMA-Factory <1.0.0 - Deserialization
May 01, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-46560 MEDIUM
vllm 0.8.0-0.8.5 - Denial of Service via Inefficient Multimodal Tokenizer Input Processing
Apr 30, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-32444 CRITICAL
vllm 0.6.5-0.8.5 - Remote Code Execution via Pickle Deserialization
Apr 30, 2025
CVSS 10.0
EPSS 0.02
CVE-2025-30202 HIGH
vLLM 0.5.2-0.8.5 - Denial of Service and Data Exposure via ZeroMQ Socket
Apr 30, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-1194 MEDIUM
huggingface/transformers < 4.50.0 - Regular Expression Denial of Service in SubWordJapaneseTokenizer
Apr 29, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-4032 MEDIUM
inclusionai aworld - OS Command Injection in shell_tool.py
Apr 28, 2025
CVSS 5.0
EPSS 0.03
CVE-2025-46656 LOW
python-markdownify <0.14.1 - Memory Consumption
Apr 26, 2025
CVSS 2.9
EPSS 0.00
CVE-2025-43859 CRITICAL
Pypi H11 < 0.16.0 - HTTP Request Smuggling
Apr 24, 2025
CVSS 9.1
EPSS 0.00
CVE-2025-46417 HIGH
Picklescan <0.0.25 - Info Disclosure
Apr 24, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-32788 MEDIUM
OctoPrint <= 1.10.3 - Authentication Bypass via Login Redirect Spoofing
Apr 22, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-32377 MEDIUM
Rasa Pro 3.9.0-3.9.19, 3.10.0-3.10.18, 3.11.0-3.11.6, 3.12.0-3.12.5 - Unauthenticated Voice Data Submission
Apr 18, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-28197 CRITICAL
Crawl4AI <=0.4.247 - Server-Side Request Forgery in async_dispatcher.py
Apr 18, 2025
CVSS 9.1
EPSS 0.00
Products
tensorflow 427 tensorflow-gpu 421 tensorflow-cpu 417 Django 147 apache-airflow 111 Plone 96 open-webui 86 mlflow 70 apache-superset 67 salt 67 ansible 66 pillow 52 nova 48 gradio 46 rdiffweb 43 matrix-synapse 42 pyload-ng 41 vyper 39 vllm 38 keystone 36 moin 35 aiohttp 33 opencv-contrib-python 30 opencv-python 30 PraisonAI 27 pgadmin4 26 pypdf 24 glance 22 langflow 22 ethyca-fides 21
Quick Filters
Critical CVEs With Exploits In CISA KEV