pypi
4,987 tracked vulnerabilities.
CVE-2025-62528
MEDIUM
Taguette < 1.5.0 - Stored Cross-Site Scripting via Project Name or Description
Oct 20, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-62527
HIGH
Taguette < 1.5.0 - Email Address Hijacking via Password Reset Link
Oct 20, 2025
CVSS 7.1
EPSS 0.00
CVE-2025-62515
CRITICAL
pyquokka <= 0.3.1 - Remote Code Execution via Unsafe Pickle Deserialization in FlightServer
Oct 17, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-49655
CRITICAL
Keras 3.11.0-3.11.2 - Remote Code Execution via TorchModuleWrapper Deserialization
Oct 17, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-11849
CRITICAL
mammoth < 1.11.0 - Directory Traversal via DOCX Image External Link
Oct 17, 2025
CVSS 9.3
EPSS 0.01
CVE-2025-62379
LOW
Reflex 0.5.4-0.8.14 - Open Redirect via /auth-codespace Endpoint
Oct 15, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-55039
MEDIUM
Apache Spark <4.0.0-3.5.2-3.4.4 - Info Disclosure
Oct 15, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-62172
HIGH
Pypi Homeassistant < 2025.10.2 - Basic XSS
Oct 14, 2025
EPSS 0.01
CVE-2025-7707
HIGH
Llama_index 0.12.33 - Info Disclosure
Oct 13, 2025
CVSS 7.8
EPSS 0.00
CVE-2025-61912
MEDIUM
python-ldap < 3.4.5 - Denial of Service via Incorrect Null Byte Escaping in ldap.dn.escape_dn_chars()
Oct 10, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-61911
MEDIUM
python-ldap <3.4.5 - Code Injection
Oct 10, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-61920
HIGH
Authlib < 1.6.5 - Uncontrolled Resource Consumption via Oversized JWS/JWT Segments
Oct 10, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-61783
MEDIUM
Python Social Auth <5.6.0 - Info Disclosure
Oct 09, 2025
EPSS 0.01
CVE-2025-61773
HIGH
pyload-ng < 0.5.0b3.dev91 - Cross-Site Scripting via Captcha Script Endpoint and Click'N'Load Blueprint
Oct 09, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-10284
CRITICAL
BBOT < 2.7.0 - Remote Code Execution via Malicious Archive Extraction
Oct 09, 2025
CVSS 9.6
EPSS 0.01
CVE-2025-10283
CRITICAL
BBOT < 2.7.0 - Remote Code Execution via Git Repository Command Injection
Oct 09, 2025
CVSS 9.6
EPSS 0.00
CVE-2025-10282
MEDIUM
BBOT - Exposure of Sensitive Information via GitLab Module
Oct 09, 2025
CVSS 4.7
EPSS 0.00
CVE-2025-10281
MEDIUM
BBOT < 2.7.0 - Unauthenticated GitHub API Key Exposure via Malicious Git URL
Oct 09, 2025
CVSS 4.7
EPSS 0.00
CVE-2025-61672
MEDIUM
Synapse < 1.138.3 and 1.139.0 - Federation Degradation via Device Key Validation Bypass
Oct 08, 2025
EPSS 0.00
CVE-2025-6242
HIGH
vLLM MediaConnector - Multimodal URL Server-Side Request Forgery
Oct 07, 2025
CVSS 7.1
EPSS 0.00
CVE-2025-61784
HIGH
llama-factory < 0.9.4 - SSRF and LFI via _process_request
Oct 07, 2025
CVSS 7.6
EPSS 0.00
CVE-2025-61670
LOW
Wasmtime 37.0.0-37.0.1 - Memory Leak in C/C++ API via anyref and externref Handling
Oct 07, 2025
CVSS 3.3
EPSS 0.00
CVE-2025-59425
HIGH
vllm < 0.11.0 - Timing Attack via API Key Validation
Oct 07, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-6985
HIGH
langchain-text-splitters < 0.3.9 - XML External Entity Injection via HTMLSectionSplitter XSLT Parsing
Oct 06, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-61765
MEDIUM
python-socketio < 5.14.0 - Remote Code Execution via Pickle Deserialization
Oct 06, 2025
CVSS 6.4
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 91
mlflow 77
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters