pypi

4,987 tracked vulnerabilities.

CVE-2025-62528 MEDIUM
Taguette < 1.5.0 - Stored Cross-Site Scripting via Project Name or Description
Oct 20, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-62527 HIGH
Taguette < 1.5.0 - Email Address Hijacking via Password Reset Link
Oct 20, 2025
CVSS 7.1
EPSS 0.00
CVE-2025-62515 CRITICAL
pyquokka <= 0.3.1 - Remote Code Execution via Unsafe Pickle Deserialization in FlightServer
Oct 17, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-49655 CRITICAL
Keras 3.11.0-3.11.2 - Remote Code Execution via TorchModuleWrapper Deserialization
Oct 17, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-11849 CRITICAL
mammoth < 1.11.0 - Directory Traversal via DOCX Image External Link
Oct 17, 2025
CVSS 9.3
EPSS 0.01
CVE-2025-62379 LOW
Reflex 0.5.4-0.8.14 - Open Redirect via /auth-codespace Endpoint
Oct 15, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-55039 MEDIUM
Apache Spark <4.0.0-3.5.2-3.4.4 - Info Disclosure
Oct 15, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-62172 HIGH
Pypi Homeassistant < 2025.10.2 - Basic XSS
Oct 14, 2025
EPSS 0.01
CVE-2025-7707 HIGH
Llama_index 0.12.33 - Info Disclosure
Oct 13, 2025
CVSS 7.8
EPSS 0.00
CVE-2025-61912 MEDIUM
python-ldap < 3.4.5 - Denial of Service via Incorrect Null Byte Escaping in ldap.dn.escape_dn_chars()
Oct 10, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-61911 MEDIUM
python-ldap <3.4.5 - Code Injection
Oct 10, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-61920 HIGH
Authlib < 1.6.5 - Uncontrolled Resource Consumption via Oversized JWS/JWT Segments
Oct 10, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-61783 MEDIUM
Python Social Auth <5.6.0 - Info Disclosure
Oct 09, 2025
EPSS 0.01
CVE-2025-61773 HIGH
pyload-ng < 0.5.0b3.dev91 - Cross-Site Scripting via Captcha Script Endpoint and Click'N'Load Blueprint
Oct 09, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-10284 CRITICAL
BBOT < 2.7.0 - Remote Code Execution via Malicious Archive Extraction
Oct 09, 2025
CVSS 9.6
EPSS 0.01
CVE-2025-10283 CRITICAL
BBOT < 2.7.0 - Remote Code Execution via Git Repository Command Injection
Oct 09, 2025
CVSS 9.6
EPSS 0.00
CVE-2025-10282 MEDIUM
BBOT - Exposure of Sensitive Information via GitLab Module
Oct 09, 2025
CVSS 4.7
EPSS 0.00
CVE-2025-10281 MEDIUM
BBOT < 2.7.0 - Unauthenticated GitHub API Key Exposure via Malicious Git URL
Oct 09, 2025
CVSS 4.7
EPSS 0.00
CVE-2025-61672 MEDIUM
Synapse < 1.138.3 and 1.139.0 - Federation Degradation via Device Key Validation Bypass
Oct 08, 2025
EPSS 0.00
CVE-2025-6242 HIGH
vLLM MediaConnector - Multimodal URL Server-Side Request Forgery
Oct 07, 2025
CVSS 7.1
EPSS 0.00
CVE-2025-61784 HIGH
llama-factory < 0.9.4 - SSRF and LFI via _process_request
Oct 07, 2025
CVSS 7.6
EPSS 0.00
CVE-2025-61670 LOW
Wasmtime 37.0.0-37.0.1 - Memory Leak in C/C++ API via anyref and externref Handling
Oct 07, 2025
CVSS 3.3
EPSS 0.00
CVE-2025-59425 HIGH
vllm < 0.11.0 - Timing Attack via API Key Validation
Oct 07, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-6985 HIGH
langchain-text-splitters < 0.3.9 - XML External Entity Injection via HTMLSectionSplitter XSLT Parsing
Oct 06, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-61765 MEDIUM
python-socketio < 5.14.0 - Remote Code Execution via Pickle Deserialization
Oct 06, 2025
CVSS 6.4
EPSS 0.00