pypi

4,708 tracked vulnerabilities.

CVE-2025-32434 CRITICAL
PyTorch < 2.6.0 - Remote Code Execution via torch.load with weights_only=True
Apr 18, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-3730 LOW
PyTorch < 2.8.0 - Denial of Service in torch.nn.functional.ctc_loss
Apr 16, 2025
CVSS 3.3
EPSS 0.00
CVE-2025-32021 LOW
Weblate < 5.11 - Sensitive Information Exposure via Repository URL Query Parameter
Apr 15, 2025
CVSS 2.2
EPSS 0.00
CVE-2025-32428 CRITICAL
jupyter-remote-desktop-proxy 3.0.0 - Exposure of VNC Server to Wrong Sphere via TigerVNC
Apr 15, 2025
EPSS 0.00
CVE-2025-32381 MEDIUM
mlc-ai xgrammar < 0.1.18 - Denial of Service via Unbounded Grammar Cache
Apr 09, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-32375 CRITICAL
BentoML < 1.4.8 - Remote Code Execution via Insecure Deserialization
Apr 09, 2025
CVSS 9.8
EPSS 0.65
CVE-2025-3248 CRITICAL KEVNUCLEI
Langflow AI - Unauthenticated Remote Code Execution
Apr 07, 2025
CVSS 9.8
EPSS 0.93
CVE-2025-30473 HIGH
Apache Airflow Common SQL Provider - SQL Injection
Apr 07, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-32013 HIGH
lnbits < 0.12.12 - Server-Side Request Forgery via LNURL Callback URL
Apr 06, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-27520 CRITICAL
BentoML >=1.3.4 <1.4.3 - Unauthenticated Remote Code Execution via Insecure Deserialization
Apr 04, 2025
CVSS 9.8
EPSS 0.76
CVE-2025-30370 HIGH
jupyterlab-git < 0.51.1 - OS Command Injection via Git Repository Path
Apr 03, 2025
CVSS 7.4
EPSS 0.00
CVE-2025-3163 MEDIUM
InternLM LMDeploy <= 0.7.1 - Code Injection in Open Function
Apr 03, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-3162 MEDIUM
InternLM LMDeploy < 0.7.1 - Deserialization in PT File Handler
Apr 03, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-2946 CRITICAL
pgAdmin <= 9.1 - Cross-Site Scripting via Query Result Rendering
Apr 03, 2025
CVSS 9.1
EPSS 0.00
CVE-2025-2945 CRITICAL
pgAdmin Query Tool authenticated RCE (CVE-2025-2945)
Apr 03, 2025
CVSS 9.9
EPSS 0.82
CVE-2025-27556 MEDIUM
Django 5.0-5.0.13 and 5.1-5.1.7 - Denial of Service via NFKC Normalization on Windows
Apr 02, 2025
CVSS 5.8
EPSS 0.00
CVE-2025-31116 MEDIUM
Mobile Security Framework < 4.3.2 - Server-Side Request Forgery via DNS Rebinding
Mar 31, 2025
CVSS 4.4
EPSS 0.00
CVE-2025-3048 MEDIUM
AWS SAM CLI <1.134.0 - Info Disclosure
Mar 31, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-3047 MEDIUM
SAM CLI <v1.133.0 - Privilege Escalation
Mar 31, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-2953 LOW
PyTorch 2.6.0+cu124 - Denial of Service in torch.mkldnn_max_pool2d
Mar 30, 2025
CVSS 3.3
EPSS 0.00
CVE-2025-30358 HIGH
Mesop < 0.14.1 - Class Pollution leading to Denial of Service and Identity Confusion
Mar 27, 2025
CVSS 8.1
EPSS 0.02
CVE-2025-30355 HIGH
Synapse < 1.127.1 - Denial of Service via Malicious Federation Events
Mar 27, 2025
CVSS 7.1
EPSS 0.13
CVE-2025-30217 HIGH
Frappe <14.93.2, 15.55.0 - SQL Injection
Mar 26, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-30214 HIGH
Frappe <14.89.0-15.51.0 - Info Disclosure
Mar 25, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-30213 HIGH
Frappe < 14.91.0 - Remote Code Execution via Document Creation
Mar 25, 2025
CVSS 8.8
EPSS 0.01
Products
tensorflow 427 tensorflow-gpu 421 tensorflow-cpu 417 Django 147 apache-airflow 111 Plone 96 open-webui 86 mlflow 70 apache-superset 67 salt 67 ansible 66 pillow 52 nova 48 gradio 46 rdiffweb 43 matrix-synapse 42 pyload-ng 41 vyper 39 vllm 38 keystone 36 moin 35 aiohttp 33 opencv-contrib-python 30 opencv-python 30 PraisonAI 27 pgadmin4 26 pypdf 24 glance 22 langflow 22 ethyca-fides 21
Quick Filters
Critical CVEs With Exploits In CISA KEV