pypi
4,979 tracked vulnerabilities.
CVE-2026-45192
MEDIUM
Apache Airflow: Incomplete Redaction of Sensitive Fields in Connection Extra API Response
Jun 01, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-10222
MEDIUM
NousResearch hermes-agent config.py _sanitize_env_lines injection
Jun 01, 2026
CVSS 5.6
EPSS 0.00
CVE-2026-10212
MEDIUM
AstrBotDevs AstrBot astr_main_agent.py astr_main_agent authorization
Jun 01, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-10177
MEDIUM
Aider-AI Aider AWS EC2 Metadata Endpoint api_docs.py requests.get server-side request forgery
May 31, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-10175
MEDIUM
Aider-AI Aider Architect Mode auth.py editor_coder.run code injection
May 31, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-10108
HIGH
xiaomusic 0.5.7 Path Traversal via GET /music endpoint
May 29, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-10105
HIGH
agno 2.6.5 SQL Injection via ClickHouse delete_by_metadata()
May 29, 2026
CVSS 8.3
EPSS 0.00
CVE-2026-49299
MEDIUM
Openstack Neutron - Incorrect Authorization
May 28, 2026
EPSS 0.00
CVE-2026-46526
MEDIUM
Local Deep Research: SSRF bypass in `safe_get`
May 28, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-44394
MEDIUM
Openstack Keystone - Incorrect Authorization
May 28, 2026
CVSS 6.0
EPSS 0.00
CVE-2026-43979
MEDIUM
Local Deep Research: HTML Injection via Unescaped User Input in PDF Export (`pdf_service.py:_markdown_to_html`)
May 28, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-43000
MEDIUM
Openstack Keystone - Incorrect Authorization
May 28, 2026
CVSS 6.0
EPSS 0.00
CVE-2026-42999
MEDIUM
Openstack Keystone - Incorrect Authorization
May 28, 2026
CVSS 6.0
EPSS 0.00
CVE-2026-42998
MEDIUM
Openstack Keystone - Incorrect Authorization
May 28, 2026
CVSS 6.0
EPSS 0.00
CVE-2026-46561
MEDIUM
pyLoad: SSRF via HTTP Redirect Bypass in parse_urls API
May 28, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-45348
HIGH
pyLoad: Stored XSS in Downloads view via unsanitized link URL in packages.js template literal
May 28, 2026
CVSS 8.7
EPSS 0.00
CVE-2026-45306
MEDIUM
pyLoad: Incomplete Fix for CVE-2026-33509 -storage_folder Bypass via Session Directory
May 28, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-44798
HIGH
Nautobot: GitRepository.current_head field should not be writable through REST API
May 28, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-44797
HIGH
Nautobot: Webhook definitions could be used for server-side request forgery (SSRF)
May 28, 2026
CVSS 8.5
EPSS 0.00
CVE-2026-44796
MEDIUM
Nautobot: Object bulk rename UI actions vulnerable to denial of service by crafted regular expression (REDoS)
May 28, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-44794
MEDIUM
Nautobot: REST API permits creation of GenericForeignKey references to objects that the user should not be able to reference
May 28, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-45078
MEDIUM
Synapse CPU starvation (Denial of Service)
May 28, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-45076
LOW
Synapse pagination denial of service
May 28, 2026
CVSS 2.7
EPSS 0.00
CVE-2026-48735
MEDIUM
pypdf: Manipulated XMP metadata streams can exhaust RAM
May 28, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-48526
HIGH
PyJWT: Public-key JWK accepted as HMAC secret enables forged HS256 tokens when mixed families are allowed
May 28, 2026
CVSS 7.4
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 91
mlflow 76
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 47
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters