pypi

4,979 tracked vulnerabilities.

CVE-2026-45192 MEDIUM
Apache Airflow: Incomplete Redaction of Sensitive Fields in Connection Extra API Response
Jun 01, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-10222 MEDIUM
NousResearch hermes-agent config.py _sanitize_env_lines injection
Jun 01, 2026
CVSS 5.6
EPSS 0.00
CVE-2026-10212 MEDIUM
AstrBotDevs AstrBot astr_main_agent.py astr_main_agent authorization
Jun 01, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-10177 MEDIUM
Aider-AI Aider AWS EC2 Metadata Endpoint api_docs.py requests.get server-side request forgery
May 31, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-10175 MEDIUM
Aider-AI Aider Architect Mode auth.py editor_coder.run code injection
May 31, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-10108 HIGH
xiaomusic 0.5.7 Path Traversal via GET /music endpoint
May 29, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-10105 HIGH
agno 2.6.5 SQL Injection via ClickHouse delete_by_metadata()
May 29, 2026
CVSS 8.3
EPSS 0.00
CVE-2026-49299 MEDIUM
Openstack Neutron - Incorrect Authorization
May 28, 2026
EPSS 0.00
CVE-2026-46526 MEDIUM
Local Deep Research: SSRF bypass in `safe_get`
May 28, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-44394 MEDIUM
Openstack Keystone - Incorrect Authorization
May 28, 2026
CVSS 6.0
EPSS 0.00
CVE-2026-43979 MEDIUM
Local Deep Research: HTML Injection via Unescaped User Input in PDF Export (`pdf_service.py:_markdown_to_html`)
May 28, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-43000 MEDIUM
Openstack Keystone - Incorrect Authorization
May 28, 2026
CVSS 6.0
EPSS 0.00
CVE-2026-42999 MEDIUM
Openstack Keystone - Incorrect Authorization
May 28, 2026
CVSS 6.0
EPSS 0.00
CVE-2026-42998 MEDIUM
Openstack Keystone - Incorrect Authorization
May 28, 2026
CVSS 6.0
EPSS 0.00
CVE-2026-46561 MEDIUM
pyLoad: SSRF via HTTP Redirect Bypass in parse_urls API
May 28, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-45348 HIGH
pyLoad: Stored XSS in Downloads view via unsanitized link URL in packages.js template literal
May 28, 2026
CVSS 8.7
EPSS 0.00
CVE-2026-45306 MEDIUM
pyLoad: Incomplete Fix for CVE-2026-33509 -storage_folder Bypass via Session Directory
May 28, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-44798 HIGH
Nautobot: GitRepository.current_head field should not be writable through REST API
May 28, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-44797 HIGH
Nautobot: Webhook definitions could be used for server-side request forgery (SSRF)
May 28, 2026
CVSS 8.5
EPSS 0.00
CVE-2026-44796 MEDIUM
Nautobot: Object bulk rename UI actions vulnerable to denial of service by crafted regular expression (REDoS)
May 28, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-44794 MEDIUM
Nautobot: REST API permits creation of GenericForeignKey references to objects that the user should not be able to reference
May 28, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-45078 MEDIUM
Synapse CPU starvation (Denial of Service)
May 28, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-45076 LOW
Synapse pagination denial of service
May 28, 2026
CVSS 2.7
EPSS 0.00
CVE-2026-48735 MEDIUM
pypdf: Manipulated XMP metadata streams can exhaust RAM
May 28, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-48526 HIGH
PyJWT: Public-key JWK accepted as HMAC secret enables forged HS256 tokens when mixed families are allowed
May 28, 2026
CVSS 7.4
EPSS 0.00