pypi
4,707 tracked vulnerabilities.
CVE-2026-42175
MEDIUM
requests-hardened: Server-Side Request Forgery (SSRF) in requests-hardened RFC 6598
May 12, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-42048
CRITICAL
Langflow: Path Traversal in Langflow Knowledge Bases API
May 12, 2026
CVSS 9.6
EPSS 0.00
CVE-2026-41895
HIGH
changedetection.io: XXE vulnerability in the changedetection.io project
May 12, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-31225
HIGH
superduper <=0.10.0 Query Parser - Remote Code Execution
May 12, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-31224
HIGH
snorkel < 0.10.0 - Remote Code Execution via Insecure Pickle Deserialization in MultitaskClassifier.load()
May 12, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-31223
HIGH
snorkel < 0.10.0 - Remote Code Execution via Insecure Pickle Deserialization in BaseLabeler.load()
May 12, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-31222
HIGH
snorkel thru v0.10.0 - Deserialization
May 12, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-31221
HIGH
PyTorch-Lightning <=2.6.0 - Deserialization
May 12, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-31220
CRITICAL
PySyft <=0.9.5 Syft Server - Remote Code Execution
May 12, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-43901
MEDIUM
Wireshark MCP: Arbitrary file write via export_objects when WIRESHARK_MCP_ALLOWED_DIRS is not configured
May 11, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-8319
MEDIUM
aiwaves-cn agents cheshire_cat_core stray_cat.py recall_relevant_memories_to_working_memory resource consumption
May 11, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-42874
LOW
Microdot: HTTP response splitting in Response.set_cookie()
May 11, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-2614
HIGH
Arbitrary File Read via Prompt Tag Source Validation Bypass in mlflow/mlflow
May 11, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-42864
CRITICAL
FireFighter: Unauthenticated SSRF in Raid jira_bot endpoint allows IAM credential theft
May 11, 2026
CVSS 9.9
EPSS 0.00
CVE-2026-44226
MEDIUM
pyLoad: Unauthenticated traceback disclosure via global exception handler in WebUI
May 11, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-42860
HIGH
Open edx Enterprise Service: SSRF via SAML metadata URL in sync_provider_data endpoint
May 11, 2026
CVSS 8.5
EPSS 0.00
CVE-2026-42315
HIGH
pyLoad: Path Traversal via Package Folder Name in set_package_data
May 11, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-42314
MEDIUM
pyLoad: Path Traversal via Package Folder Name
May 11, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-42313
HIGH
pyload-ng: non-admin SETTINGS users can redirect all outbound traffic through an attacker-controlled proxy
May 11, 2026
CVSS 8.3
EPSS 0.00
CVE-2026-42312
MEDIUM
pyload-ng: non-admin SETTINGS users can disable outbound TLS peer verification
May 11, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-2393
HIGH
Server-Side Request Forgery (SSRF) in mlflow/mlflow
May 11, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-31253
HIGH
flash-attention thru e724e2588c - Deserialization
May 11, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-31248
HIGH
Docling < 2.61.0 - XML Entity Expansion Denial of Service via METS GBS Backend
May 11, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-7820
MEDIUM
pgAdmin 4: Account-lockout bypass via Flask-Security default /login view
May 11, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-7819
HIGH
pgAdmin 4: Symbolic-link path traversal in File Manager allows arbitrary file write
May 11, 2026
CVSS 8.1
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 111
Plone 96
open-webui 86
mlflow 70
apache-superset 67
salt 67
ansible 66
pillow 52
nova 48
gradio 46
rdiffweb 43
matrix-synapse 42
pyload-ng 41
vyper 39
vllm 38
keystone 36
moin 35
aiohttp 33
opencv-contrib-python 30
opencv-python 30
PraisonAI 27
pgadmin4 26
pypdf 24
glance 22
langflow 22
ethyca-fides 21
Quick Filters