pypi

4,708 tracked vulnerabilities.

CVE-2025-30212 HIGH
Frappe Framework <14.89.0, <15.51.0 - SQL Injection
Mar 25, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-1474 MEDIUM
mlflow/mlflow <2.19.0 - Info Disclosure
Mar 20, 2025
CVSS 5.5
EPSS 0.00
CVE-2025-1473 HIGH
MLflow 2.17.0-2.20.1 - Cross-Site Request Forgery in Signup Feature
Mar 20, 2025
CVSS 7.1
EPSS 0.00
CVE-2025-0628 HIGH
BerriAI/litellm - Privilege Escalation
Mar 20, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-0508 MEDIUM
SageMaker Workflow - Info Disclosure
Mar 20, 2025
CVSS 5.9
EPSS 0.00
CVE-2025-0453 HIGH
mlflow 2.17.2 - Denial of Service via GraphQL Endpoint Resource Exhaustion
Mar 20, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-0330 HIGH
berriai/litellm <1.52.1 - Info Disclosure
Mar 20, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-0190 HIGH
aim 3.25.0 - Denial of Service via Excessive Text Object Queries
Mar 20, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-0189 HIGH
aimstack aim 3.25.0 - Denial of Service via Large WebSocket Image Upload
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-29783 CRITICAL
vllm 0.6.5-0.7.9 - Remote Code Execution via Unsafe Mooncake Deserialization
Mar 19, 2025
CVSS 9.0
EPSS 0.03
CVE-2025-29770 MEDIUM
vllm < 0.8.0 - Denial of Service via Outlines Grammar Cache Exhaustion
Mar 19, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-27018 MEDIUM
Apache Airflow MySQL Provider <6.2.0 - SQL Injection
Mar 19, 2025
CVSS 6.3
EPSS 0.00
CVE-2025-1057 MEDIUM
Keylime 7.12.0 - Denial of Service via Agent Registration Type Mismatch
Mar 15, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-29780 MEDIUM
Post-Quantum Secure Feldman's Verifiable Secret Sharing <0.8.0b2 - ...
Mar 14, 2025
EPSS 0.00
CVE-2025-29779 MEDIUM
Post-Quantum Secure Feldman's Verifiable Secret Sharing <0.8.0b2 - ...
Mar 14, 2025
EPSS 0.00
CVE-2025-2000 CRITICAL
Qiskit 0.18.0-1.4.1 - Remote Code Execution via QPY Deserialization
Mar 14, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-24986 MEDIUM
Azure PromptFlow Core < 1.17.2 and PromptFlow Tools < 1.6.0 - Unauthenticated Remote Code Execution
Mar 11, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-1550 CRITICAL NUCLEI
Keras 3.0.0-3.8.0 and 3.9.0 - Remote Code Execution via Malicious .keras Archive
Mar 11, 2025
CVSS 9.8
EPSS 0.08
CVE-2025-1497 CRITICAL
PlotAI < 0.0.7 - Remote Code Execution via Unvalidated LLM Output
Mar 10, 2025
CVSS 9.8
EPSS 0.06
CVE-2025-1945 CRITICAL
picklescan < 0.0.23 - Insufficient Verification of Data Authenticity via ZIP File Header Bit Manipulation
Mar 10, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-1944 MEDIUM
PickleScan <0.0.23 - Code Injection
Mar 10, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-26699 MEDIUM
Django 4.2-5.1 - Denial of Service via django.utils.text.wrap()
Mar 06, 2025
CVSS 5.0
EPSS 0.00
CVE-2025-1979 MEDIUM
Ray < 2.43.0 - Sensitive Information Disclosure via Redis Password Logging
Mar 06, 2025
CVSS 6.4
EPSS 0.00
CVE-2025-27516 HIGH
Jinja < 3.1.6 - Remote Code Execution via |attr Filter Sandbox Bypass
Mar 05, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-25362 CRITICAL
spacy-llm < 0.7.3 - Server-Side Template Injection via Template Field
Mar 05, 2025
CVSS 9.8
EPSS 0.00
Products
tensorflow 427 tensorflow-gpu 421 tensorflow-cpu 417 Django 147 apache-airflow 111 Plone 96 open-webui 86 mlflow 70 apache-superset 67 salt 67 ansible 66 pillow 52 nova 48 gradio 46 rdiffweb 43 matrix-synapse 42 pyload-ng 41 vyper 39 vllm 38 keystone 36 moin 35 aiohttp 33 opencv-contrib-python 30 opencv-python 30 PraisonAI 27 pgadmin4 26 pypdf 24 glance 22 langflow 22 ethyca-fides 21
Quick Filters
Critical CVEs With Exploits In CISA KEV