pypi
4,708 tracked vulnerabilities.
CVE-2025-1889
CRITICAL
picklescan <0.0.22 - Info Disclosure
Mar 03, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-25302
MEDIUM
rembg < 2.0.57 - Origin Validation Error in CORS Middleware
Mar 03, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-25301
HIGH
rembg < 2.0.57 - Server-Side Request Forgery via /api/remove URL Parameter
Mar 03, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-24023
LOW
Flask-AppBuilder < 4.5.3 - Unauthenticated Username Enumeration via Timing Attack
Mar 03, 2025
CVSS 3.7
EPSS 0.01
CVE-2025-1300
MEDIUM
CodeChecker <= 6.24.5 - Open Redirect via Multiple Slashes Bypass
Feb 28, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-27154
CRITICAL
spotipy < 2.25.1 - Incorrect Default Permissions in Cache File
Feb 27, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-1716
CRITICAL
picklescan <0.0.21 - Code Injection
Feb 26, 2025
CVSS 9.8
EPSS 0.16
CVE-2025-27145
LOW
copyparty < 1.16.15 - DOM-based Cross-Site Scripting via Drag-and-Drop File Upload
Feb 25, 2025
CVSS 3.6
EPSS 0.00
CVE-2025-27105
CRITICAL
vyperlang/vyper < 0.4.1 - Out-of-bounds Write via DynArray AugAssign Statement
Feb 21, 2025
CVSS 9.1
EPSS 0.00
CVE-2025-27104
HIGH
vyperlang/vyper < 0.4.1 - Improper Synchronization in For Loop Iterator Evaluation
Feb 21, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-26622
HIGH
vyperlang/vyper < 0.4.1 - Incorrect Calculation in sqrt() Builtin
Feb 21, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-1403
HIGH
Qiskit 0.45.0-1.2.4 - Denial of Service via Malformed Symengine Serialization Stream
Feb 21, 2025
CVSS 8.6
EPSS 0.00
CVE-2025-26623
CRITICAL
exiv2 0.28.0-0.28.4 - Use-After-Free via Crafted Image Metadata Write
Feb 18, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-25305
HIGH
Home Assistant Core - Info Disclosure
Feb 18, 2025
CVSS 7.0
EPSS 0.00
CVE-2025-25297
HIGH
Label Studio < 1.16.0 - Server-Side Request Forgery via S3 Endpoint Parameter
Feb 14, 2025
CVSS 8.6
EPSS 0.00
CVE-2025-25296
MEDIUM
Label Studio < 1.16.0 - Cross-Site Scripting via label_config Query Parameter
Feb 14, 2025
CVSS 6.1
EPSS 0.20
CVE-2025-25295
HIGH
Label Studio SDK <1.0.10 - Path Traversal
Feb 14, 2025
EPSS 0.00
CVE-2025-25183
LOW
vllm < 0.7.2 - Cache Poisoning via Predictable Hash Collision
Feb 07, 2025
CVSS 2.6
EPSS 0.00
CVE-2025-23217
HIGH
mitmproxy < 11.1.2 - Server-Side Request Forgery via Proxy to Internal API
Feb 06, 2025
EPSS 0.04
CVE-2025-24805
MEDIUM
Mobile Security Framework < 4.3.1 - Improper Privilege Management via Access Token
Feb 05, 2025
CVSS 5.5
EPSS 0.00
CVE-2025-24804
MEDIUM
Mobile Security Framework < 4.3.1 - Denial of Service via Malformed CFBundleIdentifier in Info.plist
Feb 05, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-24803
MEDIUM
Mobile Security Framework < 4.3.1 - Stored Cross-Site Scripting via CFBundleIdentifier
Feb 05, 2025
CVSS 5.4
EPSS 0.01
CVE-2025-24372
HIGH
CKAN < 2.10.7 and 2.11.0-2.11.2 - Authenticated Stored Cross-Site Scripting via File Upload
Feb 05, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-24370
CRITICAL
django-unicorn < 0.62.0 - Python Class Pollution via set_property_value
Feb 03, 2025
EPSS 0.00
CVE-2025-24795
MEDIUM
Snowflake Connector for Python 2.3.7-3.13.0 - Incorrect Default Permissions in Temporary Credential Cache
Jan 29, 2025
CVSS 4.4
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 111
Plone 96
open-webui 86
mlflow 70
apache-superset 67
salt 67
ansible 66
pillow 52
nova 48
gradio 46
rdiffweb 43
matrix-synapse 42
pyload-ng 41
vyper 39
vllm 38
keystone 36
moin 35
aiohttp 33
opencv-contrib-python 30
opencv-python 30
PraisonAI 27
pgadmin4 26
pypdf 24
glance 22
langflow 22
ethyca-fides 21
Quick Filters