pypi
4,708 tracked vulnerabilities.
CVE-2025-24794
MEDIUM
Snowflake Connector for Python 2.7.12-3.13.0 - Local Privilege Escalation via OCSP Response Cache Deserialization
Jan 29, 2025
CVSS 6.7
EPSS 0.00
CVE-2025-24793
HIGH
Snowflake Connector for Python 2.2.5-3.13.0 - SQL Injection in pandas_tools Module
Jan 29, 2025
CVSS 7.0
EPSS 0.00
CVE-2025-24357
HIGH
vllm < 0.7.0 - Remote Code Execution via Pickle Deserialization in Model Weight Loading
Jan 27, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-24359
HIGH
asteval < 1.0.6 - Remote Code Execution via FormattedValue AST Node Handling
Jan 24, 2025
CVSS 8.4
EPSS 0.00
CVE-2025-22153
HIGH
CPython <3.13.2, RestrictedPython <8.0 - RCE
Jan 23, 2025
CVSS 7.9
EPSS 0.00
CVE-2025-23205
MEDIUM
nbgrader 0.9.4 - Exposure of Sensitive Data via Frame Ancestors Misconfiguration
Jan 17, 2025
EPSS 0.00
CVE-2025-22146
CRITICAL
Sentry 21.12.0-25.1.0 - Account Takeover via Malicious SAML Identity Provider
Jan 15, 2025
CVSS 9.1
EPSS 0.00
CVE-2025-23042
HIGH
Gradio < 5.6.0 - Improper Authorization via Case Bypass in ACL File Path Validation
Jan 14, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-21607
HIGH
vyperlang/vyper < 0.4.1 - Always-Incorrect Control Flow Implementation in EcRecover and Identity Precompiles
Jan 14, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-22151
LOW
Strawberry GraphQL <0.257.0 - Type Confusion
Jan 09, 2025
CVSS 3.7
EPSS 0.00
CVE-2025-21618
HIGH
NiceGUI < 2.9.1 - Improper Authentication
Jan 06, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-56373
HIGH
Airflow 2 - Privilege Escalation to RCE
Feb 24, 2026
CVSS 8.4
EPSS 0.00
CVE-2024-5986
CRITICAL
Ai.h2o H2o-core - Remote Code Execution
Feb 02, 2026
CVSS 9.1
EPSS 0.00
CVE-2024-29370
MEDIUM
python-jose < 3.4.0 - Denial of Service via Malicious JWE Token Decompression
Dec 17, 2025
CVSS 5.3
EPSS 0.00
CVE-2024-38824
CRITICAL
SaltStack Salt 3006.0-3006.11 and 3007.0rc1-3007.3 - Path Traversal and Arbitrary File Write via recv_file Method
Jun 13, 2025
CVSS 9.6
EPSS 0.00
CVE-2024-38825
MEDIUM
Salt 3006.0rc1-3006.11 and 3007.0-3007.3 - Improper Authentication in PKI Module
Jun 13, 2025
CVSS 6.4
EPSS 0.00
CVE-2024-47081
MEDIUM
Requests < 2.32.4 - Credential Leak via Malicious URL Parsing
Jun 09, 2025
CVSS 5.3
EPSS 0.00
CVE-2024-24780
CRITICAL
Apache IoTDB 1.0.0-1.3.3 - Authenticated Remote Code Execution via UDF URI
May 14, 2025
CVSS 9.8
EPSS 0.02
CVE-2024-53924
CRITICAL
Pycel through 1.0b30 - Remote Code Execution via Crafted Spreadsheet Formula
Apr 17, 2025
CVSS 9.8
EPSS 0.01
CVE-2024-53305
HIGH
benbusby/whoogle_search < 0.9.1 - Remote Code Execution via Crafted Search Query
Apr 16, 2025
CVSS 7.3
EPSS 0.00
CVE-2024-9701
CRITICAL
Kedro < 0.19.9 - Remote Code Execution via ShelveStore Deserialization
Mar 20, 2025
CVSS 9.8
EPSS 0.06
CVE-2024-9606
HIGH
berriai/litellm <1.44.12 - Info Disclosure
Mar 20, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-9340
HIGH
zenml < 0.68.0 - Unauthenticated Denial of Service via Malformed Multipart Request Boundary
Mar 20, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-9229
HIGH
quivr-core - Unauthenticated Denial of Service via Multipart Boundary Manipulation
Mar 20, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-9070
CRITICAL
BentoML <= 1.3.4.post1 - Remote Code Execution via Runner Server Deserialization
Mar 20, 2025
CVSS 9.8
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 111
Plone 96
open-webui 86
mlflow 70
apache-superset 67
salt 67
ansible 66
pillow 52
nova 48
gradio 46
rdiffweb 43
matrix-synapse 42
pyload-ng 41
vyper 39
vllm 38
keystone 36
moin 35
aiohttp 33
opencv-contrib-python 30
opencv-python 30
PraisonAI 27
pgadmin4 26
pypdf 24
glance 22
langflow 22
ethyca-fides 21
Quick Filters