pypi
4,998 tracked vulnerabilities.
CVE-2025-6209
HIGH
run-llama/llama_index <0.12.27 - Path Traversal
Jul 07, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-6386
HIGH
parisneo/lollms < 20.1 - Timing Attack via Password Comparison in authenticate_user
Jul 07, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-6210
MEDIUM
run-llama/llama_index <0.12.27 - Path Traversal
Jul 07, 2025
CVSS 6.2
EPSS 0.00
CVE-2025-5472
MEDIUM
run-llama/llama_index <0.12.28 - Buffer Overflow
Jul 07, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-3777
LOW
Hugging Face Transformers <4.49.0 - Info Disclosure
Jul 07, 2025
CVSS 3.5
EPSS 0.00
CVE-2025-3264
MEDIUM
Hugging Face Transformers <4.51.0 - DoS
Jul 07, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-3263
MEDIUM
Hugging Face Transformers <4.51.0 - DoS
Jul 07, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-3262
HIGH
huggingface/transformers <4.49.0 - DoS
Jul 07, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-3225
HIGH
run-llama/llama_index <v0.12.21 - DoS
Jul 07, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-3046
HIGH
llamaindex 0.12.23-0.12.28 - Arbitrary File Read via ObsidianReader Symlink Handling
Jul 07, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-3044
MEDIUM
run-llama/llama_index <0.12.22.post1 - Info Disclosure
Jul 07, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-3108
HIGH
Llamaindex < 0.12.41 - Remote Code Execution
Jul 06, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-53366
HIGH
mcp < 1.9.4 - Denial of Service via Malformed Request Validation Error
Jul 04, 2025
EPSS 0.06
CVE-2025-53365
HIGH
MCP Python SDK <1.10.0 - Use After Free
Jul 04, 2025
EPSS 0.00
CVE-2025-48379
HIGH
Pillow 11.2.0-11.2.9 - Heap-based Buffer Overflow in DDS Image Writing
Jul 01, 2025
CVSS 7.1
EPSS 0.00
CVE-2025-6855
MEDIUM
Langchain-Chatchat <0.3.1 - Path Traversal
Jun 29, 2025
CVSS 5.5
EPSS 0.01
CVE-2025-6854
MEDIUM
Langchain-Chatchat <0.3.1 - Path Traversal
Jun 29, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-6853
MEDIUM
Langchain-Chatchat <0.3.1 - Path Traversal
Jun 29, 2025
CVSS 6.3
EPSS 0.00
CVE-2025-6773
MEDIUM
HKUDS LightRAG < 1.3.8 - Path Traversal via File Upload
Jun 27, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-53002
HIGH
LLaMA-Factory <= 0.9.3 - Remote Code Execution via Malicious Checkpoint Path Parameter
Jun 26, 2025
CVSS 8.3
EPSS 0.01
CVE-2025-50213
CRITICAL
Apache Airflow Providers Snowflake <6.4.0 - Special Element Injection
Jun 24, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-52558
HIGH
changedetection.io < 0.50.4 - Cross-Site Scripting via Filter Error Handling
Jun 23, 2025
EPSS 0.01
CVE-2025-2828
CRITICAL
langchain < 0.0.28 - Server-Side Request Forgery via RequestsToolkit
Jun 23, 2025
CVSS 10.0
EPSS 0.15
CVE-2025-6518
MEDIUM
PySpur-Dev <0.1.18 - Improper Neutralization
Jun 23, 2025
CVSS 6.3
EPSS 0.00
CVE-2025-52967
MEDIUM
MLflow < 3.1.0 - Server-Side Request Forgery via Gateway Path Validation Bypass
Jun 23, 2025
CVSS 5.8
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 92
mlflow 77
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters