pypi

4,998 tracked vulnerabilities.

CVE-2025-6209 HIGH
run-llama/llama_index <0.12.27 - Path Traversal
Jul 07, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-6386 HIGH
parisneo/lollms < 20.1 - Timing Attack via Password Comparison in authenticate_user
Jul 07, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-6210 MEDIUM
run-llama/llama_index <0.12.27 - Path Traversal
Jul 07, 2025
CVSS 6.2
EPSS 0.00
CVE-2025-5472 MEDIUM
run-llama/llama_index <0.12.28 - Buffer Overflow
Jul 07, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-3777 LOW
Hugging Face Transformers <4.49.0 - Info Disclosure
Jul 07, 2025
CVSS 3.5
EPSS 0.00
CVE-2025-3264 MEDIUM
Hugging Face Transformers <4.51.0 - DoS
Jul 07, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-3263 MEDIUM
Hugging Face Transformers <4.51.0 - DoS
Jul 07, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-3262 HIGH
huggingface/transformers <4.49.0 - DoS
Jul 07, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-3225 HIGH
run-llama/llama_index <v0.12.21 - DoS
Jul 07, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-3046 HIGH
llamaindex 0.12.23-0.12.28 - Arbitrary File Read via ObsidianReader Symlink Handling
Jul 07, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-3044 MEDIUM
run-llama/llama_index <0.12.22.post1 - Info Disclosure
Jul 07, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-3108 HIGH
Llamaindex < 0.12.41 - Remote Code Execution
Jul 06, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-53366 HIGH
mcp < 1.9.4 - Denial of Service via Malformed Request Validation Error
Jul 04, 2025
EPSS 0.06
CVE-2025-53365 HIGH
MCP Python SDK <1.10.0 - Use After Free
Jul 04, 2025
EPSS 0.00
CVE-2025-48379 HIGH
Pillow 11.2.0-11.2.9 - Heap-based Buffer Overflow in DDS Image Writing
Jul 01, 2025
CVSS 7.1
EPSS 0.00
CVE-2025-6855 MEDIUM
Langchain-Chatchat <0.3.1 - Path Traversal
Jun 29, 2025
CVSS 5.5
EPSS 0.01
CVE-2025-6854 MEDIUM
Langchain-Chatchat <0.3.1 - Path Traversal
Jun 29, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-6853 MEDIUM
Langchain-Chatchat <0.3.1 - Path Traversal
Jun 29, 2025
CVSS 6.3
EPSS 0.00
CVE-2025-6773 MEDIUM
HKUDS LightRAG < 1.3.8 - Path Traversal via File Upload
Jun 27, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-53002 HIGH
LLaMA-Factory <= 0.9.3 - Remote Code Execution via Malicious Checkpoint Path Parameter
Jun 26, 2025
CVSS 8.3
EPSS 0.01
CVE-2025-50213 CRITICAL
Apache Airflow Providers Snowflake <6.4.0 - Special Element Injection
Jun 24, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-52558 HIGH
changedetection.io < 0.50.4 - Cross-Site Scripting via Filter Error Handling
Jun 23, 2025
EPSS 0.01
CVE-2025-2828 CRITICAL
langchain < 0.0.28 - Server-Side Request Forgery via RequestsToolkit
Jun 23, 2025
CVSS 10.0
EPSS 0.15
CVE-2025-6518 MEDIUM
PySpur-Dev <0.1.18 - Improper Neutralization
Jun 23, 2025
CVSS 6.3
EPSS 0.00
CVE-2025-52967 MEDIUM
MLflow < 3.1.0 - Server-Side Request Forgery via Gateway Path Validation Bypass
Jun 23, 2025
CVSS 5.8
EPSS 0.00