pypi

4,998 tracked vulnerabilities.

CVE-2025-52556 CRITICAL
rfc3161-client < 1.0.3 - Improper Verification of Cryptographic Signature
Jun 21, 2025
EPSS 0.00
CVE-2025-6279 MEDIUM
Upsonic < 0.55.6 - Remote Code Execution via cloudpickle.loads Deserialization
Jun 19, 2025
CVSS 5.5
EPSS 0.00
CVE-2025-6278 MEDIUM
upsonic < 0.55.6 - Path Traversal via file.filename Argument
Jun 19, 2025
CVSS 5.5
EPSS 0.01
CVE-2025-6272 LOW
wasm3 0.5.0 - Out-of-Bounds Write in MarkSlotAllocated
Jun 19, 2025
CVSS 3.3
EPSS 0.00
CVE-2025-50182 MEDIUM
urllib3 2.2.0-2.5.0 - Open Redirect via Pyodide Runtime
Jun 19, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-50181 MEDIUM
urllib3 < 2.5.0 - Open Redirect via PoolManager Retry Configuration
Jun 19, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-6050 MEDIUM
Mezzanine < 6.1.1 - Authenticated Stored Cross-Site Scripting via Blog Post Title in Admin Interface
Jun 17, 2025
CVSS 4.8
EPSS 0.00
CVE-2025-6167 MEDIUM
python-a2a < 0.5.6 - Path Traversal in create_workflow Function
Jun 17, 2025
CVSS 5.5
EPSS 0.01
CVE-2025-49134 MEDIUM
Weblate < 5.12 - Unauthorized Exposure of User IP Address in Audit Log Notifications
Jun 16, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-47951 MEDIUM
Weblate < 5.12 - Excessive Authentication Attempts via Second Factor Endpoint
Jun 16, 2025
CVSS 4.9
EPSS 0.00
CVE-2025-4565 MEDIUM
protobuf-python < 4.25.8 - Denial of Service via Recursive Protocol Buffers Parsing
Jun 16, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-22242 MEDIUM
Salt 3006.x < 3006.12 and 3007.x < 3007.4 - Denial of Service via File Read Operation
Jun 13, 2025
CVSS 5.6
EPSS 0.00
CVE-2025-22241 MEDIUM
Salt 3006.x < 3006.12 and 3007.x < 3007.4 - Path Traversal in VirtKey Class
Jun 13, 2025
CVSS 5.6
EPSS 0.00
CVE-2025-22240 MEDIUM
Salt 3006.x < 3006.12 and 3007.x < 3007.4 - Arbitrary File Deletion via GitFS find_file Method
Jun 13, 2025
CVSS 6.3
EPSS 0.00
CVE-2025-22239 HIGH
Salt 3006.0rc1-3006.11 and 3007.0-3007.3 - Arbitrary Event Injection via _minion_event Method
Jun 13, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-22238 MEDIUM
Salt 3006.0rc1-3006.11 and 3007.0-3007.3 - Path Traversal and Arbitrary File Write in Minion File Cache
Jun 13, 2025
CVSS 4.2
EPSS 0.00
CVE-2025-22237 MEDIUM
SaltStack <version> - Command Injection
Jun 13, 2025
CVSS 6.7
EPSS 0.00
CVE-2025-22236 HIGH
Salt 3007.0-3007.3 and 3006.0-3006.11 - Minion Event Bus Authorization Bypass
Jun 13, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-43866 HIGH
vantage6 < 4.11.0 - Use of Insufficiently Random Values for JWT Secret Key
Jun 12, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-43863 CRITICAL
vantage6 < 4.11.0 - Authenticated Password Brute-Force via Change Password Functionality
Jun 12, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-49143 MEDIUM
Nautobot < 1.6.32 - Unauthenticated Exposure of Sensitive Information via MEDIA_ROOT URL Endpoint
Jun 10, 2025
CVSS 5.9
EPSS 0.00
CVE-2025-49142 HIGH
Nautobot <2.4.10-1.6.32 - Code Injection
Jun 10, 2025
CVSS 7.1
EPSS 0.00
CVE-2025-48879 MEDIUM
OctoPrint <= 1.11.1 - Unauthenticated Denial of Service via Malformed Multipart Form Data
Jun 10, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-48067 MEDIUM
OctoPrint <1.11.1 - Info Disclosure
Jun 10, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-49653 HIGH
BackendAI - Exposure of Sensitive Information in Active Sessions
Jun 09, 2025
CVSS 8.0
EPSS 0.00