pypi
4,998 tracked vulnerabilities.
CVE-2025-52556
CRITICAL
rfc3161-client < 1.0.3 - Improper Verification of Cryptographic Signature
Jun 21, 2025
EPSS 0.00
CVE-2025-6279
MEDIUM
Upsonic < 0.55.6 - Remote Code Execution via cloudpickle.loads Deserialization
Jun 19, 2025
CVSS 5.5
EPSS 0.00
CVE-2025-6278
MEDIUM
upsonic < 0.55.6 - Path Traversal via file.filename Argument
Jun 19, 2025
CVSS 5.5
EPSS 0.01
CVE-2025-6272
LOW
wasm3 0.5.0 - Out-of-Bounds Write in MarkSlotAllocated
Jun 19, 2025
CVSS 3.3
EPSS 0.00
CVE-2025-50182
MEDIUM
urllib3 2.2.0-2.5.0 - Open Redirect via Pyodide Runtime
Jun 19, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-50181
MEDIUM
urllib3 < 2.5.0 - Open Redirect via PoolManager Retry Configuration
Jun 19, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-6050
MEDIUM
Mezzanine < 6.1.1 - Authenticated Stored Cross-Site Scripting via Blog Post Title in Admin Interface
Jun 17, 2025
CVSS 4.8
EPSS 0.00
CVE-2025-6167
MEDIUM
python-a2a < 0.5.6 - Path Traversal in create_workflow Function
Jun 17, 2025
CVSS 5.5
EPSS 0.01
CVE-2025-49134
MEDIUM
Weblate < 5.12 - Unauthorized Exposure of User IP Address in Audit Log Notifications
Jun 16, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-47951
MEDIUM
Weblate < 5.12 - Excessive Authentication Attempts via Second Factor Endpoint
Jun 16, 2025
CVSS 4.9
EPSS 0.00
CVE-2025-4565
MEDIUM
protobuf-python < 4.25.8 - Denial of Service via Recursive Protocol Buffers Parsing
Jun 16, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-22242
MEDIUM
Salt 3006.x < 3006.12 and 3007.x < 3007.4 - Denial of Service via File Read Operation
Jun 13, 2025
CVSS 5.6
EPSS 0.00
CVE-2025-22241
MEDIUM
Salt 3006.x < 3006.12 and 3007.x < 3007.4 - Path Traversal in VirtKey Class
Jun 13, 2025
CVSS 5.6
EPSS 0.00
CVE-2025-22240
MEDIUM
Salt 3006.x < 3006.12 and 3007.x < 3007.4 - Arbitrary File Deletion via GitFS find_file Method
Jun 13, 2025
CVSS 6.3
EPSS 0.00
CVE-2025-22239
HIGH
Salt 3006.0rc1-3006.11 and 3007.0-3007.3 - Arbitrary Event Injection via _minion_event Method
Jun 13, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-22238
MEDIUM
Salt 3006.0rc1-3006.11 and 3007.0-3007.3 - Path Traversal and Arbitrary File Write in Minion File Cache
Jun 13, 2025
CVSS 4.2
EPSS 0.00
CVE-2025-22237
MEDIUM
SaltStack <version> - Command Injection
Jun 13, 2025
CVSS 6.7
EPSS 0.00
CVE-2025-22236
HIGH
Salt 3007.0-3007.3 and 3006.0-3006.11 - Minion Event Bus Authorization Bypass
Jun 13, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-43866
HIGH
vantage6 < 4.11.0 - Use of Insufficiently Random Values for JWT Secret Key
Jun 12, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-43863
CRITICAL
vantage6 < 4.11.0 - Authenticated Password Brute-Force via Change Password Functionality
Jun 12, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-49143
MEDIUM
Nautobot < 1.6.32 - Unauthenticated Exposure of Sensitive Information via MEDIA_ROOT URL Endpoint
Jun 10, 2025
CVSS 5.9
EPSS 0.00
CVE-2025-49142
HIGH
Nautobot <2.4.10-1.6.32 - Code Injection
Jun 10, 2025
CVSS 7.1
EPSS 0.00
CVE-2025-48879
MEDIUM
OctoPrint <= 1.11.1 - Unauthenticated Denial of Service via Malformed Multipart Form Data
Jun 10, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-48067
MEDIUM
OctoPrint <1.11.1 - Info Disclosure
Jun 10, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-49653
HIGH
BackendAI - Exposure of Sensitive Information in Active Sessions
Jun 09, 2025
CVSS 8.0
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 92
mlflow 77
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters