pypi
4,998 tracked vulnerabilities.
CVE-2025-49652
CRITICAL
BackendAI < 25.15.6 - Unauthenticated User Registration Bypass
Jun 09, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-49651
HIGH
BackendAI - Unauthenticated Session Takeover via Missing Authorization
Jun 09, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-49619
HIGH
Skyvern SSTI Remote Code Execution
Jun 07, 2025
CVSS 8.5
EPSS 0.14
CVE-2025-1793
CRITICAL
run-llama/llama_index <v0.12.21 - SQL Injection
Jun 05, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-48432
MEDIUM
Django <5.2.3-4.2.23 - Info Disclosure
Jun 05, 2025
CVSS 4.0
EPSS 0.01
CVE-2025-30167
HIGH
Jupyter Core <5.8.0 - Info Disclosure
Jun 03, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-48995
MEDIUM
SignXML < 4.0.4 - Observable Timing Discrepancy in HMAC Verification
Jun 02, 2025
EPSS 0.00
CVE-2025-48994
MEDIUM
SignXML <4.0.4 - Algorithm Confusion
Jun 02, 2025
EPSS 0.00
CVE-2025-48957
HIGH
AstrBot 3.4.4-3.5.12 - Path Traversal and Information Disclosure via Dashboard Feature
Jun 02, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-48944
MEDIUM
vLLM 0.8.0-0.9.0 - Denial of Service via Malformed Tools Input
May 30, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-48943
MEDIUM
vLLM 0.8.0-0.8.9 - Denial of Service via Invalid Regex in Structured Output
May 30, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-48942
MEDIUM
vllm 0.8.0-0.9.0 - Denial of Service via Invalid JSON Schema in /v1/completions API
May 30, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-48887
MEDIUM
vLLM 0.6.4-0.8.2 - Regular Expression Denial of Service in Pythonic Tool Parser
May 30, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-48912
MEDIUM
Apache Superset <4.1.2 - Privilege Escalation
May 30, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-48889
MEDIUM
Gradio < 5.31.0 - Unauthenticated Arbitrary File Copy via Flagging Feature
May 30, 2025
CVSS 5.3
EPSS 0.01
CVE-2025-46722
MEDIUM
vllm 0.7.0-0.8.9 - Hash Collision via Incomplete Image Metadata Serialization
May 29, 2025
CVSS 4.2
EPSS 0.00
CVE-2025-46570
LOW
vllm < 0.9.0 - Observable Timing Discrepancy in PageAttention Prefill
May 29, 2025
CVSS 2.6
EPSS 0.00
CVE-2025-5321
MEDIUM
Aim run_view RestrictedPythonQuery - Remote Privilege Escalation
May 29, 2025
CVSS 6.3
EPSS 0.00
CVE-2025-5320
LOW
gradio-app gradio <= 5.29.1 - Insufficient Verification of Data Authenticity in CORS Handler
May 29, 2025
CVSS 3.7
EPSS 0.00
CVE-2025-1753
HIGH
LLama-Index CLI <0.12.20 - Command Injection
May 28, 2025
CVSS 7.8
EPSS 0.01
CVE-2025-5279
HIGH
Amazon Redshift Python Connector 2.0.872-2.1.7 - Improper Certificate Validation
May 27, 2025
EPSS 0.00
CVE-2025-48383
HIGH
Django-Select2 <8.4.1 - Info Disclosure
May 27, 2025
CVSS 8.2
EPSS 0.00
CVE-2025-5175
MEDIUM
erdogant pypickle < 2.0.0 - Improper Authorization in Save Function
May 26, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-5174
MEDIUM
erdogant pypickle < 2.0.0 - Deserialization of Untrusted Data via load Function
May 26, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-5173
MEDIUM
HumanSignal label-studio-ml-backend - Deserialization of Untrusted Data in PT File Handler
May 26, 2025
CVSS 5.3
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 92
mlflow 77
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters