pypi

4,998 tracked vulnerabilities.

CVE-2025-49652 CRITICAL
BackendAI < 25.15.6 - Unauthenticated User Registration Bypass
Jun 09, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-49651 HIGH
BackendAI - Unauthenticated Session Takeover via Missing Authorization
Jun 09, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-49619 HIGH
Skyvern SSTI Remote Code Execution
Jun 07, 2025
CVSS 8.5
EPSS 0.14
CVE-2025-1793 CRITICAL
run-llama/llama_index <v0.12.21 - SQL Injection
Jun 05, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-48432 MEDIUM
Django <5.2.3-4.2.23 - Info Disclosure
Jun 05, 2025
CVSS 4.0
EPSS 0.01
CVE-2025-30167 HIGH
Jupyter Core <5.8.0 - Info Disclosure
Jun 03, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-48995 MEDIUM
SignXML < 4.0.4 - Observable Timing Discrepancy in HMAC Verification
Jun 02, 2025
EPSS 0.00
CVE-2025-48994 MEDIUM
SignXML <4.0.4 - Algorithm Confusion
Jun 02, 2025
EPSS 0.00
CVE-2025-48957 HIGH
AstrBot 3.4.4-3.5.12 - Path Traversal and Information Disclosure via Dashboard Feature
Jun 02, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-48944 MEDIUM
vLLM 0.8.0-0.9.0 - Denial of Service via Malformed Tools Input
May 30, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-48943 MEDIUM
vLLM 0.8.0-0.8.9 - Denial of Service via Invalid Regex in Structured Output
May 30, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-48942 MEDIUM
vllm 0.8.0-0.9.0 - Denial of Service via Invalid JSON Schema in /v1/completions API
May 30, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-48887 MEDIUM
vLLM 0.6.4-0.8.2 - Regular Expression Denial of Service in Pythonic Tool Parser
May 30, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-48912 MEDIUM
Apache Superset <4.1.2 - Privilege Escalation
May 30, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-48889 MEDIUM
Gradio < 5.31.0 - Unauthenticated Arbitrary File Copy via Flagging Feature
May 30, 2025
CVSS 5.3
EPSS 0.01
CVE-2025-46722 MEDIUM
vllm 0.7.0-0.8.9 - Hash Collision via Incomplete Image Metadata Serialization
May 29, 2025
CVSS 4.2
EPSS 0.00
CVE-2025-46570 LOW
vllm < 0.9.0 - Observable Timing Discrepancy in PageAttention Prefill
May 29, 2025
CVSS 2.6
EPSS 0.00
CVE-2025-5321 MEDIUM
Aim run_view RestrictedPythonQuery - Remote Privilege Escalation
May 29, 2025
CVSS 6.3
EPSS 0.00
CVE-2025-5320 LOW
gradio-app gradio <= 5.29.1 - Insufficient Verification of Data Authenticity in CORS Handler
May 29, 2025
CVSS 3.7
EPSS 0.00
CVE-2025-1753 HIGH
LLama-Index CLI <0.12.20 - Command Injection
May 28, 2025
CVSS 7.8
EPSS 0.01
CVE-2025-5279 HIGH
Amazon Redshift Python Connector 2.0.872-2.1.7 - Improper Certificate Validation
May 27, 2025
EPSS 0.00
CVE-2025-48383 HIGH
Django-Select2 <8.4.1 - Info Disclosure
May 27, 2025
CVSS 8.2
EPSS 0.00
CVE-2025-5175 MEDIUM
erdogant pypickle < 2.0.0 - Improper Authorization in Save Function
May 26, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-5174 MEDIUM
erdogant pypickle < 2.0.0 - Deserialization of Untrusted Data via load Function
May 26, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-5173 MEDIUM
HumanSignal label-studio-ml-backend - Deserialization of Untrusted Data in PT File Handler
May 26, 2025
CVSS 5.3
EPSS 0.00