pypi

4,998 tracked vulnerabilities.

CVE-2025-5150 MEDIUM
docarray < 0.40.1 - Prototype Pollution via __getitem__ Function
May 25, 2025
CVSS 6.3
EPSS 0.01
CVE-2025-5148 MEDIUM
FunAudioLLM InspireMusic - Remote Code Execution via Pickle Deserialization in load_state_dict
May 25, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-47277 CRITICAL
vLLM 0.6.5-0.8.4 - Remote Code Execution via PyNcclPipe KV Cache Transfer Deserialization
May 20, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-46725 CRITICAL
langroid < 0.53.15 - Remote Code Execution via LanceDocChatAgent QueryPlan.dataframe_calc
May 20, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-46724 CRITICAL
langroid < 0.53.15 - Code Injection via TableChatAgent pandas eval()
May 20, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-2099 HIGH
huggingface/transformers < 4.48.3 - Regular Expression Denial of Service in preprocess_string()
May 19, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-47273 HIGH
setuptools < 78.1.1 - Path Traversal and Arbitrary File Write via PackageIndex
May 17, 2025
CVSS 8.8
EPSS 0.01
CVE-2025-32962 MEDIUM
Flask-AppBuilder < 4.6.2 - Unauthenticated Open Redirect via Host Header Manipulation
May 16, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-47287 HIGH
Tornado < 6.5.0 - Denial of Service via Multipart Form Data Parser
May 15, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-47774 LOW
Vyper <= 0.4.2rc1 - Side Effect Elision via Zero-Length Slice Operation
May 15, 2025
EPSS 0.00
CVE-2025-47285 LOW
Vyper <= 0.4.2rc1 - Insufficient Control Flow Management in concat() Function
May 15, 2025
EPSS 0.00
CVE-2025-47783 MEDIUM NUCLEI
Label Studio < 1.18.0 - Stored Cross-Site Scripting via Projects Upload Example Endpoint
May 14, 2025
CVSS 6.1
EPSS 0.01
CVE-2025-47782 HIGH
motioneye 0.43.1b1-0.43.1b3 - Authenticated OS Command Injection via Camera Device Path
May 14, 2025
EPSS 0.00
CVE-2025-26864 HIGH
Apache IoTDB 0.10.0-1.3.3 and 2.0.1-beta - Sensitive Information Exposure via OpenIdAuthorizer
May 14, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-47278 LOW
Flask 3.1.0 - Incorrect Key Order in Fallback Key Configuration
May 13, 2025
EPSS 0.00
CVE-2025-27696 HIGH
Apache Superset <= 4.1.1 - Authenticated Ownership Takeover via Dashboard Chart or Dataset
May 13, 2025
CVSS 8.8
EPSS 0.01
CVE-2025-1752 HIGH
run-llama/llama_index ~ latest(v0.12.15 - DoS
May 10, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-44021 LOW
OpenStack Ironic < 24.1.3, 24-24.1.3, 25-26.1.1, 27-29.0.1 - Arbitrary File Write via Image Handling
May 08, 2025
CVSS 2.8
EPSS 0.00
CVE-2025-32873 MEDIUM
Django 4.2-4.2.20, 5.1-5.1.8, 5.2-5.2.0 - Denial of Service via Incomplete HTML Tag Processing
May 08, 2025
CVSS 5.3
EPSS 0.14
CVE-2025-30165 HIGH
vLLM 0.5.2-0.10.0 - Remote Code Execution via Pickle Deserialization in ZeroMQ Communication
May 06, 2025
CVSS 8.0
EPSS 0.01
CVE-2025-46730 MEDIUM
Mobile Security Framework <= 4.3.2 - Denial of Service via ZIP Bomb Extraction
May 05, 2025
CVSS 6.8
EPSS 0.00
CVE-2025-46726 CRITICAL
langroid < 0.53.4 - XML External Entity Injection via XMLToolMessage
May 05, 2025
CVSS 9.1
EPSS 0.01
CVE-2025-46719 MEDIUM
Open WebUI < 0.6.6 - Stored Cross-Site Scripting via Chat Message HTML Tag Injection
May 05, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-46571 MEDIUM
Open WebUI < 0.6.6 - Stored Cross-Site Scripting via HTML File Upload
May 05, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-46335 MEDIUM
Mobile Security Framework < 4.3.3 - Stored Cross-Site Scripting via SVG File Upload
May 05, 2025
CVSS 5.4
EPSS 0.00