pypi
4,998 tracked vulnerabilities.
CVE-2025-5150
MEDIUM
docarray < 0.40.1 - Prototype Pollution via __getitem__ Function
May 25, 2025
CVSS 6.3
EPSS 0.01
CVE-2025-5148
MEDIUM
FunAudioLLM InspireMusic - Remote Code Execution via Pickle Deserialization in load_state_dict
May 25, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-47277
CRITICAL
vLLM 0.6.5-0.8.4 - Remote Code Execution via PyNcclPipe KV Cache Transfer Deserialization
May 20, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-46725
CRITICAL
langroid < 0.53.15 - Remote Code Execution via LanceDocChatAgent QueryPlan.dataframe_calc
May 20, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-46724
CRITICAL
langroid < 0.53.15 - Code Injection via TableChatAgent pandas eval()
May 20, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-2099
HIGH
huggingface/transformers < 4.48.3 - Regular Expression Denial of Service in preprocess_string()
May 19, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-47273
HIGH
setuptools < 78.1.1 - Path Traversal and Arbitrary File Write via PackageIndex
May 17, 2025
CVSS 8.8
EPSS 0.01
CVE-2025-32962
MEDIUM
Flask-AppBuilder < 4.6.2 - Unauthenticated Open Redirect via Host Header Manipulation
May 16, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-47287
HIGH
Tornado < 6.5.0 - Denial of Service via Multipart Form Data Parser
May 15, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-47774
LOW
Vyper <= 0.4.2rc1 - Side Effect Elision via Zero-Length Slice Operation
May 15, 2025
EPSS 0.00
CVE-2025-47285
LOW
Vyper <= 0.4.2rc1 - Insufficient Control Flow Management in concat() Function
May 15, 2025
EPSS 0.00
CVE-2025-47783
MEDIUM
NUCLEI
Label Studio < 1.18.0 - Stored Cross-Site Scripting via Projects Upload Example Endpoint
May 14, 2025
CVSS 6.1
EPSS 0.01
CVE-2025-47782
HIGH
motioneye 0.43.1b1-0.43.1b3 - Authenticated OS Command Injection via Camera Device Path
May 14, 2025
EPSS 0.00
CVE-2025-26864
HIGH
Apache IoTDB 0.10.0-1.3.3 and 2.0.1-beta - Sensitive Information Exposure via OpenIdAuthorizer
May 14, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-47278
LOW
Flask 3.1.0 - Incorrect Key Order in Fallback Key Configuration
May 13, 2025
EPSS 0.00
CVE-2025-27696
HIGH
Apache Superset <= 4.1.1 - Authenticated Ownership Takeover via Dashboard Chart or Dataset
May 13, 2025
CVSS 8.8
EPSS 0.01
CVE-2025-1752
HIGH
run-llama/llama_index ~ latest(v0.12.15 - DoS
May 10, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-44021
LOW
OpenStack Ironic < 24.1.3, 24-24.1.3, 25-26.1.1, 27-29.0.1 - Arbitrary File Write via Image Handling
May 08, 2025
CVSS 2.8
EPSS 0.00
CVE-2025-32873
MEDIUM
Django 4.2-4.2.20, 5.1-5.1.8, 5.2-5.2.0 - Denial of Service via Incomplete HTML Tag Processing
May 08, 2025
CVSS 5.3
EPSS 0.14
CVE-2025-30165
HIGH
vLLM 0.5.2-0.10.0 - Remote Code Execution via Pickle Deserialization in ZeroMQ Communication
May 06, 2025
CVSS 8.0
EPSS 0.01
CVE-2025-46730
MEDIUM
Mobile Security Framework <= 4.3.2 - Denial of Service via ZIP Bomb Extraction
May 05, 2025
CVSS 6.8
EPSS 0.00
CVE-2025-46726
CRITICAL
langroid < 0.53.4 - XML External Entity Injection via XMLToolMessage
May 05, 2025
CVSS 9.1
EPSS 0.01
CVE-2025-46719
MEDIUM
Open WebUI < 0.6.6 - Stored Cross-Site Scripting via Chat Message HTML Tag Injection
May 05, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-46571
MEDIUM
Open WebUI < 0.6.6 - Stored Cross-Site Scripting via HTML File Upload
May 05, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-46335
MEDIUM
Mobile Security Framework < 4.3.3 - Stored Cross-Site Scripting via SVG File Upload
May 05, 2025
CVSS 5.4
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 92
mlflow 77
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters