pypi
4,998 tracked vulnerabilities.
CVE-2025-29573
MEDIUM
Mezzanine 6.0.0 - Stored Cross-Site Scripting in Forms Module View Entries Feature
May 05, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-47241
MEDIUM
browser-use < 0.1.45 - Authorization Bypass via Non-Canonical URL Path
May 03, 2025
CVSS 4.0
EPSS 0.00
CVE-2025-46567
MEDIUM
LLaMA-Factory <1.0.0 - Deserialization
May 01, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-46560
MEDIUM
vllm 0.8.0-0.8.5 - Denial of Service via Inefficient Multimodal Tokenizer Input Processing
Apr 30, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-32444
CRITICAL
vllm 0.6.5-0.8.5 - Remote Code Execution via Pickle Deserialization
Apr 30, 2025
CVSS 10.0
EPSS 0.01
CVE-2025-30202
HIGH
vLLM 0.5.2-0.8.5 - Denial of Service and Data Exposure via ZeroMQ Socket
Apr 30, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-1194
MEDIUM
huggingface/transformers < 4.50.0 - Regular Expression Denial of Service in SubWordJapaneseTokenizer
Apr 29, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-4032
MEDIUM
inclusionai aworld - OS Command Injection in shell_tool.py
Apr 28, 2025
CVSS 5.0
EPSS 0.03
CVE-2025-46656
LOW
python-markdownify <0.14.1 - Memory Consumption
Apr 26, 2025
CVSS 2.9
EPSS 0.00
CVE-2025-43859
CRITICAL
Pypi H11 < 0.16.0 - HTTP Request Smuggling
Apr 24, 2025
CVSS 9.1
EPSS 0.01
CVE-2025-46417
HIGH
Picklescan <0.0.25 - Info Disclosure
Apr 24, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-32788
MEDIUM
OctoPrint <= 1.10.3 - Authentication Bypass via Login Redirect Spoofing
Apr 22, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-32377
MEDIUM
Rasa Pro 3.9.0-3.9.19, 3.10.0-3.10.18, 3.11.0-3.11.6, 3.12.0-3.12.5 - Unauthenticated Voice Data Submission
Apr 18, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-28197
CRITICAL
Crawl4AI <=0.4.247 - Server-Side Request Forgery in async_dispatcher.py
Apr 18, 2025
CVSS 9.1
EPSS 0.00
CVE-2025-32434
CRITICAL
PyTorch < 2.6.0 - Remote Code Execution via torch.load with weights_only=True
Apr 18, 2025
CVSS 9.8
EPSS 0.02
CVE-2025-3730
LOW
PyTorch < 2.8.0 - Denial of Service in torch.nn.functional.ctc_loss
Apr 16, 2025
CVSS 3.3
EPSS 0.00
CVE-2025-32021
LOW
Weblate < 5.11 - Sensitive Information Exposure via Repository URL Query Parameter
Apr 15, 2025
CVSS 2.2
EPSS 0.00
CVE-2025-32428
CRITICAL
jupyter-remote-desktop-proxy 3.0.0 - Exposure of VNC Server to Wrong Sphere via TigerVNC
Apr 15, 2025
EPSS 0.01
CVE-2025-32381
MEDIUM
mlc-ai xgrammar < 0.1.18 - Denial of Service via Unbounded Grammar Cache
Apr 09, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-32375
CRITICAL
BentoML < 1.4.8 - Remote Code Execution via Insecure Deserialization
Apr 09, 2025
CVSS 9.8
EPSS 0.50
CVE-2025-3248
CRITICAL
KEVNUCLEI
Langflow AI - Unauthenticated Remote Code Execution
Apr 07, 2025
CVSS 9.8
EPSS 1.00
CVE-2025-30473
HIGH
Apache Airflow Common SQL Provider - SQL Injection
Apr 07, 2025
CVSS 8.8
EPSS 0.01
CVE-2025-32013
HIGH
lnbits < 0.12.12 - Server-Side Request Forgery via LNURL Callback URL
Apr 06, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-27520
CRITICAL
BentoML >=1.3.4 <1.4.3 - Unauthenticated Remote Code Execution via Insecure Deserialization
Apr 04, 2025
CVSS 9.8
EPSS 0.36
CVE-2025-30370
HIGH
jupyterlab-git < 0.51.1 - OS Command Injection via Git Repository Path
Apr 03, 2025
CVSS 7.4
EPSS 0.01
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 92
mlflow 77
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters