pypi

4,998 tracked vulnerabilities.

CVE-2025-29573 MEDIUM
Mezzanine 6.0.0 - Stored Cross-Site Scripting in Forms Module View Entries Feature
May 05, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-47241 MEDIUM
browser-use < 0.1.45 - Authorization Bypass via Non-Canonical URL Path
May 03, 2025
CVSS 4.0
EPSS 0.00
CVE-2025-46567 MEDIUM
LLaMA-Factory <1.0.0 - Deserialization
May 01, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-46560 MEDIUM
vllm 0.8.0-0.8.5 - Denial of Service via Inefficient Multimodal Tokenizer Input Processing
Apr 30, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-32444 CRITICAL
vllm 0.6.5-0.8.5 - Remote Code Execution via Pickle Deserialization
Apr 30, 2025
CVSS 10.0
EPSS 0.01
CVE-2025-30202 HIGH
vLLM 0.5.2-0.8.5 - Denial of Service and Data Exposure via ZeroMQ Socket
Apr 30, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-1194 MEDIUM
huggingface/transformers < 4.50.0 - Regular Expression Denial of Service in SubWordJapaneseTokenizer
Apr 29, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-4032 MEDIUM
inclusionai aworld - OS Command Injection in shell_tool.py
Apr 28, 2025
CVSS 5.0
EPSS 0.03
CVE-2025-46656 LOW
python-markdownify <0.14.1 - Memory Consumption
Apr 26, 2025
CVSS 2.9
EPSS 0.00
CVE-2025-43859 CRITICAL
Pypi H11 < 0.16.0 - HTTP Request Smuggling
Apr 24, 2025
CVSS 9.1
EPSS 0.01
CVE-2025-46417 HIGH
Picklescan <0.0.25 - Info Disclosure
Apr 24, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-32788 MEDIUM
OctoPrint <= 1.10.3 - Authentication Bypass via Login Redirect Spoofing
Apr 22, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-32377 MEDIUM
Rasa Pro 3.9.0-3.9.19, 3.10.0-3.10.18, 3.11.0-3.11.6, 3.12.0-3.12.5 - Unauthenticated Voice Data Submission
Apr 18, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-28197 CRITICAL
Crawl4AI <=0.4.247 - Server-Side Request Forgery in async_dispatcher.py
Apr 18, 2025
CVSS 9.1
EPSS 0.00
CVE-2025-32434 CRITICAL
PyTorch < 2.6.0 - Remote Code Execution via torch.load with weights_only=True
Apr 18, 2025
CVSS 9.8
EPSS 0.02
CVE-2025-3730 LOW
PyTorch < 2.8.0 - Denial of Service in torch.nn.functional.ctc_loss
Apr 16, 2025
CVSS 3.3
EPSS 0.00
CVE-2025-32021 LOW
Weblate < 5.11 - Sensitive Information Exposure via Repository URL Query Parameter
Apr 15, 2025
CVSS 2.2
EPSS 0.00
CVE-2025-32428 CRITICAL
jupyter-remote-desktop-proxy 3.0.0 - Exposure of VNC Server to Wrong Sphere via TigerVNC
Apr 15, 2025
EPSS 0.01
CVE-2025-32381 MEDIUM
mlc-ai xgrammar < 0.1.18 - Denial of Service via Unbounded Grammar Cache
Apr 09, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-32375 CRITICAL
BentoML < 1.4.8 - Remote Code Execution via Insecure Deserialization
Apr 09, 2025
CVSS 9.8
EPSS 0.50
CVE-2025-3248 CRITICAL KEVNUCLEI
Langflow AI - Unauthenticated Remote Code Execution
Apr 07, 2025
CVSS 9.8
EPSS 1.00
CVE-2025-30473 HIGH
Apache Airflow Common SQL Provider - SQL Injection
Apr 07, 2025
CVSS 8.8
EPSS 0.01
CVE-2025-32013 HIGH
lnbits < 0.12.12 - Server-Side Request Forgery via LNURL Callback URL
Apr 06, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-27520 CRITICAL
BentoML >=1.3.4 <1.4.3 - Unauthenticated Remote Code Execution via Insecure Deserialization
Apr 04, 2025
CVSS 9.8
EPSS 0.36
CVE-2025-30370 HIGH
jupyterlab-git < 0.51.1 - OS Command Injection via Git Repository Path
Apr 03, 2025
CVSS 7.4
EPSS 0.01