pypi
4,707 tracked vulnerabilities.
CVE-2026-7818
HIGH
pgAdmin 4: Unsafe deserialization (CWE-502) in file-backed session manager leads to remote code execution
May 11, 2026
CVSS 7.0
EPSS 0.00
CVE-2026-7817
MEDIUM
pgAdmin 4: Local file inclusion and server-side request forgery in LLM API configuration endpoints
May 11, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-7816
HIGH
pgAdmin 4: OS command injection in Import/Export query export via psql metacommand breakout
May 11, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-7815
HIGH
pgAdmin 4: SQL injection in Maintenance tool option values leading to remote code execution
May 11, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-7814
MEDIUM
pgAdmin 4: Stored XSS via crafted PostgreSQL object names in Browser Tree and Explain Visualizer
May 11, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-7813
CRITICAL
pgAdmin 4: Cross-user data access and shared-server privilege escalation in server mode
May 11, 2026
CVSS 9.9
EPSS 0.00
CVE-2026-44201
MEDIUM
Wagtail: Improper restriction handling on Documents and Images API
May 11, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-44200
MEDIUM
Wagtail: Improper permission handling when copying pages
May 11, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-44199
MEDIUM
Wagtail: Improper permission handling when deleting form submissions
May 11, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-44198
MEDIUM
Wagtail: Improper permission handling when viewing page history
May 11, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-44197
MEDIUM
Wagtail: Improper permission handling when comparing revisions
May 11, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-31247
HIGH
Docling JATS XML Backend thru 2.61.0 - XML Entity Expansion Denial of Service
May 11, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-43826
MEDIUM
Apache Airflow Providers OpenSearch: OpenSearch task-log handler leaks credentials embedded in the host URL
May 11, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-41018
MEDIUM
Apache Airflow Providers Elasticsearch: Elasticsearch task-log handler leaks credentials embedded in the host URL
May 11, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-42601
CRITICAL
ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView
May 09, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-42311
HIGH
Pillow: OOB Write with Invalid PSD Tile Extents (Integer Overflow)
May 09, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-42310
MEDIUM
Pillow: PDF Parsing Trailer Infinite Loop (DoS)
May 09, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-42309
MEDIUM
Pillow: Heap buffer overflow with nested list coordinates
May 09, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-42308
MEDIUM
Pillow: Integer overflow when processing fonts
May 09, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-42301
HIGH
Improper Input Validation leading to Improper Control of Generation of Code ('Code Injection') in pyp2spec
May 09, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-42354
CRITICAL
Sentry: Improper authentication on SAML SSO process allows user identity linking
May 08, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-42352
HIGH
pygeoapi 0.23.x: Unauthenticated SSRF via OGC API - Processes Subscriber
May 08, 2026
CVSS 8.6
EPSS 0.00
CVE-2026-42351
HIGH
pygeoapi: Path Traversal in STAC FileSystemProvider
May 08, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-41486
HIGH
Ray: Remote Code Execution via Parquet Arrow Extension Type Deserialization
May 08, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-44340
HIGH
PraisonAI: Symlink-extraction bypass of `_safe_extractall` writes outside `dest_dir`
May 08, 2026
CVSS 7.5
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 111
Plone 96
open-webui 86
mlflow 70
apache-superset 67
salt 67
ansible 66
pillow 52
nova 48
gradio 46
rdiffweb 43
matrix-synapse 42
pyload-ng 41
vyper 39
vllm 38
keystone 36
moin 35
aiohttp 33
opencv-contrib-python 30
opencv-python 30
PraisonAI 27
pgadmin4 26
pypdf 24
glance 22
langflow 22
ethyca-fides 21
Quick Filters