pypi
4,979 tracked vulnerabilities.
CVE-2026-48525
MEDIUM
PyJWT: Unauthenticated DoS via unbounded Base64URL decoding of unused payload segment in b64=false detached JWS
May 28, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-48524
LOW
PyJWT: PyJWKClient unbounded JWKS endpoint requests via attacker-controlled kid values (DoS)
May 28, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-48523
MEDIUM
PyJWT: Algorithm allow-list bypass when decoding with `PyJWK` / `PyJWKClient` keys
May 28, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-48522
MEDIUM
PyJWKClient: missing scheme allowlist enables SSRF + token forgery via file://, ftp://, data: schemes
May 28, 2026
CVSS 4.2
EPSS 0.00
CVE-2026-48156
LOW
pypdf: Possible long runtimes for zero-only width values in cross-reference streams
May 28, 2026
CVSS 3.3
EPSS 0.00
CVE-2026-48155
MEDIUM
pypdf: Possible large memory usage for large offsets for layout mode text
May 28, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-45017
HIGH
Python Liquid: Absolute paths escape filesystem loader search path
May 28, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-44660
HIGH
UltraJSON: Memory Leak in ujson.dump() on Write Failure
May 27, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-45134
HIGH
LangSmith Client SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning
May 27, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-44681
MEDIUM
Authlib: Open Redirect in Authlib OIDC Implicit/Hybrid Authorization
May 27, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-44346
HIGH
BentoML: Dockerfile command injection via envs[*].name in bentofile.yaml
May 27, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-44345
HIGH
BentoML: Dockerfile command injection via docker.base_image
May 27, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-44353
MEDIUM
Streamlink: Arbitrary local file read via file:// URI in HLS and DASH
May 27, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-9712
LOW
pretix - Insecure Direct Object Reference
May 27, 2026
EPSS 0.00
CVE-2026-48545
MEDIUM
Gradio < 6.15.0 Cookie Injection via Shared Proxy Client
May 27, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-48544
HIGH
Taipy 4.1.1 Path Traversal via ElementLibrary.get_resource()
May 27, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-44972
MEDIUM
GuardDog: Unsanitized human-readable scan output allows terminal escape injection from malicious package content
May 27, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-44971
HIGH
GuardDog: Blind GitHub URL rewrite in remote project scanning causes SSRF and `GH_TOKEN` exfiltration
May 27, 2026
CVSS 8.2
EPSS 0.00
CVE-2026-49017
HIGH
Openstack Swift - Loop with Unreachable Exit Condition ('Infinite Loop')
May 27, 2026
EPSS 0.00
CVE-2026-49014
HIGH
Gdal < 3.13.0 - Stack-based Buffer Overflow
May 27, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-48710
MEDIUM
NUCLEI
Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks
May 26, 2026
CVSS 6.5
EPSS 0.01
CVE-2026-44899
MEDIUM
Mistune Image Directive CSS Injection Vulnerability
May 26, 2026
CVSS 4.7
EPSS 0.00
CVE-2026-44898
MEDIUM
Mistune TOC Anchor Injection XSS
May 26, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-44897
MEDIUM
Mistune Heading ID Attribute Injection XSS
May 26, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-44896
MEDIUM
Mistune: XSS via unescaped figclass/figwidth in Figure directive
May 26, 2026
CVSS 6.1
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 91
mlflow 76
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 47
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters