pypi
4,998 tracked vulnerabilities.
CVE-2025-27154
CRITICAL
spotipy < 2.25.1 - Incorrect Default Permissions in Cache File
Feb 27, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-1716
CRITICAL
picklescan <0.0.21 - Code Injection
Feb 26, 2025
CVSS 9.8
EPSS 0.02
CVE-2025-27145
LOW
copyparty < 1.16.15 - DOM-based Cross-Site Scripting via Drag-and-Drop File Upload
Feb 25, 2025
CVSS 3.6
EPSS 0.00
CVE-2025-27105
CRITICAL
vyperlang/vyper < 0.4.1 - Out-of-bounds Write via DynArray AugAssign Statement
Feb 21, 2025
CVSS 9.1
EPSS 0.01
CVE-2025-27104
HIGH
vyperlang/vyper < 0.4.1 - Improper Synchronization in For Loop Iterator Evaluation
Feb 21, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-26622
HIGH
vyperlang/vyper < 0.4.1 - Incorrect Calculation in sqrt() Builtin
Feb 21, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-1403
HIGH
Qiskit 0.45.0-1.2.4 - Denial of Service via Malformed Symengine Serialization Stream
Feb 21, 2025
CVSS 8.6
EPSS 0.01
CVE-2025-26623
CRITICAL
exiv2 0.28.0-0.28.4 - Use-After-Free via Crafted Image Metadata Write
Feb 18, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-25305
HIGH
Home Assistant Core - Info Disclosure
Feb 18, 2025
CVSS 7.0
EPSS 0.00
CVE-2025-25297
HIGH
Label Studio < 1.16.0 - Server-Side Request Forgery via S3 Endpoint Parameter
Feb 14, 2025
CVSS 8.6
EPSS 0.01
CVE-2025-25296
MEDIUM
NUCLEI
Label Studio < 1.16.0 - Cross-Site Scripting via label_config Query Parameter
Feb 14, 2025
CVSS 6.1
EPSS 0.02
CVE-2025-25295
HIGH
Label Studio SDK <1.0.10 - Path Traversal
Feb 14, 2025
EPSS 0.01
CVE-2025-25183
LOW
vllm < 0.7.2 - Cache Poisoning via Predictable Hash Collision
Feb 07, 2025
CVSS 2.6
EPSS 0.00
CVE-2025-23217
HIGH
mitmproxy < 11.1.2 - Server-Side Request Forgery via Proxy to Internal API
Feb 06, 2025
EPSS 0.01
CVE-2025-24805
MEDIUM
Mobile Security Framework < 4.3.1 - Improper Privilege Management via Access Token
Feb 05, 2025
CVSS 5.5
EPSS 0.00
CVE-2025-24804
MEDIUM
Mobile Security Framework < 4.3.1 - Denial of Service via Malformed CFBundleIdentifier in Info.plist
Feb 05, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-24803
MEDIUM
Mobile Security Framework < 4.3.1 - Stored Cross-Site Scripting via CFBundleIdentifier
Feb 05, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-24372
HIGH
CKAN < 2.10.7 and 2.11.0-2.11.2 - Authenticated Stored Cross-Site Scripting via File Upload
Feb 05, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-24370
CRITICAL
django-unicorn < 0.62.0 - Python Class Pollution via set_property_value
Feb 03, 2025
EPSS 0.00
CVE-2025-24795
MEDIUM
Snowflake Connector for Python 2.3.7-3.13.0 - Incorrect Default Permissions in Temporary Credential Cache
Jan 29, 2025
CVSS 4.4
EPSS 0.00
CVE-2025-24794
MEDIUM
Snowflake Connector for Python 2.7.12-3.13.0 - Local Privilege Escalation via OCSP Response Cache Deserialization
Jan 29, 2025
CVSS 6.7
EPSS 0.00
CVE-2025-24793
HIGH
Snowflake Connector for Python 2.2.5-3.13.0 - SQL Injection in pandas_tools Module
Jan 29, 2025
CVSS 7.0
EPSS 0.00
CVE-2025-24357
HIGH
vllm < 0.7.0 - Remote Code Execution via Pickle Deserialization in Model Weight Loading
Jan 27, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-24359
HIGH
asteval < 1.0.6 - Remote Code Execution via FormattedValue AST Node Handling
Jan 24, 2025
CVSS 8.4
EPSS 0.00
CVE-2025-22153
HIGH
CPython <3.13.2, RestrictedPython <8.0 - RCE
Jan 23, 2025
CVSS 7.9
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 92
mlflow 77
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 48
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters