pypi

4,998 tracked vulnerabilities.

CVE-2025-27154 CRITICAL
spotipy < 2.25.1 - Incorrect Default Permissions in Cache File
Feb 27, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-1716 CRITICAL
picklescan <0.0.21 - Code Injection
Feb 26, 2025
CVSS 9.8
EPSS 0.02
CVE-2025-27145 LOW
copyparty < 1.16.15 - DOM-based Cross-Site Scripting via Drag-and-Drop File Upload
Feb 25, 2025
CVSS 3.6
EPSS 0.00
CVE-2025-27105 CRITICAL
vyperlang/vyper < 0.4.1 - Out-of-bounds Write via DynArray AugAssign Statement
Feb 21, 2025
CVSS 9.1
EPSS 0.01
CVE-2025-27104 HIGH
vyperlang/vyper < 0.4.1 - Improper Synchronization in For Loop Iterator Evaluation
Feb 21, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-26622 HIGH
vyperlang/vyper < 0.4.1 - Incorrect Calculation in sqrt() Builtin
Feb 21, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-1403 HIGH
Qiskit 0.45.0-1.2.4 - Denial of Service via Malformed Symengine Serialization Stream
Feb 21, 2025
CVSS 8.6
EPSS 0.01
CVE-2025-26623 CRITICAL
exiv2 0.28.0-0.28.4 - Use-After-Free via Crafted Image Metadata Write
Feb 18, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-25305 HIGH
Home Assistant Core - Info Disclosure
Feb 18, 2025
CVSS 7.0
EPSS 0.00
CVE-2025-25297 HIGH
Label Studio < 1.16.0 - Server-Side Request Forgery via S3 Endpoint Parameter
Feb 14, 2025
CVSS 8.6
EPSS 0.01
CVE-2025-25296 MEDIUM NUCLEI
Label Studio < 1.16.0 - Cross-Site Scripting via label_config Query Parameter
Feb 14, 2025
CVSS 6.1
EPSS 0.02
CVE-2025-25295 HIGH
Label Studio SDK <1.0.10 - Path Traversal
Feb 14, 2025
EPSS 0.01
CVE-2025-25183 LOW
vllm < 0.7.2 - Cache Poisoning via Predictable Hash Collision
Feb 07, 2025
CVSS 2.6
EPSS 0.00
CVE-2025-23217 HIGH
mitmproxy < 11.1.2 - Server-Side Request Forgery via Proxy to Internal API
Feb 06, 2025
EPSS 0.01
CVE-2025-24805 MEDIUM
Mobile Security Framework < 4.3.1 - Improper Privilege Management via Access Token
Feb 05, 2025
CVSS 5.5
EPSS 0.00
CVE-2025-24804 MEDIUM
Mobile Security Framework < 4.3.1 - Denial of Service via Malformed CFBundleIdentifier in Info.plist
Feb 05, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-24803 MEDIUM
Mobile Security Framework < 4.3.1 - Stored Cross-Site Scripting via CFBundleIdentifier
Feb 05, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-24372 HIGH
CKAN < 2.10.7 and 2.11.0-2.11.2 - Authenticated Stored Cross-Site Scripting via File Upload
Feb 05, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-24370 CRITICAL
django-unicorn < 0.62.0 - Python Class Pollution via set_property_value
Feb 03, 2025
EPSS 0.00
CVE-2025-24795 MEDIUM
Snowflake Connector for Python 2.3.7-3.13.0 - Incorrect Default Permissions in Temporary Credential Cache
Jan 29, 2025
CVSS 4.4
EPSS 0.00
CVE-2025-24794 MEDIUM
Snowflake Connector for Python 2.7.12-3.13.0 - Local Privilege Escalation via OCSP Response Cache Deserialization
Jan 29, 2025
CVSS 6.7
EPSS 0.00
CVE-2025-24793 HIGH
Snowflake Connector for Python 2.2.5-3.13.0 - SQL Injection in pandas_tools Module
Jan 29, 2025
CVSS 7.0
EPSS 0.00
CVE-2025-24357 HIGH
vllm < 0.7.0 - Remote Code Execution via Pickle Deserialization in Model Weight Loading
Jan 27, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-24359 HIGH
asteval < 1.0.6 - Remote Code Execution via FormattedValue AST Node Handling
Jan 24, 2025
CVSS 8.4
EPSS 0.00
CVE-2025-22153 HIGH
CPython <3.13.2, RestrictedPython <8.0 - RCE
Jan 23, 2025
CVSS 7.9
EPSS 0.00