pypi
4,979 tracked vulnerabilities.
CVE-2026-44844
MEDIUM
eml_parser: Recursion DoS via nested message/rfc822 attachments
May 26, 2026
EPSS 0.00
CVE-2026-44843
HIGH
LangChain: Unsafe deserialization of attacker-controlled LangChain objects through overly broad `load()` allowlists
May 26, 2026
CVSS 8.2
EPSS 0.00
CVE-2026-44708
MEDIUM
Mistune Math Plugin XSS Escape Bypass
May 26, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-44209
HIGH
Banks: Critical Remote Code Execution (RCE) via Jinja2 SSTI
May 26, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-44730
HIGH
OpenCTI: Privilege escalation via graphQL API abusable by organization admins, due to incorrect ACL on userEdit relationAdd
May 26, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-42448
LOW
wormhole receive, with --output pointing at an existing directory can be path-traversed
May 26, 2026
CVSS 3.5
EPSS 0.00
CVE-2026-47728
MEDIUM
Bugsink: Project scoping missing in sourcemap and debug-file lookup
May 26, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-47716
LOW
Bugsink: Issue bulk actions can affect another project’s issue if its UUID is known
May 26, 2026
CVSS 3.1
EPSS 0.00
CVE-2026-47715
LOW
Bugsink: Issue event views can show an event from another project if its UUID is known
May 26, 2026
CVSS 3.1
EPSS 0.00
CVE-2026-44502
MEDIUM
Bugsink: SSRF bypass in `validate_webhook_url`
May 26, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-9540
MEDIUM
vllm-project vllm OpenAI-compatible Serving Path denial of service
May 26, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-46745
MEDIUM
Apache Airflow FAB provider: LDAP Filter Injection in FAB Auth Manager _search_ldap reachable via /auth/token
May 25, 2026
CVSS 5.3
EPSS 0.01
CVE-2026-45361
HIGH
Apache Airflow Google provider: SSH host key verification disabled in ComputeEngineSSHHook (paramiko AutoAddPolicy default)
May 25, 2026
CVSS 8.1
EPSS 0.01
CVE-2026-2651
CRITICAL
Missing Authorization Validation in mlflow/mlflow
May 25, 2026
CVSS 9.0
EPSS 0.00
CVE-2026-4372
HIGH
Arbitrary Remote Code Execution via `_attn_implementation_internal` Config Injection in huggingface/transformers
May 24, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-9369
MEDIUM
NousResearch hermes-agent CLI web-dashboard web_server.py _discover_dashboard_plugins comparison
May 24, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-9368
HIGH
NousResearch hermes-agent Environment Variable code_execution_tool.py execute_code sandbox
May 24, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-9366
HIGH
NousResearch hermes-agent prompt_builder.py _scan_context_content injection
May 24, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-9353
HIGH
NousResearch hermes-agent Skills Guard Multi-Word Prompt skills_guard.py injection
May 24, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-3515
HIGH
Argument Injection in prefecthq/prefect
May 24, 2026
CVSS 8.5
EPSS 0.00
CVE-2026-40864
MEDIUM
JupyterHub: Cross-origin form POSTs bypass XSRF
May 22, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-40610
MEDIUM
BentoML has Information Disclosure in `bentoml build` via symlink traversal in the build context
May 22, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-9291
HIGH
Insecure Deserialization in Amazon Braket SDK Job Results Processing
May 22, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-47102
HIGH
LiteLLM < 1.83.10 Privilege Escalation via User Update
May 21, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-47101
HIGH
LiteLLM < 1.83.14 Privilege Escalation via API Key Generation
May 21, 2026
CVSS 8.8
EPSS 0.01
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 128
Plone 96
open-webui 91
mlflow 76
apache-superset 67
salt 67
ansible 66
pillow 52
nova 49
gradio 47
matrix-synapse 44
pyload-ng 44
rdiffweb 43
keystone 40
vllm 40
vyper 39
moin 35
aiohttp 34
opencv-contrib-python 30
opencv-python 30
pypdf 28
PraisonAI 27
pgadmin4 26
langflow 24
openbabel 24
picklescan 23
Quick Filters