pypi
4,707 tracked vulnerabilities.
CVE-2026-44339
HIGH
PraisonAI has unsafe tool resolution in `ToolExecutionMixin.execute_tool`: undeclared `__main__` callables execute
May 08, 2026
CVSS 8.6
EPSS 0.00
CVE-2026-44338
HIGH
PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution
May 08, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-44337
MEDIUM
PraisonAI knowledge-store backends interpolate unvalidated collection names into SQL and CQL queries
May 08, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-44336
CRITICAL
PraisonAI MCP `tools/call` path-traversal and RCE via Python `.pth` injection
May 08, 2026
CVSS 9.6
EPSS 0.00
CVE-2026-44335
CRITICAL
SSRF bypass in PraisonAI
May 08, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-44334
HIGH
PraisonAI: Unauthenticated RCE via `tool_override.py`
May 08, 2026
CVSS 8.4
EPSS 0.00
CVE-2026-41497
CRITICAL
Incomplete fix for CVE-2026-34935: Command Injection in MervinPraison/PraisonAI
May 08, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-41496
HIGH
PraisonAI < 4.6.9 Conversation Store Backends - SQL Injection
May 08, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-42271
HIGH
LiteLLM: Authenticated command execution via MCP stdio test endpoints
May 08, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-42208
CRITICAL
KEV
LiteLLM: SQL injection in Proxy API key verification
May 08, 2026
CVSS 9.8
EPSS 0.54
CVE-2026-42203
HIGH
LiteLLM: Server-Side Template Injection in /prompts/test endpoint
May 08, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-42150
MEDIUM
wlc: print_html outputs API data without HTML escaping, enabling stored XSS
May 08, 2026
CVSS 5.1
EPSS 0.00
CVE-2026-40214
MEDIUM
OpenStack Cyborg <14.0.1, 15.0.0-15.0.1, 16.0.0-16.0.1 DoS via Accelerator Request API
May 07, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-40213
HIGH
OpenStack Cyborg < 14.0.1, 15.0.0-15.0.1, 16.0.0-16.0.1 - Authenticated Incorrect Authorization via Default Policy Rule
May 07, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-8088
LOW
OSGeo gdal GDapi.c GDfieldinfo out-of-bounds
May 07, 2026
CVSS 3.3
EPSS 0.00
CVE-2026-8087
MEDIUM
OSGeo gdal GDapi.c GDnentries heap-based overflow
May 07, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-44742
HIGH
Postorius < 1.3.13 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
May 07, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-44244
HIGH
GitPython: Newline injection in config_writer().set_value() enables RCE via core.hooksPath
May 07, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-44243
HIGH
GitPython: Path traversal in GitPython reference APIs allows arbitrary file write and delete outside the repository
May 07, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-42284
HIGH
GitPython: Unsafe option check validates multi_options before shlex.split transforms it
May 07, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-42215
HIGH
GitPython: Command injection via Git options bypass
May 07, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-44264
MEDIUM
Weblate is vulnerable to XSS via crafted Markdown
May 07, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-44263
MEDIUM
Weblate: Private Translation Enumeration via Screenshot API
May 07, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-41654
HIGH
Weblate is Vulnerable to Authenticated SSRF via Project Backup Import bypassing validate_repo_url
May 07, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-41519
MEDIUM
Weblate's API Token Not Invalidated on Password Change
May 07, 2026
CVSS 4.2
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 111
Plone 96
open-webui 86
mlflow 70
apache-superset 67
salt 67
ansible 66
pillow 52
nova 48
gradio 46
rdiffweb 43
matrix-synapse 42
pyload-ng 41
vyper 39
vllm 38
keystone 36
moin 35
aiohttp 33
opencv-contrib-python 30
opencv-python 30
PraisonAI 27
pgadmin4 26
pypdf 24
glance 22
langflow 22
ethyca-fides 21
Quick Filters