pypi
4,707 tracked vulnerabilities.
CVE-2026-41490
HIGH
Dagster Vulnerable to SQL Injection via Dynamic Partition Keys in Database I/O Manager Integrations
May 07, 2026
CVSS 8.3
EPSS 0.00
CVE-2026-40171
HIGH
Jupyter Notebook and JupyterLab token theft via stored XSS in help command linker
May 06, 2026
EPSS 0.00
CVE-2026-33079
HIGH
Mistune ReDoS in LINK_TITLE_RE allows denial of service with crafted Markdown titles
May 06, 2026
EPSS 0.00
CVE-2026-29090
HIGH
Rucio SQL injection in postgres_meta DID search path compromises PostgreSQL metadata database
May 06, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-29080
HIGH
Rucio SQL Injection in FilterEngine Oracle JSON Path via DID Search API
May 06, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-6420
MEDIUM
Keylime: keylime: security bypass due to hardcoded tpm quote nonce
May 06, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-44405
LOW
Paramiko < 4.0.0 - Use of a Broken or Risky Cryptographic Algorithm
May 06, 2026
CVSS 3.4
EPSS 0.00
CVE-2026-40934
MEDIUM
jupyter-server authentication cookies remain valid after password reset due to static cookie secret
May 05, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-40110
HIGH
jupyter-server CORS origin validation bypass via unanchored regex in allow_origin_pat
May 05, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-35397
HIGH
jupyter-server path traversal allows access to sibling directories sharing root_dir name prefix
May 05, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-42997
HIGH
OpenStack Ironic <26.1.6 - Auth Bypass
May 05, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-7847
LOW
chatchat-space Langchain-Chatchat Uploaded File openai_routes.py _get_file_id random values
May 05, 2026
CVSS 2.6
EPSS 0.00
CVE-2026-43002
MEDIUM
OpenStack Horizon 25.6-25.7 < 25.7.3 - Unauthenticated Session Storage Exhaustion via Write Operation
May 05, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-7846
LOW
chatchat-space Langchain-Chatchat OpenAI-Compatible File Upload API openai_routes.py files toctou
May 05, 2026
CVSS 2.6
EPSS 0.00
CVE-2026-7845
LOW
chatchat-space Langchain-Chatchat Vision Chat Paste Image dialogue.py PIL.Image.tobytes weak hash
May 05, 2026
CVSS 2.6
EPSS 0.00
CVE-2026-6907
MEDIUM
Potential exposure of private data due to incorrect handling of Vary: * in UpdateCacheMiddleware
May 05, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-5766
MEDIUM
Django ASGI File Upload - Memory Limit Bypass DoS
May 05, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-35192
MEDIUM
Session fixation via public cached pages and SESSION_SAVE_EVERY_REQUEST
May 05, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-42052
MEDIUM
beets < 2.10.0 Web UI - Cross-Site Scripting
May 04, 2026
EPSS 0.00
CVE-2026-42080
MEDIUM
PPTAgent: Arbitrary File Write via `save_generated_slides`
May 04, 2026
CVSS 4.6
EPSS 0.00
CVE-2026-42079
HIGH
PPTAgent: Arbitrary Code Execution via Python eval() of LLM-Generated Code with Builtins in Scope
May 04, 2026
CVSS 8.6
EPSS 0.00
CVE-2026-42078
MEDIUM
PPTAgent: Arbitrary File Write + Directory Creation via markdown_table_to_image
May 04, 2026
CVSS 4.6
EPSS 0.00
CVE-2026-7725
MEDIUM
PrefectHQ prefect GitRepository Pull storage.py argument injection
May 04, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-7724
MEDIUM
PrefectHQ prefect Webhook/Notification validate_restricted_url toctou
May 04, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-7723
HIGH
PrefectHQ prefect WebSocket Endpoint in missing authentication
May 04, 2026
CVSS 7.3
EPSS 0.00
Products
tensorflow 427
tensorflow-gpu 421
tensorflow-cpu 417
Django 147
apache-airflow 111
Plone 96
open-webui 86
mlflow 70
apache-superset 67
salt 67
ansible 66
pillow 52
nova 48
gradio 46
rdiffweb 43
matrix-synapse 42
pyload-ng 41
vyper 39
vllm 38
keystone 36
moin 35
aiohttp 33
opencv-contrib-python 30
opencv-python 30
PraisonAI 27
pgadmin4 26
pypdf 24
glance 22
langflow 22
ethyca-fides 21
Quick Filters