pypi

4,707 tracked vulnerabilities.

CVE-2026-7722 MEDIUM
PrefectHQ prefect Health Check API health endswith improper authentication
May 04, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-7711 HIGH
MindsDB Engine proc_wrapper.py exec unrestricted upload
May 04, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-7669 MEDIUM
sgl-project SGLang HuggingFace Transformer hf_transformers_utils.py get_tokenizer deserialization
May 02, 2026
CVSS 5.6
EPSS 0.00
CVE-2026-7597 MEDIUM
mem0ai mem0 faiss.py pickle.dump deserialization
May 01, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-7579 HIGH
AstrBotDevs AstrBot Dashboard auth.py hard-coded credentials
May 01, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-43003 HIGH
OpenStack ironic-python-agent <11.5.0 - Code Injection
May 01, 2026
CVSS 8.0
EPSS 0.00
CVE-2026-43001 HIGH
OpenStack Keystone 13-29 - Privilege Escalation
May 01, 2026
CVSS 7.9
EPSS 0.00
CVE-2026-41016 MEDIUM
Apache Airflow Providers SMTP: No certificate validation on SMTP STARTTLS connections in SMTP provider
Apr 30, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-7404 HIGH
getsimpletool mcpo-simple-server base_manager.py delete_shared_prompt path traversal
Apr 29, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-42510 MEDIUM
OpenStack Ironic <=25.0.0 - Command Injection
Apr 28, 2026
CVSS 6.6
EPSS 0.00
CVE-2026-7212 HIGH
edvardlindelof notes-mcp notes_mcp.py path traversal
Apr 28, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-7206 HIGH
dubydu sqlite-mcp entry.py extract_to_json sql injection
Apr 28, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-7159 HIGH
douinc mkdocs-mcp-plugin server.py list_documents path traversal
Apr 27, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-7158 HIGH
dmitryglhf mcp-url-downloader server.py _validate_url_safe server-side request forgery
Apr 27, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-7150 MEDIUM
dh1011 auto-favicon MCP Tool server.py generate_favicon_from_url server-side request forgery
Apr 27, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-7149 HIGH
dexhunter kaggle-mcp server.py prepare_kaggle_dataset path traversal
Apr 27, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-7142 MEDIUM
Wooey API Endpoint scripts.py add_or_update_script improper authorization
Apr 27, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-7141 MEDIUM
vllm KV Block kv_cache_interface.py has_mamba_layers uninitialized resource
Apr 27, 2026
CVSS 5.6
EPSS 0.00
CVE-2026-6357 MEDIUM
pip self-update functionality can import newly installed modules after wheel installation
Apr 27, 2026
EPSS 0.00
CVE-2026-6984 MEDIUM
AstrBotDevs AstrBot Dashboard API t2i.py create_template special elements used in a template engine
Apr 25, 2026
CVSS 4.7
EPSS 0.00
CVE-2026-41488 LOW
angchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding
Apr 24, 2026
CVSS 3.1
EPSS 0.00
CVE-2026-41481 MEDIUM
LangChain: HTMLHeaderTextSplitter.split_text_from_url SSRF Redirect Bypass
Apr 24, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-41426 MEDIUM
pretalx: Email injection via unescaped user-controlled placeholders in pretalx mail templates
Apr 24, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-41425 MEDIUM
Authlib: Cross-site request forging when using cache
Apr 24, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-41140
Poetry < 2.3.4 - Path Traversal via Tarball Extraction
Apr 24, 2026
EPSS 0.00
Products
tensorflow 427 tensorflow-gpu 421 tensorflow-cpu 417 Django 147 apache-airflow 111 Plone 96 open-webui 86 mlflow 70 apache-superset 67 salt 67 ansible 66 pillow 52 nova 48 gradio 46 rdiffweb 43 matrix-synapse 42 pyload-ng 41 vyper 39 vllm 38 keystone 36 moin 35 aiohttp 33 opencv-contrib-python 30 opencv-python 30 PraisonAI 27 pgadmin4 26 pypdf 24 glance 22 langflow 22 ethyca-fides 21
Quick Filters
Critical CVEs With Exploits In CISA KEV