CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

57342 matches found

CVE-2026-48525

PyJWT is a JSON Web Token implementation in Python. From 2.8.0 to 2.12.1, when verifying detached JWS tokens using the unencoded-payload option "b64": false, RFC 7797, PyJWT performs Base64URL decoding of the compact-serialization payload segment before enforcing the detached-payload rules. For...

5.3CVSS0.00054EPSS

Exploits1References1

NVD•added last week•9 views

CVE-2026-48524

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.getsigningkey forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no rate limiting. Since kid comes from the unverified token header, an attacker can trigger unlimited...

3.7CVSS0.00057EPSS

Exploits0References1

OSV•added last week•1 views

PYSEC-2026-176

PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...

5.4CVSS5.8AI score0.00014EPSS

Exploits1References1

OSV•added last week•1 views

PYSEC-2026-177

3.7CVSS5.8AI score0.00057EPSS

Exploits0References1

PyPA•added last week•5 views

PYSEC-0000-CVE-2026-48524

3.7CVSS5.8AI score0.00057EPSS

Exploits0References1Affected Software1

OSV•added last week•2 views

PYSEC-2026-192

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

7.5CVSS5.9AI score0.0009EPSS

Exploits0References1

NVD•added last week•10 views

CVE-2026-45017

8.2CVSS0.0009EPSS

Exploits0References1

PyPA•added last week•4 views

PYSEC-0000-CVE-2026-45017

8.2CVSS5.9AI score0.0009EPSS

Exploits0References1Affected Software1

PyPA•added last week•3 views

PYSEC-2026-192

8.2CVSS5.9AI score0.0009EPSS

Exploits0References1Affected Software1

OSV•added last week•5 views

UBUNTU-CVE-2026-48522

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler. There is currently no...

4.2CVSS6AI score0.00034EPSS

Exploits1References3

OSV•added last week•3 views

UBUNTU-CVE-2026-48526

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the...

7.4CVSS5.8AI score0.00017EPSS

Exploits1References3

Debian•added last week•6 views

[SECURITY] [DLA 4605-1] python-flask-httpauth security update

Debian LTS Advisory DLA-4605-1 [email protected] https://www.debian.org/lts/security/ Emmanuel Arias May 28, 2026 https://wiki.debian.org/LTS Package : python-flask-httpauth Version : 3.2.4-3.1+deb11u1 CVE ID : CVE-2026-34531 Debian Bug : 1132581 A vulnerability was found in...

8.2CVSS5.9AI score0.00024EPSS

Exploits0

OSV•added last week•1 views

SUSE-SU-2026:21861-1 Security update for python-Pillow

This update for python-Pillow fixes the following issues - CVE-2026-42308: integer overflow in font processing can lead to denial of service bsc1265359. - CVE-2026-42309: heap buffer overflow when processing nested list coordinates bsc1265153. - CVE-2026-42310: infinite loop and resource exhausti...

5.5CVSS6AI score0.00015EPSS

Exploits0References7

OSV•added 2026/05/28 3:43 p.m.•5 views

RLSA-2026:19366 Important: python-markdown security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

8.2CVSS5.8AI score0.00385EPSS

Exploits1References2

Rockylinux•added 2026/05/28 3:43 p.m.•6 views

python-markdown security update

An update is available for python-markdown. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming...

7.5CVSS7.3AI score0.00385EPSS

Exploits1

OSV•added 2026/05/28 3:43 p.m.•10 views

RLSA-2026:19175 Important: python3.11 security update

8.1CVSS7.3AI score0.00164EPSS

Exploits0References4

OSV•added 2026/05/28 3:43 p.m.•3 views

RLSA-2026:19216 Important: python3.9 security update

8.1CVSS6.4AI score0.00164EPSS

Exploits0References4

Rockylinux•added 2026/05/28 3:43 p.m.•8 views

python3.12 security update

An update is available for python3.12. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming languag...

9.1CVSS7.7AI score0.00205EPSS

Exploits1

OSV•added 2026/05/28 3:43 p.m.•3 views

RLSA-2026:19197 Low: python-jwcrypto security update

7.5CVSS5.8AI score0.00105EPSS

Exploits1References2

Rockylinux•added 2026/05/28 3:43 p.m.•15 views

python3.9 security update

An update is available for python3.9. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming language...

9.1CVSS7.6AI score0.00164EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by