Lucene search
+L

7044 matches found

PyPA
PyPA
•added 2026/06/24 6:17 p.m.•4 views

PYSEC-2026-2145

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.73.0 until 2.91.0, he LaTeX backend's handling of \includegraphics, \input, and \include commands lacked path containment validation. Attackers could craft malicio...

5.5CVSS6.2AI score0.00163EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2026/06/24 6:17 p.m.•5 views

PYSEC-2026-2143

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.91.0, the EasyOCR model download functionality extracted ZIP archives without validating member paths, enabling Zip Slip attacks. If an attacker could compromi...

8.3CVSS6.6AI score0.00478EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 2026/06/24 6:17 p.m.•3 views

PYSEC-2026-2142

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. FIn versions = 2.82.0, 2.91.0, if the HTML backend was explicitly configured for rendering rendering option by default deactivated, then the Playwright-based rendering...

8.2CVSS6.6AI score0.00384EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 2026/06/24 2:1 p.m.•9 views

Malicious code in ensmallen (PyPI)

Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08,malicious phantom releases of ensmallen were published to PyPI using stolencredentials. The package executes a bundled JavaScript payload via the Bunruntime on import that harvests and exfiltrates credentials and...

5.8AI score
Exploits0References3Affected Software1
PyPA
PyPA
•added 2026/06/24 1:16 p.m.•6 views

PYSEC-2026-229

Crawl4AI before 0.8.7 contains an authentication bypass vulnerability in the monitor router endpoints that allows unauthenticated attackers to access destructive operations. Remote attackers can invoke the /monitor/actions/cleanup endpoint and manipulate monitoring state without authentication,...

6.9CVSS5.8AI score0.00417EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2026/06/24 1:16 p.m.•5 views

PYSEC-0000-CVE-2026-56262

Crawl4AI before 0.8.7 contains an authentication bypass vulnerability in the monitor router endpoints that allows unauthenticated attackers to access destructive operations. Remote attackers can invoke the /monitor/actions/cleanup endpoint and manipulate monitoring state without authentication,...

6.9CVSS5.8AI score0.00417EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2026/06/23 7:17 p.m.•4 views

PYSEC-2026-587

Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.8, the Docker API server's SSRF protection validatewebhookurl / validateurldestination in deploy/docker/utils.py used an explicit IPv4/IPv6 CIDR blocklist that missed several address families. An attacker could reach...

7.5CVSS6AI score0.00267EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2026/06/23 7:17 p.m.•4 views

PYSEC-2026-588

Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.9, the Docker API server applied its SSRF destination check to the crawl target URL only, not to the proxy address. An unauthenticated request could supply a proxy pointing at an internal IP and route the browser through...

8.6CVSS6AI score0.00289EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2026/06/23 6:18 p.m.•8 views

PYSEC-2026-241

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.6.0, the Konnected integration registers an HTTP endpoint, KonnectedView homeassistant/components/konnected/init.py, that is marked as not requiring authentication requiresauth = False....

7.6CVSS5.8AI score0.00193EPSS
Exploits1References1Affected Software1
PyPA
PyPA
•added 2026/06/23 5:17 p.m.•9 views

PYSEC-0000-CVE-2026-55255

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, an Insecure Direct Object Reference IDOR vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in...

9.9CVSS5.9AI score0.0056EPSS
Exploits2References2Affected Software1
PyPA
PyPA
•added 2026/06/23 5:17 p.m.•4 views

PYSEC-2026-221

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, an Insecure Direct Object Reference IDOR vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in...

9.9CVSS5.9AI score0.0056EPSS
Exploits2References2Affected Software1
PyPA
PyPA
•added 2026/06/23 5:17 p.m.•4 views

PYSEC-2026-224

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, unauthenticated users can upload any amount of data to the server without any limitations. No need for any prior knowledge, only network access to Langflow. This can lead to space exhaustion on the...

9.3CVSS5.9AI score0.00332EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2026/06/23 5:17 p.m.•5 views

PYSEC-0000-CVE-2026-55450

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, unauthenticated users can upload any amount of data to the server without any limitations. No need for any prior knowledge, only network access to Langflow. This can lead to space exhaustion on the...

9.3CVSS5.9AI score0.00332EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2026/06/23 5:17 p.m.•5 views

PYSEC-0000-CVE-2026-55446

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.0.19, an attacker can send a /api/v1/files/upload/ request without any authentication token/cookies and abuse a very long multipart form boundary to make the langflow app unusable for all users for an...

7.5CVSS5.9AI score0.00321EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2026/06/23 5:17 p.m.•5 views

PYSEC-2026-223

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.0.19, an attacker can send a /api/v1/files/upload/ request without any authentication token/cookies and abuse a very long multipart form boundary to make the langflow app unusable for all users for an...

7.5CVSS5.9AI score0.00321EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2026/06/23 5:17 p.m.•8 views

PYSEC-0000-CVE-2026-55423

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.7.0, the logout button does not clear the session. The previous user stays logged in unless another user explicitly logs in. This vulnerability is fixed in 1.7.0...

6.1CVSS5.8AI score0.00152EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2026/06/23 5:17 p.m.•6 views

PYSEC-2026-222

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.7.0, the logout button does not clear the session. The previous user stays logged in unless another user explicitly logs in. This vulnerability is fixed in 1.7.0...

6.1CVSS5.8AI score0.00152EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2026/06/23 5:17 p.m.•8 views

PYSEC-2026-244

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.10.0, the "Shareable Playground" or "Public Flows" in code contains a potential arbitrary file-read vulnerability, depending on the exact flow configuration used. By making a flow public, public execution of...

6.1CVSS6AI score0.00269EPSS
Exploits1References1Affected Software1
PyPA
PyPA
•added 2026/06/23 5:17 p.m.•24 views

PYSEC-2026-243

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, the "Shareable Playground" or "Public Flows" in code contains a critical RCE vulnerability. Shareable Playground feature works by enabling the execution of workflows by unauthenticated users, by accessi...

9.6CVSS6.2AI score0.00688EPSS
Exploits1References1Affected Software1
PyPA
PyPA
•added 2026/06/23 5:16 p.m.•6 views

PYSEC-2026-242

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow's /api/v1/monitor router exposes 7 endpoints that perform read, write, and delete operations on user-owned resources — messages, sessions, build artifacts, and LLM transaction logs — without...

8.8CVSS5.8AI score0.00291EPSS
Exploits1References1Affected Software1
PyPA
PyPA
•added 2026/06/23 1:16 p.m.•7 views

PYSEC-2026-228

Crawl4AI before 0.8.8 contains an arbitrary file write vulnerability in the screenshot and PDF endpoints that allows unauthenticated attackers to write files outside the intended directory via symlink and time-of-check-time-of-use TOCTOU attacks on the outputpath parameter. Remote attackers can...

9.2CVSS6.4AI score0.00656EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2026/06/23 1:16 p.m.•7 views

PYSEC-2026-230

Crawl4AI before 0.8.7 contains a stored cross-site scripting vulnerability in the monitor dashboard that renders crawl URLs and error messages via innerHTML without escaping. An attacker can submit a crafted crawl request with malicious markup that executes in an operator's browser when viewing t...

6.1CVSS5.6AI score0.00195EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2026/06/23 1:16 p.m.•5 views

PYSEC-0000-CVE-2026-56263

Crawl4AI before 0.8.7 contains a stored cross-site scripting vulnerability in the monitor dashboard that renders crawl URLs and error messages via innerHTML without escaping. An attacker can submit a crafted crawl request with malicious markup that executes in an operator's browser when viewing t...

6.1CVSS5.6AI score0.00195EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2026/06/23 1:16 p.m.•8 views

PYSEC-0000-CVE-2026-56258

Crawl4AI before 0.8.8 contains an arbitrary file write vulnerability in the screenshot and PDF endpoints that allows unauthenticated attackers to write files outside the intended directory via symlink and time-of-check-time-of-use TOCTOU attacks on the outputpath parameter. Remote attackers can...

9.2CVSS6.4AI score0.00656EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2026/06/22 11:16 p.m.•4 views

PYSEC-2026-227

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.1, the vLLM Dockerfile is vulnerable to a dependency confusion attack through the flashinfer-jit-cache package. The package is installed from a custom index flashinfer.ai/whl/ using --extra-index-url, but the...

8.8CVSS6.2AI score0.00304EPSS
Exploits1References1Affected Software1
PyPA
PyPA
•added 2026/06/22 11:16 p.m.•4 views

PYSEC-2026-226

vLLM is an inference and serving engine for large language models LLMs. From 0.3.0 until 0.22.0, a vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the OpenAI API AuthenticationMiddleware. It allows to use the API without providing t...

9.1CVSS5.9AI score0.01014EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2026/06/22 11:16 p.m.•4 views

PYSEC-0000-CVE-2026-54232

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.1, the vLLM Dockerfile is vulnerable to a dependency confusion attack through the flashinfer-jit-cache package. The package is installed from a custom index flashinfer.ai/whl/ using --extra-index-url, but the...

8.8CVSS6.2AI score0.00304EPSS
Exploits1References1Affected Software1
PyPA
PyPA
•added 2026/06/22 11:16 p.m.•4 views

PYSEC-0000-CVE-2026-48746

vLLM is an inference and serving engine for large language models LLMs. From 0.3.0 until 0.22.0, a vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the OpenAI API AuthenticationMiddleware. It allows to use the API without providing t...

9.1CVSS5.9AI score0.01014EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2026/06/22 11:16 p.m.•3 views

PYSEC-2026-2300

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.0, an assert-based security check in vLLM's activation function loading allows any unauthenticated attacker to achieve arbitrary code execution on the server by publishing a malicious HuggingFace model, when vLL...

7.5CVSS6.5AI score0.00484EPSS
Exploits1References8Affected Software1
PyPA
PyPA
•added 2026/06/22 11:16 p.m.•3 views

PYSEC-2026-2301

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.0, vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image...

6.5CVSS6.1AI score0.00146EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2026/06/22 10:16 p.m.•4 views

PYSEC-2026-596

Crawl4AI before 0.8.7 contains a server-side request forgery vulnerability in the /crawl, /crawl/stream, /md, and /llm endpoints that fetch arbitrary user-supplied URLs without validation. Unauthenticated attackers can bypass the internal-address blocklist using IPv6-mapped IPv4 addresses to reac...

9.2CVSS6.1AI score0.00276EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2026/06/22 10:16 p.m.•3 views

PYSEC-2026-2294

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.13.0, ujson.dumps or ujson.dump or ujson.encode have a rejectbytes=False option. When set, they may accept malformed or truncated UTF-8 byte sequences, silently rewriting them into different...

6.5CVSS6.1AI score0.00272EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2026/06/22 10:16 p.m.•12 views

PYSEC-2026-251

WebOb provides objects for HTTP requests and responses. Prior to 1.8.10, the normalization of the HTTP Location header during a redirect is vulnerable to an open redirect: WebOb joins the redirect target to the request URI using Python's urljoin, and since Python 3.10 the underlying urlsplit stri...

6.1CVSS6.4AI score0.00497EPSS
Exploits1References1Affected Software1
PyPA
PyPA
•added 2026/06/22 9:16 p.m.•5 views

PYSEC-2026-2119

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.10 and 1.7.1, Authlib's OAuth 2.0 authorization endpoint can be turned into an unauthenticated open redirect when a request uses an unsupported responsetype and supplies an attacker-controlled redirecturi. The...

5.4CVSS6.2AI score0.0016EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2026/06/22 7:17 p.m.•3 views

PYSEC-2026-2192

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search...

5.5CVSS6.1AI score0.00157EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2026/06/22 7:17 p.m.•5 views

PYSEC-2026-2078

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments...

7.5CVSS6.1AI score0.00378EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2026/06/22 6:16 p.m.•4 views

PYSEC-2026-2109

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, DigestAuthMiddleware can send an authentication response after following a cross-origin redirect. This likely requires an open redirect vulnerability or similar on the target domain for an attacker to...

6.3CVSS6.1AI score0.00178EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2026/06/22 6:16 p.m.•4 views

PYSEC-2026-2110

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, it is possible to bypass the maxlinesize check in parts of an HTTP request in the C parser. If using the optimised C parser the default in pre-built wheels, then an attacker may be able to send...

8.7CVSS6.1AI score0.00322EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2026/06/22 6:16 p.m.•4 views

PYSEC-2026-2111

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, during cleanup it is possible for a compressed request body to be decompressed into memory in one chunk. An attacker may be able to send a compressed payload in specific situations that could be...

8.7CVSS6.1AI score0.00279EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2026/06/22 6:16 p.m.•3 views

PYSEC-2026-2113

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, payload resources are not closed correctly when a client disconnects in the middle of a write. If a payload is using an open file or similar limited resource, then an attacker may be able to cause...

7.5CVSS6.1AI score0.00281EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2026/06/22 6:16 p.m.•5 views

PYSEC-2026-237

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, the serverhostname TLS SNI check can be bypassed when an existing connection is reused. If an application makes multiple requests to the same domain, but with different per-request serverhostname...

7.5CVSS5.8AI score0.00266EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2026/06/22 6:16 p.m.•12 views

PYSEC-2026-248

Starlette is a lightweight ASGI framework/toolkit. Prior to 1.3.0, the HTTP request path is not validated before being used to reconstruct request.url. Because request.url is rebuilt by concatenating scheme://hostpath and re-parsing the result, a path that does not begin with / for example...

5.3CVSS5.8AI score0.00187EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2026/06/22 6:16 p.m.•12 views

PYSEC-2026-249

Starlette is a lightweight ASGI framework/toolkit. From 0.4.1 until 1.3.1, request.form accepts maxfields and maxpartsize to bound resource consumption while parsing form data. These limits are enforced for multipart/form-data, but silently ignored for application/x-www-form-urlencoded. An...

7.5CVSS5.8AI score0.00275EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2026/06/22 6:16 p.m.•4 views

PYSEC-2026-2112

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, host-only cookies that are saved with CookieJar.save and then restored later with CookieJar.load lose their host-only status. This vulnerability is fixed in 3.14.1...

7.5CVSS6.1AI score0.00279EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2026/06/22 6:16 p.m.•5 views

PYSEC-2026-2107

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, no limit was present on the number of pipelined requests that could be queued. An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS. This...

8.7CVSS6.1AI score0.00279EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2026/06/22 6:16 p.m.•3 views

PYSEC-2026-2108

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, if an attacker sends large incomplete websocket frame payloads, it may be possible to bypass the usual size limits on memory use. This vulnerability is fixed in 3.14.1...

8.7CVSS6.1AI score0.00305EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2026/06/22 6:16 p.m.•3 views

PYSEC-2026-2106

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.0, attacker-controlled input included into multipart/payload headers can be used to modify a request to inject additional headers or similar. In the unlikely situation that an application is passing...

7.5CVSS6.1AI score0.00301EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2026/06/21 2:16 p.m.•7 views

PYSEC-2026-239

Crawl4AI before 0.8.7 contains an authentication bypass vulnerability due to a hardcoded default JWT signing key in the Docker API server. Attackers who know the default key can forge valid authentication tokens for any user, bypassing authentication and gaining full access to protected...

9.8CVSS5.8AI score0.00407EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2026/06/21 2:16 p.m.•6 views

PYSEC-2026-246

picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims...

8.1CVSS5.9AI score0.00276EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2026/06/21 2:16 p.m.•8 views

PYSEC-2026-247

picklescan before 0.0.30 fails to detect cProfile.runctx function calls in pickle file reduce methods, allowing attackers to execute arbitrary code. Malicious pickle files bypass picklescan detection and execute remote code when loaded via pickle.load...

8.1CVSS6.2AI score0.00338EPSS
Exploits1References2Affected Software1
Total number of security vulnerabilities7044