Lucene search
+L

7044 matches found

PyPA
PyPA
•added 2026/06/21 2:16 p.m.•7 views

PYSEC-2026-245

picklescan before 0.0.28 fails to detect malicious pickle files that invoke torch.utils.configmodule.loadconfig function within reduce methods. Attackers can craft pickle files embedding arbitrary code that evades detection but executes during pickle.load, enabling remote code execution in supply...

8.1CVSS6.5AI score0.00397EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2026/06/20 7:16 p.m.•6 views

PYSEC-2026-250

vLLM versions = 0.10.2 and 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests with malformed negative or out-of-bounds tensor indices, when the...

8.8CVSS7AI score0.00849EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2026/06/20 4:17 p.m.•7 views

PYSEC-2026-225

picklescan before 1.0.1 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to create arbitrary zero-byte files via logging.FileHandler class instantiation. Attackers can exploit this by crafting malicious pickle payloads to bypass RCE blocklists and create...

6.9CVSS6AI score0.00288EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2026/06/20 4:17 p.m.•5 views

PYSEC-0000-CVE-2026-56304

picklescan before 1.0.1 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to create arbitrary zero-byte files via logging.FileHandler class instantiation. Attackers can exploit this by crafting malicious pickle payloads to bypass RCE blocklists and create...

6.9CVSS6AI score0.00288EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2026/06/17 8:17 p.m.•4 views

PYSEC-2026-2280

Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and below, when dispatching a request, HTTPEndpoint selects the handler by lowercasing the HTTP method and looking it up as an attribute with getattr, without restricting the lookup to a known set of HTTP verbs. When an...

5.3CVSS6AI score0.00213EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2026/06/17 7:18 p.m.•4 views

PYSEC-2026-2281

Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Windows is vulnerable to SSRF. An UNC path such as \\attacker.com\share can cause os.path.realpath to initiate an outbound SMB connection before the path is rejected, exposing the service account’s...

7.5CVSS6.1AI score0.00368EPSS
Exploits0References10Affected Software1
PyPA
PyPA
•added 2026/06/17 1:20 p.m.•9 views

PYSEC-0000-CVE-2026-50203

A path traversal in the SFTP provider SFTPHook.retrievedirectory / SFTPOperatoroperation=get let a malicious or compromised remote SFTP server write files outside the configured local destination directory via crafted directory-entry names. No Airflow account is required — the attack surface is a...

9.1CVSS5.4AI score0.00626EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2026/06/17 1:20 p.m.•8 views

PYSEC-2026-218

A path traversal in the SFTP provider SFTPHook.retrievedirectory / SFTPOperatoroperation=get let a malicious or compromised remote SFTP server write files outside the configured local destination directory via crafted directory-entry names. No Airflow account is required — the attack surface is a...

9.1CVSS5.3AI score0.00626EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2026/06/17 10:55 a.m.•3 views

PYSEC-2026-2194

LangGraph Python SDK is used to connect to running LangGraph API servers, manage assistants, threads and stream runs from Python applications. Versions 0.3.14 and prior have unsafe URL path construction through unsanitized caller-supplied identifier values used in HTTP request paths for resource...

9.1CVSS6AI score0.00216EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2026/06/12 6:16 p.m.•8 views

PYSEC-2026-217

MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysqlrealescapestring and sending it to the database using text protocol and big5 character set was vulnerable to SQL injections,...

9.8CVSS5.5AI score0.00316EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2026/06/11 2:16 p.m.•4 views

PYSEC-2026-2324

Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in keras/src/utils/fileutils.py. The functions filtersafetarinfos and filtersafezipinfos validate archive member paths against the process current working directory CWD instead of t...

8.1CVSS7.1AI score0.00518EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2026/06/11 10:16 a.m.•5 views

PYSEC-2026-2302

vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory OOM Denial of Service DoS attack due to unbounded frame count processing in the VideoMediaIO.loadbase64 method. When processing video/jpeg data URLs, the method splits the base64 data string on commas to extract individual JPEG fram...

7.5CVSS7AI score0.00543EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2026/06/10 10:16 p.m.•3 views

PYSEC-2026-2190

kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang connections by sending a crafted 4-byte frame length value without bounds validation. Attackers can send a...

8.7CVSS6.1AI score0.00348EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2026/06/10 10:16 p.m.•4 views

PYSEC-2026-2191

kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that allows a malicious or machine-in-the-middle broker to freeze the client event loop by supplying an excessively large iteration count. In scram.py, ScramClient.processserverfirstmessage...

8.7CVSS6.1AI score0.00517EPSS
Exploits0References10Affected Software1
PyPA
PyPA
•added 2026/06/09 11:16 p.m.•10 views

PYSEC-2026-210

SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.2.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious long query to any application using the parser to...

7.5CVSS5.5AI score0.00263EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2026/06/09 11:16 p.m.•10 views

PYSEC-2026-209

SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.1.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious query with deliberate excessive nesting to any...

7.5CVSS5.5AI score0.00263EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2026/06/09 7:34 p.m.•20 views

durabletask 1.4.1, 1.4.2, and 1.4.3 contain malicious code distributed via a compromised maintainer account

durabletask versions 1.4.1, 1.4.2, and 1.4.3 were published on 2026-05-19 within a35-minute window through a compromised PyPI maintainer account and contained malicious code.On import, the package fetched a remote payload rope.pyz from anattacker-controlled host and executed it.The payload was a...

5.8AI score
Exploits0References7Affected Software1
PyPA
PyPA
•added 2026/06/09 4:43 p.m.•7 views

PYSEC-2026-220

Versions of the package dash-core-components before 2.13.0; all versions of the package dash-core-components; versions of the package dash before 2.15.0; all versions of the package dash-html-components; versions of the package dash-html-components before 2.0.16 are vulnerable to Cross-site...

6.5CVSS6.4AI score0.01475EPSS
Exploits1References17Affected Software1
PyPA
PyPA
•added 2026/06/09 4:43 p.m.•7 views

PYSEC-2026-219

Versions of the package dash-core-components before 2.13.0; all versions of the package dash-core-components; versions of the package dash before 2.15.0; all versions of the package dash-html-components; versions of the package dash-html-components before 2.0.16 are vulnerable to Cross-site...

6.5CVSS6.4AI score0.01475EPSS
Exploits1References17Affected Software1
PyPA
PyPA
•added 2026/06/09 9:16 a.m.•8 views

PYSEC-2026-208

The Apache Airflow Samba provider's GCSToSambaOperator joined GCS object names to the SMB destination path without a containment check, so an object named with ../ segments resolved a write path outside the configured destinationpath. An attacker able to write objects into the source GCS bucket —...

6.5CVSS5.5AI score0.00695EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2026/06/05 11:16 p.m.•9 views

PYSEC-0000-CVE-2026-45409

Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...

6.9CVSS5.2AI score0.00408EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2026/06/05 11:16 p.m.•16 views

PYSEC-2026-215

Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...

7.5CVSS6.1AI score0.01386EPSS
Exploits1References1Affected Software1
PyPA
PyPA
•added 2026/06/05 8:17 p.m.•9 views

PYSEC-0000-CVE-2026-45758

Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of guardrails-ai 0.10.1 to PyPI. Aany user who installed guardrails-ai==0.10.1 from PyPI on May 11, 2026 may be affected. Security...

9.6CVSS5.5AI score0.00276EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2026/06/05 8:17 p.m.•12 views

PYSEC-2026-206

Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of guardrails-ai 0.10.1 to PyPI. Aany user who installed guardrails-ai==0.10.1 from PyPI on May 11, 2026 may be affected. Security...

9.6CVSS5.5AI score0.00276EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2026/06/05 12:17 a.m.•7 views

PYSEC-2026-216

In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash...

7.5CVSS5.2AI score0.00433EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2026/06/04 3:16 p.m.•6 views

PYSEC-2026-2284

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.172.0 through0.315.6, the MaxAliasesLimiter extension in Strawberry fails to account for the multiplicative/amplification effect of FragmentSpreadNode. While it correctly counts static aliases within the AST it does not...

5.3CVSS6.1AI score0.00417EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2026/06/04 3:16 p.m.•4 views

PYSEC-2026-2282

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser URL query string. If a user entered a sensitive header, such as Authorization: Bearer , the value...

4.3CVSS6.1AI score0.00218EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 2026/06/04 3:16 p.m.•3 views

PYSEC-2026-2283

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.71.0 through 0.315.6, the QueryDepthLimiter extension is vulnerable to an Application-level DOS due to a lack of cycle detection in fragment spreads. When a query contains circular fragment references the determinedepth...

5.3CVSS6.1AI score0.00296EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2026/06/04 12:16 p.m.•9 views

PYSEC-0000-CVE-2026-10804

A vulnerability has been found in Streamlit up to 1.53.0. Impacted is an unknown function in the library lib/streamlit/runtime/caching/hashing.py of the component Palette Handler. Such manipulation leads to use of weak hash. Local access is required to approach this attack. The attack requires a...

4.7CVSS4.2AI score0.00083EPSS
Exploits0References7Affected Software1
PyPA
PyPA
•added 2026/06/04 12:16 p.m.•11 views

PYSEC-2026-212

A vulnerability has been found in Streamlit up to 1.53.0. Impacted is an unknown function in the library lib/streamlit/runtime/caching/hashing.py of the component Palette Handler. Such manipulation leads to use of weak hash. Local access is required to approach this attack. The attack requires a...

4.7CVSS4.5AI score0.00083EPSS
Exploits0References7Affected Software1
PyPA
PyPA
•added 2026/06/04 12:16 p.m.•10 views

PYSEC-0000-CVE-2026-10803

A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digestutils of the file mlflow/data/digestutils.py of the component Dataset Digest Computation. This manipulation causes use of weak hash. It is possible to launch the attack on the local host. The attack is...

3.6CVSS4.7AI score0.00103EPSS
Exploits1References7Affected Software1
PyPA
PyPA
•added 2026/06/04 12:16 p.m.•12 views

PYSEC-2026-195

A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digestutils of the file mlflow/data/digestutils.py of the component Dataset Digest Computation. This manipulation causes use of weak hash. It is possible to launch the attack on the local host. The attack is...

3.6CVSS4.7AI score0.00103EPSS
Exploits1References7Affected Software1
PyPA
PyPA
•added 2026/06/04 12:16 a.m.•9 views

PYSEC-0000-CVE-2026-10783

A security flaw has been discovered in gradio-app gradio 6.14.0. This affects the function saveaudiotocache of the component Audio Cache Key Handler. Performing a manipulation results in use of weak hash. The attack must be initiated from a local position. The attack is considered to have high...

2.5CVSS4AI score0.00106EPSS
Exploits1References7Affected Software1
PyPA
PyPA
•added 2026/06/04 12:16 a.m.•11 views

PYSEC-2026-211

A security flaw has been discovered in gradio-app gradio 6.14.0. This affects the function saveaudiotocache of the component Audio Cache Key Handler. Performing a manipulation results in use of weak hash. The attack must be initiated from a local position. The attack is considered to have high...

2.5CVSS4.8AI score0.00106EPSS
Exploits1References7Affected Software1
PyPA
PyPA
•added 2026/06/03 2:16 p.m.•21 views

PYSEC-2026-201

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6.django.middleware.cache.UpdateCacheMiddleware in Django does not match Cache-Control response directives case-insensitively, which allows remote attackers to read responses that were incorrectly cached because their...

5.3CVSS5.4AI score0.00285EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2026/06/03 2:16 p.m.•27 views

PYSEC-2026-200

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15.django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when failsilently=True, which allows on-path network attackers to read emai...

3.1CVSS5.4AI score0.0015EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2026/06/03 2:16 p.m.•16 views

PYSEC-2026-199

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15.django.http.HttpRequest.getsignedcookie in Django uses a non-injective salt derivation concatenating the cookie name and salt argument, which allows a remote attacker to use a cookie in a context different from the one where...

4.3CVSS5.4AI score0.00245EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2026/06/03 2:16 p.m.•9 views

PYSEC-2026-2290

A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The issue arises because the trustremotecode parameter, intended to prevent remote code execution, is...

9.6CVSS7.4AI score0.00531EPSS
Exploits1References7Affected Software1
PyPA
PyPA
•added 2026/06/03 2:16 p.m.•15 views

PYSEC-2026-198

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6.django.utils.cache.hasvaryheader in Django does not strip leading or trailing whitespace from Vary response header values before comparison, which allows remote attackers to read cached responses via requests to URLs whose...

5.3CVSS5.4AI score0.00354EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2026/06/03 2:16 p.m.•8 views

PYSEC-2026-213

daphne before 4.2.2 did not pass maxFramePayloadSize or maxMessagePayloadSize to Autobahn's WebSocketServerFactory. Because Autobahn defaults both values to 0 unlimited, an unauthenticated remote attacker could send arbitrarily large WebSocket messages or frames, causing excessive memory...

7.5CVSS5.3AI score0.00328EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2026/06/03 2:16 p.m.•9 views

PYSEC-0000-CVE-2026-44545

daphne before 4.2.2 did not pass maxFramePayloadSize or maxMessagePayloadSize to Autobahn's WebSocketServerFactory. Because Autobahn defaults both values to 0 unlimited, an unauthenticated remote attacker could send arbitrarily large WebSocket messages or frames, causing excessive memory...

7.5CVSS5.3AI score0.00328EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2026/06/03 2:16 p.m.•9 views

PYSEC-0000-CVE-2026-44546

daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat \x0b, \x0c, \x1c, \x1d, \x1e, or \x85 as header line separators, but autobahn decodes header values to str and calls splitlines. An...

5.3CVSS5.5AI score0.00172EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2026/06/03 2:16 p.m.•9 views

PYSEC-2026-214

daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat \x0b, \x0c, \x1c, \x1d, \x1e, or \x85 as header line separators, but autobahn decodes header values to str and calls splitlines. An...

5.3CVSS5.4AI score0.00172EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2026/06/03 2:16 p.m.•21 views

PYSEC-2026-197

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6.django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...

3.1CVSS5.4AI score0.00359EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2026/06/03 9:16 a.m.•3 views

PYSEC-2026-2222

A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side environment credentials to an attacker-controlled endpoint. This issue arises because the apikey field in...

9.1CVSS7.3AI score0.00435EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 2026/06/02 10:16 p.m.•13 views

PYSEC-2026-203

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Versions prior to 7.260227.0 are vulnerable to XSS in the rendering of email-message observable body data. The content of the body field isn't appropriately sanitized when being rendered. Does...

6.1CVSS5.4AI score0.00149EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2026/06/02 8:16 p.m.•3 views

PYSEC-2026-2105

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. If a developer uses the cookies parameter on a per-request basis then sensitive data might ...

8.7CVSS6.1AI score0.0015EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2026/06/02 8:16 p.m.•3 views

PYSEC-2026-2104

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is unlikely to affect man...

7.3CVSS7.1AI score0.00128EPSS
Exploits0References8Affected Software1
PyPA
PyPA
•added 2026/06/02 9:16 a.m.•4 views

PYSEC-2026-2261

In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication middleware exempts any URL path ending with 'health' or 'ready' from authentication checks. This allo...

7.5CVSS7AI score0.00476EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2026/06/01 5:17 p.m.•69 views

PYSEC-2026-196

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

8CVSS5.4AI score0.0032EPSS
Exploits0References4Affected Software1
Total number of security vulnerabilities7044