Lucene search
+L

7044 matches found

PyPA
PyPA
•added 2026/04/07 7:16 a.m.•14 views

PYSEC-2026-170

In parisneo/lollms version 2.1.0, the application's session management is vulnerable to improper access control due to the use of a weak secret key for signing JSON Web Tokens JWT. This vulnerability allows an attacker to perform an offline brute-force attack to recover the secret key. Once the...

9.8CVSS7.3AI score0.0054EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2026/04/07 6:16 a.m.•3 views

PYSEC-2026-2288

A vulnerability in the HuggingFace Transformers library, specifically in the Trainer class, allows for arbitrary code execution. The loadrngstate method in src/transformers/trainer.py at line 3059 calls torch.load without the weightsonly=True parameter. This issue affects all versions of the...

7.8CVSS6.9AI score0.00349EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2026/04/06 6:16 p.m.•12 views

PYSEC-2026-72

Kedro is a toolbox for production-ready data science. Prior to 1.3.0, Kedro allows the logging configuration file path to be set via the KEDROLOGGINGCONFIG environment variable and loads it without validation. The logging configuration schema supports the special key, which enables arbitrary...

9.8CVSS6.6AI score0.00714EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2026/04/06 6:16 p.m.•11 views

PYSEC-2026-71

Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences...

8.1CVSS5.8AI score0.00327EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2026/04/06 6:16 p.m.•11 views

PYSEC-2026-159

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the Dockerfile generation function generatecontainerfile in src/bentoml/internal/container/generate.py uses an unsandboxed jinja2.Environment with the jinja2.ext.do extensio...

9.6CVSS6AI score0.00392EPSS
Exploits1References1Affected Software1
PyPA
PyPA
•added 2026/04/06 6:16 p.m.•9 views

PYSEC-2026-158

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the cloud deployment path in src/bentoml/internal/cloud/deployment.py was not included in the fix for CVE-2026-33744. Line 1648 interpolates systempackages directly into a...

7.8CVSS6.5AI score0.00315EPSS
Exploits2References1Affected Software1
PyPA
PyPA
•added 2026/04/06 4:16 p.m.•11 views

PYSEC-2026-144

vLLM is an inference and serving engine for large language models LLMs. From 0.7.0 to before 0.19.0, the VideoMediaIO.loadbase64 method at vllm/multimodal/media/video.py splits video/jpeg data URLs by comma to extract individual JPEG frames, but does not enforce a frame count limit. The numframes...

6.5CVSS5.9AI score0.00378EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2026/04/06 4:16 p.m.•2 views

PYSEC-2026-2298

vLLM is an inference and serving engine for large language models LLMs. From 0.1.0 to before 0.19.0, a Denial of Service vulnerability exists in the vLLM OpenAI-compatible API server. Due to the lack of an upper bound validation on the n parameter in the ChatCompletionRequest and CompletionReques...

6.5CVSS6.1AI score0.00346EPSS
Exploits0References8Affected Software1
PyPA
PyPA
•added 2026/04/03 11:17 p.m.•2 views

PYSEC-2026-2204

Mesop is a Python-based UI framework that allows users to build web applications. From version 1.2.3 to before version 1.2.5, an uncontrolled resource consumption vulnerability exists in the WebSocket implementation of the Mesop framework. An unauthenticated attacker can send a rapid succession o...

7.5CVSS6AI score0.00721EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2026/04/03 10:16 p.m.•3 views

PYSEC-2026-2188

JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to version 5.4.4, an open redirect vulnerability in JupyterHub allows attackers to construct links which, when clicked, take users to the JupyterHub login page, after which they are sent to an...

6.1CVSS6.1AI score0.00224EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2026/04/03 10:16 p.m.•2 views

PYSEC-2026-2238

OAuthenticator is software that allows OAuth2 identity providers to be plugged in and used with JupyterHub. Prior to version 17.4.0, an authentication bypass vulnerability in oauthenticator allows an attacker with an unverified email address on an Auth0 tenant to login to JupyterHub. When email i...

8.8CVSS6AI score0.00438EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2026/04/03 4:16 a.m.•4 views

PYSEC-2026-2287

In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters...

7.2CVSS6.4AI score0.00237EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2026/04/02 8:16 p.m.•3 views

PYSEC-2026-2299

vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before version 0.18.0, Librosa defaults to using numpy.mean for mono downmixing tomono, while the international standard ITU-R BS.775-4 specifies a weighted downmixing algorithm. This discrepancy results...

7.1CVSS6AI score0.00267EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2026/04/02 7:21 p.m.•3 views

PYSEC-2026-2134

Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's subdirectory setting is documented as the subdirectory to use as the template root. However, the current implementation accepts parent-directory traversal such as .. and uses it directly when...

4.4CVSS6AI score0.00383EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2026/04/02 7:21 p.m.•2 views

PYSEC-2026-2135

Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's externaldata feature allows a template to load YAML files using template-controlled paths. If untrusted templates are in scope, a malicious template can read attacker-chosen YAML-parseable local fil...

5.5CVSS6AI score0.00287EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2026/04/02 6:16 p.m.•2 views

PYSEC-2026-2260

Poetry is a dependency manager for Python. From version 1.4.0 to before version 2.3.3, a crafted wheel can contain ../ paths that Poetry writes to disk without containment checks, allowing arbitrary file write with the privileges of the Poetry process. It is reachable from untrusted package...

7.1CVSS6.8AI score0.00468EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2026/04/02 3:16 p.m.•2 views

PYSEC-2026-2174

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.getvalue and is implemented...

7.8CVSS6.2AI score0.00866EPSS
Exploits3References3Affected Software1
PyPA
PyPA
•added 2026/04/02 3:16 p.m.•2 views

PYSEC-2026-2173

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, the Glances XML-RPC server activated with glances -s or glances --server sends Access-Control-Allow-Origin: on every HTTP response. Because the XML-RPC handler does not validate the Content-Type header, an...

7.1CVSS6.1AI score0.00409EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2026/04/01 9:17 p.m.•2 views

PYSEC-2026-2152

Flask-HTTPAuth provides Basic, Digest and Token HTTP authentication for Flask routes. Prior to version 4.8.1, in a situation where the client makes a request to a token protected resource without passing a token, or passing an empty token, Flask-HTTPAuth would invoke the application's token...

8.2CVSS6.2AI score0.00324EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2026/04/01 9:17 p.m.•2 views

PYSEC-2026-2101

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the reason parameter when creating a Response may be able to inject extra headers or similar exploits. This issue has been patched in version 3.13.4...

6.9CVSS6AI score0.00292EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2026/04/01 9:17 p.m.•3 views

PYSEC-2026-2102

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, the C parser the default for most installs accepted null bytes and control characters in response headers. This issue has been patched in version 3.13.4...

9.1CVSS6AI score0.00461EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2026/04/01 9:17 p.m.•2 views

PYSEC-2026-2100

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. This issue has been patched in version 3.13.4...

6.9CVSS6AI score0.00337EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2026/04/01 9:17 p.m.•2 views

PYSEC-2026-2103

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4...

6.3CVSS6AI score0.00288EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2026/04/01 9:16 p.m.•2 views

PYSEC-2026-2095

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation. This issue has been patched in version 3.13.4...

7.5CVSS6.3AI score0.0044EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2026/04/01 9:16 p.m.•2 views

PYSEC-2026-2099

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, for some multipart form fields, aiohttp read the entire field into memory before checking clientmaxsize. This issue has been patched in version 3.13.4...

6.9CVSS6AI score0.00384EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2026/04/01 9:16 p.m.•2 views

PYSEC-2026-2096

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the contenttype parameter in aiohttp could use this to inject extra headers or similar exploits. This issue has been patched in version 3.13.4...

6.9CVSS6AI score0.00315EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2026/04/01 9:16 p.m.•3 views

PYSEC-2026-2098

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, a response with an excessive number of multipart headers may be allowed to use more memory than intended, potentially allowing a DoS vulnerability. This issue has been patched in version 3.13....

8.7CVSS6AI score0.0044EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2026/04/01 9:16 p.m.•2 views

PYSEC-2026-2097

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, on Windows the static resource handler may expose information about a NTLMv2 remote path. This issue has been patched in version 3.13.4...

8.7CVSS6.1AI score0.00433EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2026/04/01 9:16 p.m.•3 views

PYSEC-2026-2094

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This issue has been patched in version 3.13.4...

7.5CVSS6AI score0.0044EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2026/04/01 7:16 p.m.•3 views

PYSEC-2026-2131

ChangeDetection.io versions prior to 0.54.7 contain a protection bypass vulnerability in the SafeXPath3Parser implementation that allows attackers to read arbitrary local files by using unblocked XPath 3.0/3.1 functions such as json-doc and similar file-access primitives. Attackers can exploit th...

7.1CVSS6.2AI score0.00282EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2026/04/01 6:16 p.m.•12 views

PYSEC-2026-104

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. Prior to version 1.21.0, there is a symlink traversal vulnerability in external data loading allows reading files outside the model directory. This issue has been patched in version 1.21.0...

5.5CVSS5.7AI score0.00248EPSS
Exploits1References1Affected Software1
PyPA
PyPA
•added 2026/04/01 6:16 p.m.•2 views

PYSEC-2026-2240

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. Prior to version 1.21.0, the ExternalDataInfo class in ONNX was using Python’s setattr function to load metadata like file paths or data lengths directly from an ONNX model file. It didn’t check if the...

8.6CVSS6AI score0.00288EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2026/04/01 6:16 p.m.•2 views

PYSEC-2026-2241

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. Prior to version 1.21.0, there is an issue in onnx.load, the code checks for symlinks to prevent path traversal, but completely misses hardlinks because a hardlink looks exactly like a regular file on the...

5.5CVSS6.1AI score0.00176EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2026/04/01 6:16 p.m.•3 views

PYSEC-2026-2239

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. Prior to version 1.21.0, a path traversal vulnerability via symlink allows to read arbitrary files outside model or user-provided directory. This issue has been patched in version 1.21.0...

8.7CVSS7AI score0.00593EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 2026/03/31 10:16 p.m.•3 views

PYSEC-2026-2115

The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the async local filesystem memory tool in the Anthropic Python SDK validated that model-supplied paths resolved inside the sandboxed memory directory, but then...

5.8CVSS6AI score0.00138EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2026/03/31 10:16 p.m.•2 views

PYSEC-2026-2114

The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and...

4.8CVSS6AI score0.00122EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2026/03/31 8:16 p.m.•2 views

PYSEC-2026-2224

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to versions 2.4.30 and 3.0.10, user creation and editing via the REST API fails to apply the password validation rules defined by Django's AUTHPASSWORDVALIDATORS setting which defaults to an empty list, i.e., no specific...

4.3CVSS6.1AI score0.00245EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 2026/03/31 4:16 p.m.•3 views

PYSEC-2026-2279

Slippers is a UI component framework for Django. Prior to version 0.6.3, a Cross-Site Scripting XSS vulnerability exists in the % attrs % template tag of the slippers Django package. When a context variable containing untrusted data is passed to % attrs %, the value is interpolated into an HTML...

6.1CVSS6.1AI score0.00227EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2026/03/31 3:15 a.m.•22 views

PYSEC-2026-35

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography...

6.3CVSS5.7AI score0.00154EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2026/03/31 3:15 a.m.•2 views

PYSEC-2026-2193

LangChain is a framework for building agents and LLM-powered applications. Prior to version 1.2.22, multiple functions in langchaincore.prompts.loading read files from paths embedded in deserialized config dicts without validating against directory traversal or absolute path injection. When an...

7.5CVSS7.1AI score0.01204EPSS
Exploits2References8Affected Software1
PyPA
PyPA
•added 2026/03/31 3:15 a.m.•2 views

PYSEC-2026-2277

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.7, the Enforcer is vulnerable to a path traversal attack where an attacker can use dot-dot .. in the scope claim of a token to escape the intended directory restriction. This occurs because the library...

8.1CVSS6AI score0.00516EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2026/03/31 3:15 a.m.•8 views

PYSEC-2026-2276

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the Enforcer incorrectly validates scope paths by using a simple prefix match startswith. This allows a token with access to a specific path e.g., /john to also access sibling paths that start with the sa...

8.1CVSS6AI score0.00389EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2026/03/29 6:16 p.m.•9 views

PYSEC-0000-CVE-2026-0562

A critical security vulnerability in parisneo/lollms versions up to 2.2.0 allows any authenticated user to accept or reject friend requests belonging to other users. The respondrequest function in backend/routers/friends.py does not implement proper authorization checks, enabling Insecure Direct...

8.3CVSS7.3AI score0.00268EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2026/03/29 6:16 p.m.•11 views

PYSEC-2026-204

A critical security vulnerability in parisneo/lollms versions up to 2.2.0 allows any authenticated user to accept or reject friend requests belonging to other users. The respondrequest function in backend/routers/friends.py does not implement proper authorization checks, enabling Insecure Direct...

8.3CVSS7.3AI score0.00268EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2026/03/29 6:16 p.m.•2 views

PYSEC-2026-2199

A Server-Side Request Forgery SSRF vulnerability exists in parisneo/lollms versions prior to 2.2.0, specifically in the /api/files/export-content endpoint. The downloadimagetotemp function in backend/routers/files.py fails to validate user-controlled URLs, allowing attackers to make arbitrary HTT...

7.5CVSS7.2AI score0.01765EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2026/03/29 6:16 p.m.•2 views

PYSEC-2026-2198

A vulnerability in parisneo/lollms, up to and including version 2.2.0, allows unauthenticated users to upload and process files through the /api/files/extract-text endpoint. This endpoint does not enforce authentication, unlike other file-related endpoints, and lacks the Dependsgetcurrentactiveus...

9.8CVSS6.9AI score0.0043EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2026/03/27 10:16 p.m.•3 views

PYSEC-2026-2130

changedetection.io is a free open source web page change detection tool. Prior to 0.54.7, the jq: and jqraw: include filter expressions allow use of the jq env builtin, which reads all process environment variables and stores them as the watch snapshot. An authenticated user or unauthenticated us...

8.3CVSS6.1AI score0.00475EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2026/03/27 9:17 p.m.•10 views

PYSEC-2026-82

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.9.0, the Agentic Assistant feature in Langflow executes LLM-generated Python code during its validation phase. Although this phase appears intended to validate generated component code, the...

9.9CVSS6.1AI score0.01426EPSS
Exploits1References16Affected Software1
PyPA
PyPA
•added 2026/03/27 2:53 p.m.•18 views

Two telnyx versions published containing credential harvesting malware

After an API token exposure from an exploited Trivy dependency,two new releases of telnyx were uploaded to PyPI containing automatically activated malware, harvesting sensitive credentials and files, and exfiltrating to a remote API. Compromised versions execute code during importing the telnyx...

6.1AI score
Exploits0References4Affected Software1
PyPA
PyPA
•added 2026/03/27 1:16 a.m.•11 views

PYSEC-2026-157

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since...

7.8CVSS6AI score0.00257EPSS
Exploits1References1Affected Software1
Total number of security vulnerabilities7044