Lucene search
+L

7044 matches found

PyPA
PyPA
added 2026/03/27 1:16 a.m.20 views

PYSEC-2026-106

OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in the getgitdiff method at openhands/runtime/utils/githandler.py:134. The path parameter from the /api/conversations/conversationid/git/diff API endpoint is passed unsanitized to ...

9.9CVSS6.1AI score0.01892EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2026/03/27 12:16 a.m.7 views

PYSEC-2026-2297

vLLM is an inference and serving engine for large language models LLMs. Starting in version 0.10.1 and prior to version 0.18.0, two model implementation files hardcode trustremotecode=True when loading sub-components, bypassing the user's explicit --trust-remote-code=False security opt-out. This...

8.8CVSS7.3AI score0.01364EPSS
Exploits0References16Affected Software1
PyPA
PyPA
added 2026/03/26 10:16 p.m.3 views

PYSEC-2026-2285

Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery SSRF vulnerability. The vulnerability arises from improper validation of attacker-supplied...

4.8CVSS6.1AI score0.00282EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2026/03/26 5:16 p.m.15 views

PYSEC-2026-27

Briefcase is a tool for converting a Python project into a standalone native application. Starting in version 0.3.0 and prior to version 0.3.26, if a developer uses Briefcase to produce an Windows MSI installer for a project, and that project is installed for All Users i.e., per-machine scope, th...

7.3CVSS5.8AI score0.00132EPSS
Exploits0References4Affected Software1
PyPA
PyPA
added 2026/03/25 7:16 p.m.3 views

PYSEC-2026-2223

Modoboa is a mail hosting and management platform. Prior to version 2.7.1, execcmd in modoboa/lib/sysutils.py always runs subprocess calls with shell=True. Since domain names flow directly into shell command strings without any sanitization, a Reseller or SuperAdmin can include shell metacharacte...

7.2CVSS6.2AI score0.00566EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2026/03/25 7:16 p.m.4 views

PYSEC-2026-2278

An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signeddata.py and the context.py components...

8.8CVSS6.1AI score0.00343EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/03/25 5:16 p.m.2 views

PYSEC-2026-2275

Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker...

5.5CVSS6.1AI score0.00182EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2026/03/24 8:16 p.m.5 views

PYSEC-2026-2233

NiceGUI is a Python-based UI framework. Prior to version 3.9.0, NiceGUI's app.addmediafile and app.addmediafiles media routes accept a user-controlled query parameter that influences how files are read during streaming. The parameter is passed to the range-response implementation without...

7.5CVSS6.1AI score0.00599EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2026/03/24 8:16 p.m.14 views

PYSEC-2026-122

pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97, a Host Header Spoofing vulnerability in the @localcheck decorator allows unauthenticated external attackers to bypass local-only restrictions. This grants access to the Click'N'Load API endpoints,...

6.5CVSS5.9AI score0.00183EPSS
Exploits1References1Affected Software1
PyPA
PyPA
added 2026/03/24 3:35 p.m.22 views

Two litellm versions published containing credential harvesting malware

After an API Token exposure from an exploited Trivy dependency,two new releases of litellm were uploaded to PyPI containing automatically activated malware,harvesting sensitive credentials and files, and exfiltrating to a remote API.The malicious code runs during importing any module from the...

5.9AI score
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/03/24 2:16 p.m.14 views

PYSEC-2026-81

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the downloadprofilepicture function of the /profilepictures/foldername/filename endpoint, the foldername and filename parameters are not strictly filtered, which allows the secretkey to be re...

8.7CVSS5.8AI score0.08847EPSS
Exploits1References1Affected Software1
PyPA
PyPA
added 2026/03/24 2:16 p.m.12 views

PYSEC-2026-80

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions 1.0.0 through 1.8.1, the /api/v1/files/images/flowid/filename endpoint serves image files without any authentication or ownership check. Any unauthenticated request with a known flowid and filename returns...

7.5CVSS5.8AI score0.05838EPSS
Exploits1References1Affected Software1
PyPA
PyPA
added 2026/03/24 2:16 p.m.2 views

PYSEC-2026-2185

Intake is a package for finding, investigating, loading and disseminating data. Prior to version 2.0.9, the shell syntax within parameter default values appears to be automatically expanded during the catalog parsing process. If a catalog contains a parameter default such as shell, the command ma...

8.8CVSS6.1AI score0.00428EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2026/03/24 1:16 p.m.16 views

PYSEC-2026-79

Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1.2.0 through 1.8.1 have a bypass of the patch for CVE-2025-68478 External Control of File Name, leading to the root architectural issue within LocalStorageService remaining unresolved. Because the underlying...

9.9CVSS5.9AI score0.03631EPSS
Exploits2References1Affected Software1
PyPA
PyPA
added 2026/03/23 11:17 p.m.2 views

PYSEC-2026-2184

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.12, due to vulnerabilities in TeXLive and obscure LaTeX syntax that allowed circumventing Indico's LaTeX sanitizer, it is possible to use specially-crafted LaT...

8.8CVSS6.2AI score0.00782EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/03/23 7:16 p.m.2 views

PYSEC-2026-2123

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Versions prior to 5.9.0 are vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding deeply nested CBOR structures. This vulnerability affects both the...

7.5CVSS6.9AI score0.00417EPSS
Exploits1References4Affected Software1
PyPA
PyPA
added 2026/03/22 5:16 a.m.12 views

PYSEC-2026-139

A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The projec...

7.8CVSS5.6AI score0.00239EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/03/22 1:16 a.m.12 views

PYSEC-2026-39

Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the URL field. Attackers can paste a buffer of 5000 characters into the 'From URL' field during torrent addition to trigger an application crash...

6.9CVSS6AI score0.00178EPSS
Exploits1References4Affected Software1
PyPA
PyPA
added 2026/03/22 1:16 a.m.11 views

PYSEC-2026-38

Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Webseeds field. Attackers can paste a buffer of 5000 bytes into the Webseeds field during torrent creation to trigger an application crash...

6.9CVSS6AI score0.00177EPSS
Exploits1References4Affected Software1
PyPA
PyPA
added 2026/03/20 11:16 p.m.3 views

PYSEC-2026-2237

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, the NLTK downloader does not validate the subdir and id attributes when processing remote XML index...

8.1CVSS7.1AI score0.00498EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added 2026/03/20 11:16 p.m.2 views

PYSEC-2026-2235

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, nltk.app.wordnetapp contains a reflected cross-site scripting issue in the lookup... route. A crafted...

6.1CVSS7.1AI score0.00331EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2026/03/20 11:16 p.m.3 views

PYSEC-2026-2236

NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, nltk.app.wordnetapp allows unauthenticated remote shutdown of the local WordNet Browser HTTP server whe...

7.5CVSS6.7AI score0.00875EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added 2026/03/20 9:17 p.m.2 views

PYSEC-2026-2147

dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection SSTI due to unsafe template evaluation in the @Jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in...

8.1CVSS6AI score0.00526EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2026/03/20 7:16 a.m.12 views

PYSEC-2026-78

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the deleteapikeyroute endpoint accepts an apikeyid path parameter and deletes it with only a generic authentication check getcurrentactiveuser dependency. However, the deleteapikey CRUD...

8.8CVSS5.8AI score0.0039EPSS
Exploits0References1Affected Software1
PyPA
PyPA
added 2026/03/20 2:16 a.m.3 views

PYSEC-2026-2292

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.10 through 5.11.0 are vulnerable to buffer overflow or infinite loop through large indent handling. ujson.dumps crashes the Python interpreter segmentation fault when the product of the indent...

7.5CVSS7.1AI score0.00469EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2026/03/20 2:16 a.m.2 views

PYSEC-2026-2291

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.4.0 through 5.11.0 contain an accumulating memory leak in JSON parsing large outside of the range -2^63, 2^64 - 1 integers. The leaked memory is a copy of the string form of the integer plus a...

7.5CVSS6.9AI score0.00479EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/03/20 2:16 a.m.2 views

PYSEC-2026-2266

pydicom is a pure Python package for working with DICOM files. Versions 2.0.0-rc.1 through 3.0.1 are vulnerable to Path Traversal through a maliciously crafted DICOMDIR ReferencedFileID when it is set to a path outside the File-set root. pydicom resolves the path only to confirm that it exists, b...

7.8CVSS6.1AI score0.00279EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2026/03/19 9:17 p.m.2 views

PYSEC-2026-2247

ormar is a async mini ORM for Python. Versions 0.23.0 and below are vulnerable to Pydantic validation bypass through the model constructor, allowing any unauthenticated user to skip all field validation by injecting "pkonly": true into a JSON request body. By injecting "pkonly": true into a JSON...

9.8CVSS6.1AI score0.01192EPSS
Exploits1References9Affected Software1
PyPA
PyPA
added 2026/03/18 10:16 p.m.2 views

PYSEC-2026-2203

Memray is a memory profiler for Python. Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping. Because there was no escaping, attacker-controlled command line arguments were inserted as raw HTML into the generated...

6.1CVSS6.2AI score0.00302EPSS
Exploits2References3Affected Software1
PyPA
PyPA
added 2026/03/18 6:16 p.m.3 views

PYSEC-2026-2172

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised name instead ...

8.1CVSS6.6AI score0.00282EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2026/03/18 6:16 p.m.4 views

PYSEC-2026-2171

Glances is an open-source system cross-platform monitoring tool. Glances recently added DNS rebinding protection for the MCP endpoint, but prior to version 4.5.2, the main REST/WebUI FastAPI application still accepts arbitrary Host headers and does not apply TrustedHostMiddleware or an equivalent...

5.9CVSS6.2AI score0.0016EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2026/03/18 6:16 p.m.4 views

PYSEC-2026-2170

Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and psycopg.sql composable objects. However, the DuckDB export module...

9.1CVSS6.6AI score0.00325EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2026/03/18 5:16 p.m.2 views

PYSEC-2026-2169

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, the Glances REST API web server ships with a default CORS configuration that sets alloworigins="" combined with allowcredentials=True. When both of these options are enabled together, Starlette's CORSMiddlewa...

8.1CVSS6.9AI score0.00339EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2026/03/18 3:16 p.m.2 views

PYSEC-2026-2168

Glances is an open-source system cross-platform monitoring tool. The GHSA-gh4x fix commit 5d3de60 addressed unauthenticated configuration secrets exposure on the /api/v4/config endpoints by introducing asdictsecure redaction. However, the /api/v4/args and /api/v4/args/item endpoints were not...

7.5CVSS7AI score0.00499EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2026/03/18 7:16 a.m.2 views

PYSEC-2026-2167

Glances is an open-source system cross-platform monitoring tool. The Glances action system allows administrators to configure shell commands that execute when monitoring thresholds are exceeded. These commands support Mustache template variables e.g., name, key that are populated with runtime...

7CVSS7.1AI score0.00243EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2026/03/18 6:16 a.m.4 views

PYSEC-2026-2166

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.2, Glances web server runs without authentication by default when started with glances -w, exposing REST API with sensitive system information including process command-lines containing credentials passwords, API keys,...

8.7CVSS7AI score0.0155EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2026/03/18 4:17 a.m.2 views

PYSEC-2026-2263

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the pyasn1 library is vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested SEQUENC...

7.5CVSS6.7AI score0.00803EPSS
Exploits1References4Affected Software1
PyPA
PyPA
added 2026/03/18 2:16 a.m.14 views

PYSEC-2026-103

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load due to improper logic in the repository trust verification mechanism. While the function is designed to warn users...

9.1CVSS5.7AI score0.00318EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2026/03/18 12:16 a.m.2 views

PYSEC-2026-2268

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for...

6.3CVSS6.1AI score0.00241EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2026/03/18 12:16 a.m.3 views

PYSEC-2026-2269

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to setcookiegeneratecallback returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0....

9.8CVSS6.4AI score0.00704EPSS
Exploits0References23Affected Software1
PyPA
PyPA
added 2026/03/17 8:16 p.m.15 views

PYSEC-2026-130

A path traversal vulnerability was identified in Ray Dashboard default port 8265 in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traversal sequences e.g., ../ to access files outside the...

8.7CVSS7.3AI score0.00929EPSS
Exploits1References4Affected Software1
PyPA
PyPA
added 2026/03/17 4:16 p.m.12 views

PYSEC-2026-117

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.9.1, the GraphQL mutations "IndividualDeletionDeleteMutation" is intended to allow users to delete individual entity objects respectively. However, it was observed that this...

8.1CVSS5.8AI score0.00227EPSS
Exploits0References1Affected Software1
PyPA
PyPA
added 2026/03/17 11:16 a.m.17 views

PYSEC-2026-16

Apache Airflow versions 3.1.0 through 3.1.7session token token in cookies is set to path=/ regardless of the configured webserver baseurl or api baseurl. This allows any application co-hosted under the same domain to capture valid Airflow session tokens from HTTP request headers, allowing full...

7.5CVSS5.4AI score0.00677EPSS
Exploits0References4Affected Software1
PyPA
PyPA
added 2026/03/17 11:16 a.m.12 views

PYSEC-2026-17

Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API's Human-in-the-Loop HITL endpoints that allows any authenticated task instance to read, approve, or reject HITL workflows belonging to any other task instance.Users are recommended to upgrade to...

8.1CVSS5.8AI score0.00409EPSS
Exploits0References4Affected Software1
PyPA
PyPA
added 2026/03/17 11:16 a.m.12 views

PYSEC-2026-14

Apache Airflow versions 3.0.0 through 3.1.7FastAPI DagVersion listing API does not apply per-DAG authorization filtering when the request is made with dagid set to "" wildcard for all DAGs. As a result, version metadata of DAGs that the requester is not authorized to access is returned.Users are...

6.5CVSS5.8AI score0.00406EPSS
Exploits0References4Affected Software1
PyPA
PyPA
added 2026/03/17 11:16 a.m.12 views

PYSEC-2026-15

Apache Airflow versions 3.1.0 through 3.1.7 /ui/dependencies endpoint returns the full DAG dependency graph without filtering by authorized DAG IDs. This allows an authenticated user with only DAG Dependencies permission to enumerate DAGs they are not authorized to view.Users are recommended to...

4.3CVSS5.8AI score0.0044EPSS
Exploits0References4Affected Software1
PyPA
PyPA
added 2026/03/16 6:16 p.m.3 views

PYSEC-2026-2117

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a library-level vulnerability was identified in the Authlib Python library concerning the validation of OpenID Connect OIDC ID Tokens. Specifically, the internal hash verification logic verifyhash...

9.1CVSS6.9AI score0.00226EPSS
Exploits1References12Affected Software1
PyPA
PyPA
added 2026/03/16 6:16 p.m.2 views

PYSEC-2026-2116

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptographic padding oracle vulnerability was identified in the Authlib Python library concerning the implementation of the JSON Web Encryption JWE RSA15 key management algorithm. Authlib registe...

8.3CVSS6.6AI score0.00142EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2026/03/16 5:16 p.m.22 views

PYSEC-2026-162

Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions = 0.2.14 and 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context.To...

6.8CVSS5.9AI score0.00131EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2026/03/16 2:19 p.m.12 views

PYSEC-2026-132

SimpleEval is a library for adding evaluatable expressions into python projects. Prior to 1.0.5, objects including modules can leak dangerous modules through to direct access inside the sandbox. If the objects you've passed in as names to SimpleEval have modules or other disallowed / dangerous...

9.8CVSS7.3AI score0.00524EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities7044