Vulnerabilities

Recent vulnerabilities

Recent vulnerabilities from 🏠GNA-1 (CIRCL)
Select from 78 available sources using the dropdown above.

PySec 🐍

Recent vulnerabilities · 5570 entries
ID Severity Description Package Published Updated
pysec-2026-2030
5.1 (4.0)
### Impact Due to a missing permission check on the preview endpoints, a user with access… wagtail 2026-07-07T16:42:05.813187Z 2026-07-07T17:25:48.981556Z
pysec-2026-1224
8.4 (3.1)
Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading fu… boltz 2026-07-07T16:42:05.657818Z 2026-07-07T17:23:51.799657Z
pysec-2026-1888
7.2 (3.1)
8.7 (4.0)
### Summary SageMaker Python SDK is an open source library for training and deploying ma… sagemaker 2026-07-07T16:42:05.574892Z 2026-07-07T17:25:19.561157Z
pysec-2026-1886
5.9 (3.1)
8.7 (4.0)
### Summary SageMaker Python SDK is an open source library for training and deploying mac… sagemaker 2026-07-07T16:42:05.484460Z 2026-07-07T17:25:19.341097Z
pysec-2026-1789
8.9 (4.0)
### Summary An unsafe deserialization vulnerability allows any unauthenticated user to e… picklescan 2026-07-07T16:42:05.209907Z 2026-07-07T17:25:02.512311Z
pysec-2026-1491
5.4 (3.1)
### Summary An IDOR in the Notion OAuth callback allows an attacker to hijack any user's … khoj 2026-07-07T16:36:56.149951Z 2026-07-07T17:24:25.678066Z
pysec-2026-1796
2.0 (4.0)
When pip is installing and extracting a maliciously crafted wheel archive, files may be e… pip 2026-07-07T16:36:56.040886Z 2026-07-07T17:25:03.454323Z
pysec-2026-1075
Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08, maliciou… tiktoken-mcp 2026-07-07T16:26:46Z 2026-07-07T16:26:46Z
pysec-2026-1074
Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08, maliciou… ray-mcp-server 2026-07-07T16:19:27Z 2026-07-07T16:19:27Z
pysec-2026-1073
Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08, maliciou… orchestr8-platform 2026-07-07T16:16:21Z 2026-07-07T16:16:21Z
pysec-2026-1072
Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08, maliciou… openai-mcp 2026-07-07T16:12:30Z 2026-07-07T16:12:30Z
pysec-2026-1071
Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08, maliciou… mem8 2026-07-07T16:09:47Z 2026-07-07T16:09:47Z
pysec-2026-1070
Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08, maliciou… langchain-core-mcp 2026-07-07T16:04:20Z 2026-07-07T16:04:20Z
pysec-2026-1965
7.5 (3.1)
A vulnerability in huggingface/text-generation-inference version 3.3.6 allows unauthentic… text-generation 2026-07-07T16:03:21.466506Z 2026-07-07T17:25:41.621325Z
pysec-2026-1639
7.0 (3.1)
In mlflow version 2.20.3, the temporary directory used for creating Python virtual enviro… mlflow 2026-07-07T16:03:21.413817Z 2026-07-07T17:24:41.914330Z
pysec-2026-1560
5.3 (3.1)
The `SimpleDirectoryReader` component in `llama_index.core` version 0.12.23 suffers from … llama-index-core 2026-07-07T16:03:21.353538Z 2026-07-07T17:24:33.333405Z
pysec-2026-1586
8.2 (3.1)
A vulnerability in the `lollms_generation_events.py` component of parisneo/lollms version… lollms 2026-07-07T16:03:21.287571Z 2026-07-07T17:24:35.833438Z
pysec-2026-1894
7.8 (3.1)
7.3 (4.0)
Salt's junos execution module contained an unsafe YAML decode/load usage. A specially cra… salt 2026-07-07T16:03:21.219152Z 2026-07-07T17:25:20.589148Z
pysec-2026-1902
6.2 (3.1)
7.5 (4.0)
Salt contains an authentication protocol version downgrade weakness that can allow a mali… salt 2026-07-07T16:03:21.156662Z 2026-07-07T17:25:21.300231Z
pysec-2026-1572
3.2 (3.1)
Llama Stack (aka llama-stack) before 0.4.0rc3 does not censor the pgvector password in th… llama-stack 2026-07-07T16:03:21.074750Z 2026-07-07T17:24:34.683728Z
pysec-2026-1294
7.5 (3.1)
8.7 (4.0)
### Summary The compressed data parser uses `zlib.decompress()` without a maximum output … dfir-unfurl 2026-07-07T16:03:21.008991Z 2026-07-07T17:24:00.300957Z
pysec-2026-1078
8.6 (4.0)
### Summary AutoGPT Platform's block execution endpoints (both main web API and external… agpt 2026-07-07T16:03:20.951862Z 2026-07-07T17:23:33.464384Z
pysec-2026-2020
7.1 (3.1)
### Summary A Server-Side Request Forgery (SSRF) vulnerability exists in the `MediaConnec… vllm 2026-07-07T16:03:20.898386Z 2026-07-07T17:25:47.810776Z
pysec-2026-1856
8.8 (3.1)
### Summary A vulnerability in PyTorch's `weights_only` unpickler allows an attacker to … pytorch 2026-07-07T16:03:20.837738Z 2026-07-07T17:25:15.153263Z
pysec-2026-1716
5.9 (3.1)
6.0 (4.0)
### Impact OctoPrint versions up to and including 1.11.5 are affected by a (theoretical)… octoprint 2026-07-07T16:03:20.785868Z 2026-07-07T17:24:53.289854Z
pysec-2026-1193
5.3 (4.0)
All versions of askbot before and including 0.12.2 allow an attacker authenticated with n… askbot 2026-07-07T16:03:20.731805Z 2026-07-07T17:23:47.347558Z
pysec-2026-1827
5.1 (4.0)
### Impact An attacker who uses this vulnerability can craft a PDF which leads to an inf… pypdf 2026-07-07T16:03:20.675725Z 2026-07-07T17:25:12.724293Z
pysec-2026-1668
8.1 (3.1)
### Summary A Stored Cross-site Scripting (XSS) vulnerability in MobSF's Android manifest… mobsf 2026-07-07T16:03:20.612144Z 2026-07-07T17:24:44.561173Z
pysec-2026-1400
5.3 (3.1)
A vulnerability was discovered in Gakido that allowed HTTP Header Injection through CRLF … gakido 2026-07-07T16:03:20.559426Z 2026-07-07T17:24:11.115334Z
pysec-2026-1852
8.6 (3.1)
### Summary A Path Traversal vulnerability exists when using non-default configuration o… python-multipart 2026-07-07T16:03:20.509610Z 2026-07-07T17:25:14.687761Z