Skip to main content

Python

2165 CVEs product

Monthly

CVE-2026-32112 PyPI MEDIUM PATCH This Month

Medium severity vulnerability in Home Assistant MCP. #

Python XSS Home Assistant Mcp Server
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-31958 PyPI HIGH PATCH GHSA This Week

In versions of Tornado prior to 6.5.5, the only limit on the number of parts in `multipart/form-data` is the `max_body_size` setting (default 100MB). Since parsing occurs synchronously on the main thread, this creates the possibility of denial-of-service due to the cost of parsing very large multipart bodies with many parts. Tornado 6.5.5 introduces new limits on the size and complexity of multipart bodies, including a default limit of 100 parts per request. These limits are configurable if needed; see `tornado.httputil.ParseMultipartConfig`. It is also now possible to disable `multipart/form-data` parsing entirely if it is not required for the application.

Python Denial Of Service Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-31900 PyPI PATCH Monitor

Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code.

Python Github
NVD GitHub VulDB
EPSS
0.1%
CVE-2026-31826 PyPI MEDIUM PATCH This Month

pypdf is a free and open-source pure-python PDF library. versions up to 6.8.0 is affected by allocation of resources without limits or throttling.

Python Denial Of Service Pypdf Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31815 PyPI MEDIUM PATCH This Month

Unicorn adds modern reactive component functionality to your Django templates. versions up to 0.67.0 is affected by improper access control (CVSS 5.3).

Python Authentication Bypass Unicorn
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-29787 PyPI MEDIUM POC PATCH This Month

The /api/health/detailed endpoint in mcp-memory-service prior to version 10.21.0 discloses sensitive system information including OS details, Python version, CPU configuration, memory metrics, and database paths to unauthenticated network users when anonymous access is enabled. Public exploit code exists for this information disclosure vulnerability, which affects deployments using the default 0.0.0.0 network binding. A patch is available in version 10.21.0 to restrict endpoint access and redact sensitive data.

Python AI / ML Mcp Memory Service
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-29780 PyPI MEDIUM POC PATCH This Month

Unsanitized attachment filenames in eml_parser prior to version 2.0.1 enable path traversal attacks, allowing attackers to write files outside the intended output directory when the example extraction script processes malicious emails. Organizations using the vulnerable example code or similar attachment handling logic are at risk of unauthorized file writes that could overwrite critical files or introduce malicious content. Public exploit code exists for this vulnerability, and a patch is available in version 2.0.1 and later.

Python Path Traversal Eml Parser
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-29778 PyPI HIGH POC PATCH GHSA This Week

Path traversal in pyLoad versions 0.5.0b3.dev13 through 0.5.0b3.dev96 allows authenticated attackers to manipulate package folder locations through insufficient sanitization of the pack_folder parameter, bypassing directory traversal protections with recursive sequences. An attacker can exploit this to write files outside intended directories, causing data integrity issues and potential denial of service. Public exploit code exists for this vulnerability and no patch is currently available.

Python Pyload Ng
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-29186 npm CRITICAL PATCH Act Now

Arbitrary code execution in Backstage's @backstage/plugin-techdocs-node (versions <= 1.14.2) allows attackers who can influence an mkdocs.yml file to run arbitrary Python during the documentation build, bypassing TechDocs' allowlist-based configuration filtering. The flaw stems from MkDocs configuration keys (notably the hooks feature) that the security allowlist failed to block, meaning any contributor able to merge or supply a crafted mkdocs.yml gains code execution on the build host. No public exploit identified at time of analysis, and EPSS is low (0.07%), but the CVSS 9.8 rating and trivial exploitation primitive make this a high-priority patch for self-hosted developer portals.

Python Backstage Plugin Techdocs Node RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-29075 HIGH PATCH This Week

Unsafe checkout of untrusted code in Mesa's benchmarks.yml GitHub Actions workflow prior to version 3.5.1 enables arbitrary code execution with elevated privileges on CI/CD runners. An attacker can exploit this by submitting malicious pull requests to execute commands in the privileged runner environment, potentially compromising the build pipeline and downstream users. A patch is available in commit c35b8cd.

Python AI / ML Mesa
NVD GitHub
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-28804 PyPI MEDIUM PATCH This Month

pypdf versions prior to 6.7.5 are vulnerable to denial-of-service attacks where specially crafted PDF files with ASCIIHexDecode filtered streams can cause excessive processing time and application hang. An unauthenticated attacker can exploit this by providing a malicious PDF that consumes significant computational resources when processed. A patch is available in version 6.7.5 and later.

Python Pypdf Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-28802 PyPI HIGH POC PATCH This Week

Authentication bypass in Authlib (Python OAuth/OpenID Connect library) versions 1.6.5 through 1.6.6 allows remote attackers to forge JWTs by supplying a token with 'alg: none' and an empty signature, which the library accepts as valid during signature verification. Because the integrity check is silently bypassed, an attacker can craft tokens with arbitrary claims and impersonate any identity. Publicly available exploit code exists (regression-test based, via the GitHub Security Advisory), but EPSS is only 0.02% (6th percentile) and the issue is not in CISA KEV - no public exploit identified as actively used at time of analysis.

Python Authlib Information Disclosure Jwt Attack
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.0%
CVE-2026-28277 PyPI MEDIUM PATCH This Month

LangGraph SQLite Checkpoint versions 1.0.9 and prior are vulnerable to unsafe deserialization of msgpack-encoded objects, allowing attackers with write access to the checkpoint database to execute arbitrary code when checkpoints are loaded. This vulnerability affects Python-based AI/ML applications using LangGraph's persistence layer and requires adversary control of the backing storage to exploit. No public patch is currently available for this issue.

Python Deserialization
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-69534 PyPI HIGH PATCH This Week

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. [CVSS 7.5 HIGH]

Python Denial Of Service Information Disclosure Markdown
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-27932 PyPI HIGH POC PATCH This Week

Joserfc versions 1.6.2 and earlier fail to validate the PBES2 iteration count parameter in JWE tokens, allowing unauthenticated attackers to trigger CPU exhaustion by specifying arbitrarily large values in the p2c header field. An attacker can exploit this resource exhaustion vulnerability to cause denial of service against any system using the library to decrypt JWE tokens. Public exploit code exists for this vulnerability, and a patch is available.

Python Denial Of Service Joserfc Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-27905 PyPI HIGH POC PATCH This Week

Arbitrary file write in BentoML prior to version 1.4.36 allows local attackers to write files to arbitrary locations on the host system by crafting malicious tar archives containing symlinks that point outside the extraction directory. The vulnerability exists because the safe_extract_tarfile() function fails to validate symlink targets, only validating the symlink path itself, enabling attackers to bypass directory traversal protections. Public exploit code exists for this vulnerability; users should upgrade to version 1.4.36 or later.

Python AI / ML Bentoml
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-25673 PyPI HIGH PATCH This Week

Django URL field validation triggers excessive Unicode normalization on Windows when processing certain malicious Unicode characters, enabling remote attackers to cause denial of service through crafted URL inputs. Affected versions include Django 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29, with potential impact to unsupported series 5.0.x, 4.1.x, and 3.2.x. A patch is available for all affected supported versions.

Python Django Denial Of Service Microsoft
NVD VulDB HeroDevs
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-28416 PyPI HIGH PATCH GHSA This Week

Server-Side Request Forgery in Gradio prior to version 6.6.0 allows attackers to execute arbitrary HTTP requests through a victim's infrastructure by crafting a malicious Space with a poisoned proxy_url configuration. Applications that load untrusted Gradio Spaces via gr.load() are vulnerable to attacks targeting internal services, cloud metadata endpoints, and private networks. No patch is currently available for affected Python/ML applications.

Python SSRF AI / ML Gradio Red Hat
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-28415 PyPI MEDIUM PATCH This Month

Open redirect in Gradio's OAuth implementation allows unauthenticated attackers to redirect users to arbitrary external URLs through the unvalidated _target_url parameter on /logout and /login/callback endpoints in applications with OAuth enabled. This affects Gradio versions prior to 6.6.0 running on Hugging Face Spaces with gr.LoginButton, enabling phishing attacks or credential theft. The vulnerability has been patched in version 6.6.0 by sanitizing the parameter to only accept relative URLs.

Python AI / ML Gradio Hugging Face Red Hat
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-28414 PyPI HIGH POC PATCH GHSA This Week

Gradio versions up to 6.7 contains a vulnerability that allows attackers to read arbitrary files from the file system (CVSS 7.5).

Windows Python Path Traversal AI / ML Gradio
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-27167 PyPI NONE POC PATCH Awaiting Data

Gradio is an open-source Python package designed for quick prototyping. Starting in version 4.16.0 and prior to version 6.6.0, Gradio applications running outside of Hugging Face Spaces automatically enable "mocked" OAuth routes when OAuth components (e.g.

Python Hugging Face AI / ML
NVD GitHub
EPSS
0.1%
CVE-2026-28351 PyPI MEDIUM PATCH This Month

Crafted PDF files can trigger excessive memory consumption in pypdf versions before 6.7.4 when processing content streams with the RunLengthDecode filter, enabling denial-of-service attacks against applications using the library. An unauthenticated attacker can exploit this remotely by submitting a malicious PDF, causing the affected application to exhaust system memory. A patch is available in pypdf 6.7.4 and later.

Python Pypdf Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-28231 PyPI CRITICAL POC PATCH Act Now

Integer overflow in pillow_heif Python library before 1.3.0 leads to out-of-bounds read when processing HEIF images, potentially causing information disclosure or crashes. PoC and patch available.

Python Integer Overflow Denial Of Service Information Disclosure Pillow Heif +1
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-28211 HIGH This Week

Arbitrary code execution in NVDA Dev & Test Toolbox versions 2.0-8.0 through unsafe evaluation of Python expressions embedded in log files. An attacker can trick users into opening a malicious log file and reading it with the add-on's log reader commands, causing arbitrary code execution under the user's privileges without requiring elevated permissions or user interaction beyond opening the file.

Python
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27510 CRITICAL POC Act Now

Remote control vulnerability in Unitree Go2 robot dog firmware 1.1.7-1.1.11. The companion Android app allows remote attackers to take control of the robot. PoC available.

Android Python RCE SQLi Go2 Firmware
NVD
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-27509 HIGH POC This Week

Unitree Go2 robots running firmware versions V1.1.7-V1.1.9 and V1.1.11 (EDU) lack authentication controls on the DDS actuator API, allowing network-adjacent attackers to inject and execute arbitrary Python code as root by publishing a crafted message. Public exploit code exists for this vulnerability, which enables persistent code execution through controller keybindings that survive reboots. No patch is currently available.

Python Authentication Bypass
NVD VulDB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-27966 PyPI CRITICAL POC PATCH Act Now

Code injection in Langflow CSV Agent node before 1.8.0. The node hardcodes allow_dangerous_code=True, enabling arbitrary code execution through crafted CSV files. EPSS 0.41% with PoC and patch available.

Python RCE Command Injection AI / ML Langflow +1
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2026-27952 PyPI HIGH POC PATCH This Week

Arbitrary code execution in Agenta-API prior to version 0.48.1 allows authenticated users to escape the RestrictedPython sandbox through unsafe whitelisting of the numpy package, enabling execution of arbitrary system commands on the API server. The vulnerability leverages numpy.ma.core.inspect to access Python introspection utilities and bypass sandbox restrictions. Public exploit code exists for this vulnerability, and no patch is currently available.

Python AI / ML Agenta
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-27888 PyPI HIGH PATCH This Week

Denial of service in pypdf prior to version 6.7.3 allows remote attackers to exhaust system memory by crafting malicious PDF files that exploit FlateDecode-compressed streams accessed through the xfa property. The vulnerability requires no authentication or user interaction and affects any application processing untrusted PDF documents with the vulnerable library. Upgrade to pypdf 6.7.3 or later to remediate.

Python Pypdf Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-27809 PyPI CRITICAL POC PATCH Act Now

Integer overflow in psd-tools Python library before 1.12.2 when processing malformed RLE-compressed PSD files leads to heap overflow. PoC and patch available.

Adobe Python Denial Of Service Psd Tools
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-27494 npm CRITICAL PATCH Act Now

Python sandbox escape in n8n workflow automation before 2.10.1/2.9.3/1.123.22. Users who can modify workflows can escape the Python Code node sandbox for full host compromise on instances using internal Task Runners.

Python AI / ML N8n
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-27628 PyPI HIGH PATCH This Week

Pypdf versions up to 6.7.2 is affected by loop with unreachable exit condition (infinite loop) (CVSS 7.5).

Python Pypdf Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-27156 PyPI MEDIUM PATCH This Month

NiceGUI versions prior to 3.8.0 are vulnerable to stored cross-site scripting (XSS) through multiple APIs that improperly handle user-controlled method names, allowing attackers to inject arbitrary JavaScript that executes in victims' browsers. The vulnerability stems from unsafe use of eval() and string interpolation in Element.run_method(), AgGrid.run_grid_method(), EChart.run_chart_method(), and related functions. A patch is available in version 3.8.0 and later.

Python Nicegui
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-26331 PyPI HIGH POC PATCH This Week

yt-dlp is a command-line audio/video downloader. [CVSS 8.8 HIGH]

Python Command Injection Yt Dlp Red Hat Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2026-26198 PyPI CRITICAL POC PATCH Act Now

SQL injection in Ormar async ORM for Python versions 0.9.9 through 0.22.0. Aggregate queries pass unsanitized input to SQL, enabling database compromise through the ORM abstraction. PoC and patch available.

Python Ormar
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-27469 PyPI MEDIUM PATCH This Month

Stored cross-site scripting in Isso's comment server allows unauthenticated attackers to inject malicious JavaScript through improperly escaped website and comment fields, enabling session hijacking or credential theft when victims interact with affected comments. The vulnerability stems from insufficient HTML escaping that leaves quotes unescaped in href attributes and comment edit endpoints, permitting arbitrary event handler injection. No patch is currently available for Python deployments.

Python XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-27205 PyPI MEDIUM PATCH This Month

Flask versions 3.1.2 and earlier fail to set proper cache headers when the session object is accessed through certain methods like the Python `in` operator, allowing cached responses containing user-specific session data to be served to other users. An attacker can exploit this to access sensitive information from cached responses if the application runs behind a caching proxy that doesn't ignore Set-Cookie headers. This requires the vulnerable application to lack explicit Cache-Control headers and access session data in ways that bypass normal cache-control logic.

Python Flask Red Hat Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-27026 PyPI MEDIUM PATCH This Month

Pypdf versions up to 6.7.1 is affected by allocation of resources without limits or throttling (CVSS 5.5).

Python Pypdf Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-27025 PyPI MEDIUM PATCH This Month

Resource exhaustion in pypdf versions prior to 6.7.1 occurs when processing maliciously crafted PDF files with manipulated /ToUnicode font entries, causing excessive memory consumption and processing delays during text extraction operations. A local attacker with file access can exploit this to degrade system performance, though no code execution or data compromise is possible. The vulnerability affects Python environments using pypdf and is remedied by upgrading to version 6.7.1 or later.

Python Pypdf Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-27024 PyPI MEDIUM PATCH This Month

Pypdf versions up to 6.7.1 is affected by loop with unreachable exit condition (infinite loop) (CVSS 5.5).

Python Pypdf Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-26975 HIGH This Week

Remote code execution in Music Assistant Server 2.6.3 and below enables unauthenticated network-adjacent attackers to execute arbitrary code through path traversal in the playlist update API, which fails to enforce file extension restrictions and allows writing malicious Python files to site-packages. The vulnerability is particularly critical because affected containers typically run as root, amplifying the impact of successful exploitation. No patch is currently available, leaving installations at risk until an upgrade to version 2.7.0 or later is performed.

Python RCE Path Traversal Music Assistant Server
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-26953 MEDIUM POC PATCH This Month

Stored HTML injection in Pi-hole Admin Interface versions 6.0+ allows authenticated attackers to inject arbitrary HTML into the active sessions table via the X-Forwarded-For header, which is unsafely rendered when administrators view the API settings page. Public exploit code exists for this vulnerability, affecting administrators who manage Pi-hole instances. An attacker with valid credentials can exploit this to perform client-side attacks against other administrators viewing the compromised session data.

Python Jquery Web Interface
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-26030 PyPI CRITICAL PATCH GHSA Act Now

Remote code execution in Microsoft Semantic Kernel Python SDK before 1.39.4. Code injection in the AI orchestration framework. Patch available.

Microsoft Linux Python RCE AI / ML +1
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2025-69287 npm MEDIUM PATCH This Month

BSV Blockchain SDK is a unified TypeScript SDK for developing scalable apps on the BSV Blockchain. versions up to 2.0.0 contains a security vulnerability (CVSS 5.4).

Python Authentication Bypass
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-14009 PyPI HIGH POC PATCH GHSA This Week

Arbitrary code execution in the NLTK (Natural Language Toolkit) Python library affects all versions through its data downloader: the _unzip_iter function in nltk/downloader.py calls zipfile.extractall() with no path validation, so a malicious data package can drop attacker-controlled Python files (e.g. __init__.py) that execute automatically on import. Any application that downloads NLTK data from an attacker-influenced source is exposed to full remote code execution. Publicly available exploit code exists (huntr.com bounty), EPSS is modest at 0.57% (68th percentile), and there is no public exploit identified as actively exploited in CISA KEV.

Python RCE Nltk Code Injection
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2026-25087 PyPI HIGH PATCH GHSA This Week

Use After Free vulnerability in Apache Arrow C++. This issue affects Apache Arrow C++ from 15.0.0 through 23.0.0. [CVSS 7.0 HIGH]

Apache Python Ruby Use After Free Memory Corruption +4
NVD GitHub
CVSS 3.1
7.0
EPSS
0.2%
CVE-2026-26020 HIGH PATCH This Week

Remote code execution in AutoGPT prior to version 0.6.48 allows authenticated users to execute arbitrary Python code on the backend server by embedding a disabled BlockInstallationBlock within a workflow graph, bypassing validation controls that only checked the disabled flag at direct execution endpoints. An attacker with valid credentials can exploit this to gain full control over the backend system and automate malicious workflows. The vulnerability has been patched in version 0.6.48 and all users should upgrade immediately.

Python RCE AI / ML Autogpt Platform
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-26216 PyPI CRITICAL PATCH GHSA Act Now

Remote code execution in Crawl4AI Docker API before 0.8.0 via hooks parameter. The /crawl endpoint accepts Python code in hooks that executes on the server. EPSS 0.28%.

Python Docker RCE Crawl4ai Code Injection +1
NVD GitHub VulDB
CVSS 4.0
10.0
EPSS
0.3%
CVE-2026-25990 PyPI HIGH PATCH GHSA This Week

Out-of-bounds write in Pillow versions 10.3.0 through 12.1.0 allows remote denial of service when processing maliciously crafted PSD image files. An attacker can trigger a crash by supplying a specially crafted image without authentication or user interaction. A patch is available in version 12.1.1.

Python Buffer Overflow Memory Corruption Pillow
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2025-69872 PyPI CRITICAL PATCH Act Now

Unsafe deserialization in DiskCache Python library through 5.6.3. Uses pickle by default, allowing attackers with cache directory write access to execute arbitrary code.

Python RCE Code Injection
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-26007 PyPI HIGH PATCH This Week

Private-key information disclosure in the pyca/cryptography Python package (versions <= 46.0.4) arises because public-key loading and construction routines skip prime-order subgroup validation for SECT binary elliptic curves, letting an attacker submit a small-order point that leaks bits of a victim's private key during ECDH or enables signature forgery in ECDSA. Per the CVSS vector exploitation is unauthenticated and network-reachable (PR:N/AV:N) but high-complexity (AC:H), and only the rarely used SECT/binary curves are affected. There is no public exploit identified at time of analysis, EPSS risk is negligible (0.01%), and a fix is available in 46.0.5.

Python Cryptography Information Disclosure
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-25528 LIB MEDIUM PATCH This Month

LangSmith Client SDKs for Python and AI/ML platforms are susceptible to server-side request forgery through malicious HTTP baggage headers that allow attackers to redirect trace data exfiltration to attacker-controlled endpoints. An unauthenticated attacker can inject arbitrary api_url values during distributed tracing operations, causing the SDK to send sensitive trace data outside the intended infrastructure. No patch is currently available for this medium-severity vulnerability.

Python SSRF AI / ML
NVD GitHub
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-25905 PyPI MEDIUM This Month

Python code execution through Pyodide in the mcp-run-python library lacks isolation from the JavaScript environment, enabling attackers to manipulate the JS runtime and hijack MCP server functionality. This allows adversaries to perform malicious operations including tool shadowing and potential server compromise through crafted Python payloads. No patch is available as the project is archived.

Python AI / ML
NVD
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-25904 PyPI MEDIUM This Month

Pydantic-AI's MCP Run Python tool uses an insufficiently restrictive Deno sandbox configuration that permits Python code to access the host's localhost interface, enabling Server-Side Request Forgery (SSRF) attacks. An attacker can exploit this to probe or interact with services running on the local machine that should be isolated from external access. The archived project status means no patch is expected to be released.

Python SSRF AI / ML
NVD
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-25732 PyPI HIGH POC PATCH GHSA This Week

Path traversal in NiceGUI before 3.7.0 allows remote attackers to write arbitrary files outside intended directories by exploiting unsanitized filename metadata in the FileUpload.name property, potentially leading to remote code execution when developers incorporate this value directly into file paths. Public exploit code exists for this vulnerability, affecting applications using common patterns like concatenating user-supplied filenames with upload directories. Developers are only protected if they use fixed paths, generate filenames server-side, or explicitly sanitize user input.

Python RCE Path Traversal Nicegui
NVD GitHub Exploit-DB VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-25516 PyPI MEDIUM POC PATCH This Month

Cross-site scripting in NiceGUI's ui.markdown() component allows unauthenticated attackers to inject malicious HTML and JavaScript into applications that render user-controlled markdown content, as the component lacks built-in sanitization unlike other NiceGUI HTML rendering functions. Public exploit code exists for this vulnerability affecting NiceGUI versions before 3.7.0. Applications using ui.markdown() with untrusted input are vulnerable to session hijacking, credential theft, and other client-side attacks.

Python XSS Nicegui
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-25632 PyPI CRITICAL PATCH Act Now

EPyT-Flow hydraulic simulation package has a CVSS 10.0 insecure deserialization enabling code execution when loading simulation scenario files.

Python Command Injection Deserialization Epyt Flow
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-25592 LIB CRITICAL POC PATCH Act Now

Microsoft Semantic Kernel SDK has a CVSS 9.9 path traversal vulnerability enabling AI agents to access arbitrary files outside their intended scope.

Microsoft Linux Python .NET AI / ML
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-25580 PyPI HIGH POC PATCH This Week

Pydantic AI versions 0.0.26 through 1.55.x contain a server-side request forgery vulnerability in URL download functionality that allows remote attackers to make arbitrary HTTP requests to internal network resources when applications process untrusted message history. Public exploit code exists for this vulnerability, which could enable attackers to access internal services or cloud credentials. Applications must upgrade to version 1.56.0 or later to remediate the issue.

Python SSRF Pydantic Ai
NVD GitHub VulDB
CVSS 3.1
8.6
EPSS
0.0%
CVE-2026-25640 PyPI MEDIUM PATCH This Month

Pydantic AI versions 1.34.0 through 1.50.x contain a path traversal vulnerability in the web UI that allows unauthenticated attackers to inject arbitrary JavaScript by manipulating the CDN version parameter in a malicious URL. When a victim visits the crafted link, attacker-controlled code executes in their browser, enabling theft of chat history and other sensitive client-side data. No patch is currently available.

Python Path Traversal Pydantic Ai
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-25115 npm CRITICAL PATCH Act Now

n8n has a protection mechanism bypass (CVSS 9.9) in the Python sandbox allowing authenticated users to escape code execution restrictions.

Python N8n
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-24052 npm HIGH PATCH This Week

Claude Code versions prior to 1.0.111 fail to properly validate trusted domains for WebFetch requests, allowing attackers to register lookalike domains (e.g., modelcontextprotocol.io.example.com) that bypass validation checks. This enables unauthorized automated requests to attacker-controlled servers without user interaction, potentially resulting in sensitive data exfiltration from the user's environment. The vulnerability affects Claude Code's agentic coding functionality and requires upgrading to version 1.0.111 or later to remediate.

Python AI / ML Claude Code
NVD GitHub
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-70560 PyPI HIGH This Week

Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to deserialize molecule data files without validation. [CVSS 8.4 HIGH]

Python Deserialization Boltz RCE
NVD GitHub
CVSS 3.1
8.4
EPSS
0.1%
CVE-2025-70559 PyPI MEDIUM PATCH This Month

pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation. [CVSS 6.5 MEDIUM]

Python Privilege Escalation Deserialization RCE Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-1312 PyPI MEDIUM PATCH This Month

SQL injection in Django's QuerySet.order_by() method allows authenticated attackers to execute arbitrary SQL commands through specially crafted column aliases containing periods when used with FilteredRelation and dictionary expansion. This vulnerability affects Django versions 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28, with potentially older unsupported versions also impacted. Patches are available for all affected versions.

Django SQLi Python
NVD HeroDevs VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-1287 PyPI MEDIUM PATCH GHSA This Month

SQL injection via FilteredRelation column aliases in Django 4.2, 5.2, and 6.0 allows authenticated attackers to execute arbitrary SQL queries through crafted dictionary arguments in QuerySet methods like annotate() and aggregate(). An attacker with database access can exploit control characters in alias names to bypass input validation and potentially extract sensitive data or modify database contents. Patches are available for all affected versions, and unsupported Django releases may also be vulnerable.

Django SQLi Python
NVD HeroDevs VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-1207 PyPI MEDIUM POC PATCH GHSA This Month

SQL injection in Django's PostGIS RasterField lookups allows authenticated attackers to execute arbitrary SQL commands through the band index parameter in affected versions 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Unsupported Django series including 5.0.x, 4.1.x, and 3.2.x may also be vulnerable. A patch is available and authentication is required to exploit this vulnerability.

Django SQLi Python
NVD HeroDevs VulDB
CVSS 3.1
5.4
EPSS
5.5%
CVE-2026-1778 PyPI MEDIUM PATCH This Month

Amazon SageMaker Python SDK versions prior to v2.256.0 or v3.1.1 disable TLS certificate verification when importing Triton Python models, enabling attackers to perform man-in-the-middle attacks by presenting invalid or self-signed certificates. This vulnerability affects organizations using the affected SDK versions for model imports over HTTPS connections. No patch is currently available for this vulnerability.

Python TLS AI / ML
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-1777 PyPI HIGH PATCH This Week

Amazon SageMaker Python SDK versions before 3.2.0 and 2.256.0 expose the ModelBuilder HMAC signing key in cleartext API responses, allowing authenticated users with S3 bucket write access to inject malicious artifacts into training jobs that execute with elevated privileges. An attacker with dual permissions to call the DescribeTrainingJob API and modify the training output S3 location can achieve arbitrary code execution when the compromised job runs. No patch is currently available for this vulnerability.

Python AI / ML
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-10279 PyPI HIGH PATCH This Week

In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions (0o777). [CVSS 7.0 HIGH]

Python RCE
NVD GitHub
CVSS 3.0
7.0
EPSS
0.0%
CVE-2024-2356 CRITICAL Act Now

Local File Inclusion in parisneo/lollms-webui /reinstall_extension endpoint allows authenticated users to include arbitrary local files. EPSS 0.26%.

Python RCE
NVD GitHub
CVSS 3.0
9.6
EPSS
0.3%
CVE-2026-25153 npm HIGH PATCH This Week

Arbitrary Python code execution in Backstage's @backstage/plugin-techdocs-node (versions < 1.13.11 and = 1.14.0) lets a contributor who can add or edit a repository's mkdocs.yml inject a malicious MkDocs `hooks` directive that runs on the TechDocs build server whenever TechDocs is configured with `runIn: local`. The flaw also affects documentation built in CI/CD via @techdocs/cli, which bundles the same package. EPSS is very low (0.02%, 6th percentile) and there is no public exploit identified at time of analysis, but the CVSS of 8.8 reflects full host compromise of the build environment.

Python Node.js Docker Backstage Code Injection +1
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-24780 PyPI HIGH POC This Week

Remote code execution in AutoGPT Platform prior to v0.6.44 allows authenticated users to execute disabled blocks and write arbitrary Python code to the server filesystem. The vulnerability stems from insufficient validation of the disabled flag in block execution endpoints, enabling attackers to achieve code execution via the BlockInstallationBlock component. Public exploit code exists, and self-hosted instances with Supabase signup enabled are particularly vulnerable to account creation and exploitation.

Python RCE AI / ML Autogpt Platform
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-24779 PyPI HIGH POC PATCH This Week

vLLM before version 0.14.1 contains a server-side request forgery vulnerability in the MediaConnector class where inconsistent URL parsing between libraries allows attackers to bypass host restrictions and force the server to make arbitrary requests to internal network resources. Public exploit code exists for this vulnerability, which poses significant risk in containerized environments where a compromised vLLM instance could be leveraged to access restricted internal systems. The vulnerability affects users running vLLM's multimodal features with untrusted input.

Python SSRF Denial Of Service Vllm Information Disclosure
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-24747 PyPI HIGH POC PATCH This Week

PyTorch is a Python package that provides tensor computation. [CVSS 8.8 HIGH]

Python Pytorch Checkpoint Code Injection RCE
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-24688 PyPI MEDIUM PATCH This Month

Pypdf versions up to 6.6.2 is affected by loop with unreachable exit condition (infinite loop) (CVSS 4.3).

Python Pypdf Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-24489 PyPI MEDIUM PATCH This Month

HTTP header injection in the Gakido Python HTTP client prior to version 0.1.1 allows unauthenticated attackers to inject arbitrary headers into requests by embedding CRLF or null byte sequences in user-supplied header values and names. An attacker could leverage this to manipulate HTTP requests and potentially bypass security controls or perform request smuggling attacks. The vulnerability has been patched in version 0.1.1 with header sanitization functions, though no patch is currently available for affected systems.

Python
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-24486 PyPI HIGH POC PATCH This Week

Arbitrary file write in python-multipart prior to 0.0.22 lets remote attackers place uploaded files outside the intended upload directory by supplying a filename that begins with an absolute path (e.g. '/etc/...'). The flaw only manifests in deployments that enable the non-default options UPLOAD_DIR plus UPLOAD_KEEP_FILENAME=True, where os.path.join silently discards the configured directory. Publicly available exploit code exists (Exploit-DB 52543, GHSA-wp53-j4wj-2cfg), though EPSS is very low (0.03%, 7th percentile) and it is not in CISA KEV.

Python Path Traversal Python Multipart
NVD GitHub Exploit-DB VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-24408 PyPI NONE PATCH Awaiting Data

sigstore-python is a Python tool for generating and verifying Sigstore signatures. Prior to version 4.2.0, the sigstore-python OAuth authentication flow is susceptible to Cross-Site Request Forgery.

Python CSRF
NVD GitHub
EPSS
0.0%
CVE-2026-24123 PyPI HIGH PATCH This Week

BentoML versions prior to 1.4.34 allow path traversal attacks through improperly validated file path fields in bentofile.yaml configurations, enabling attackers to embed arbitrary files from the victim's system into bento archives during the build process. This vulnerability can be exploited to exfiltrate sensitive data such as credentials, SSH keys, and environment variables into supply chain artifacts that may be pushed to registries or deployed in production environments. A patch is available in version 1.4.34.

Python Docker Path Traversal AI / ML Bentoml
NVD GitHub
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-0994 PyPI HIGH PATCH This Week

A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages.

Google Python Authentication Bypass Protobuf
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-0771 HIGH This Week

Langflow's PythonFunction component allows authenticated attackers with user interaction to inject and execute arbitrary Python code within application workflows, achieving remote code execution. The vulnerability affects Langflow deployments using Python-based AI/ML components, with exploitation feasibility depending on specific product configurations. No patch is currently available.

Python RCE Code Injection AI / ML Langflow
NVD
CVSS 3.0
7.1
EPSS
0.1%
CVE-2026-0769 CRITICAL Act Now

Langflow has an eval injection in eval_custom_component_code (EPSS 2.0%) enabling remote code execution through crafted custom component definitions.

Python RCE AI / ML Langflow
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2026-0768 CRITICAL Act Now

Langflow has a code injection vulnerability in the code component (EPSS 2.6%) enabling remote code execution through the visual AI workflow builder.

Python RCE Code Injection AI / ML Langflow
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2026-0766 HIGH This Week

Remote code execution in Open WebUI through the load_tool_module_by_id function allows authenticated attackers to execute arbitrary Python code due to insufficient input validation on user-supplied strings. An attacker with valid credentials can leverage this vulnerability to achieve code execution with service account privileges. No patch is currently available, making this a critical risk for deployed Open WebUI instances.

Python RCE Command Injection AI / ML Open Webui
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2026-0761 CRITICAL Act Now

MetaGPT has a code injection vulnerability in actionoutput_str_to_mapping (EPSS 2.6%) allowing remote attackers to execute arbitrary code through crafted AI agent output processing.

Python RCE Code Injection AI / ML Metagpt
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2026-24130 PyPI MEDIUM PATCH This Month

Moonraker versions 0.9.3 and below with LDAP authentication enabled are susceptible to LDAP injection attacks through the login endpoint, enabling attackers to enumerate valid user IDs and attributes via response analysis. An unauthenticated remote attacker can exploit this vulnerability to discover LDAP directory information without requiring valid credentials. A patch is available in version 0.10.0 and later.

Python LDAP Moonraker
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-15523 This Week

MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle.

macOS Python
NVD
EPSS
0.0%
CVE-2026-24049 PyPI MEDIUM POC PATCH This Month

Malicious wheel files can modify file permissions on critical system files during extraction in Python wheel versions 0.40.0-0.46.1, enabling attackers to alter SSH keys, configuration files, or executable scripts. This path traversal and permission manipulation flaw affects systems unpacking untrusted wheels and can lead to privilege escalation or arbitrary code execution. Public exploit code exists for this vulnerability, though a patch is available in version 0.46.2.

Python Privilege Escalation Wheel RCE Path Traversal
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-24002 CRITICAL PATCH Act Now

Grist spreadsheet software has an injection vulnerability in Python formula execution that allows authenticated users to escape the formula sandbox and execute arbitrary code.

Python AI / ML Grist Core
NVD GitHub
CVSS 3.1
9.0
EPSS
0.0%
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Medium severity vulnerability in Home Assistant MCP. #

Python XSS Home Assistant Mcp Server
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

In versions of Tornado prior to 6.5.5, the only limit on the number of parts in `multipart/form-data` is the `max_body_size` setting (default 100MB). Since parsing occurs synchronously on the main thread, this creates the possibility of denial-of-service due to the cost of parsing very large multipart bodies with many parts. Tornado 6.5.5 introduces new limits on the size and complexity of multipart bodies, including a default limit of 100 parts per request. These limits are configurable if needed; see `tornado.httputil.ParseMultipartConfig`. It is also now possible to disable `multipart/form-data` parsing entirely if it is not required for the application.

Python Denial Of Service Red Hat +1
NVD GitHub VulDB
EPSS 0%
PATCH Monitor

Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code.

Python Github
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

pypdf is a free and open-source pure-python PDF library. versions up to 6.8.0 is affected by allocation of resources without limits or throttling.

Python Denial Of Service Pypdf +2
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Unicorn adds modern reactive component functionality to your Django templates. versions up to 0.67.0 is affected by improper access control (CVSS 5.3).

Python Authentication Bypass Unicorn
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

The /api/health/detailed endpoint in mcp-memory-service prior to version 10.21.0 discloses sensitive system information including OS details, Python version, CPU configuration, memory metrics, and database paths to unauthenticated network users when anonymous access is enabled. Public exploit code exists for this information disclosure vulnerability, which affects deployments using the default 0.0.0.0 network binding. A patch is available in version 10.21.0 to restrict endpoint access and redact sensitive data.

Python AI / ML Mcp Memory Service
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Unsanitized attachment filenames in eml_parser prior to version 2.0.1 enable path traversal attacks, allowing attackers to write files outside the intended output directory when the example extraction script processes malicious emails. Organizations using the vulnerable example code or similar attachment handling logic are at risk of unauthorized file writes that could overwrite critical files or introduce malicious content. Public exploit code exists for this vulnerability, and a patch is available in version 2.0.1 and later.

Python Path Traversal Eml Parser
NVD GitHub
EPSS 0% CVSS 7.1
HIGH POC PATCH This Week

Path traversal in pyLoad versions 0.5.0b3.dev13 through 0.5.0b3.dev96 allows authenticated attackers to manipulate package folder locations through insufficient sanitization of the pack_folder parameter, bypassing directory traversal protections with recursive sequences. An attacker can exploit this to write files outside intended directories, causing data integrity issues and potential denial of service. Public exploit code exists for this vulnerability and no patch is currently available.

Python Pyload Ng
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Arbitrary code execution in Backstage's @backstage/plugin-techdocs-node (versions <= 1.14.2) allows attackers who can influence an mkdocs.yml file to run arbitrary Python during the documentation build, bypassing TechDocs' allowlist-based configuration filtering. The flaw stems from MkDocs configuration keys (notably the hooks feature) that the security allowlist failed to block, meaning any contributor able to merge or supply a crafted mkdocs.yml gains code execution on the build host. No public exploit identified at time of analysis, and EPSS is low (0.07%), but the CVSS 9.8 rating and trivial exploitation primitive make this a high-priority patch for self-hosted developer portals.

Python Backstage Plugin Techdocs Node RCE
NVD GitHub
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Unsafe checkout of untrusted code in Mesa's benchmarks.yml GitHub Actions workflow prior to version 3.5.1 enables arbitrary code execution with elevated privileges on CI/CD runners. An attacker can exploit this by submitting malicious pull requests to execute commands in the privileged runner environment, potentially compromising the build pipeline and downstream users. A patch is available in commit c35b8cd.

Python AI / ML Mesa
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

pypdf versions prior to 6.7.5 are vulnerable to denial-of-service attacks where specially crafted PDF files with ASCIIHexDecode filtered streams can cause excessive processing time and application hang. An unauthenticated attacker can exploit this by providing a malicious PDF that consumes significant computational resources when processed. A patch is available in version 6.7.5 and later.

Python Pypdf Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 7.7
HIGH POC PATCH This Week

Authentication bypass in Authlib (Python OAuth/OpenID Connect library) versions 1.6.5 through 1.6.6 allows remote attackers to forge JWTs by supplying a token with 'alg: none' and an empty signature, which the library accepts as valid during signature verification. Because the integrity check is silently bypassed, an attacker can craft tokens with arbitrary claims and impersonate any identity. Publicly available exploit code exists (regression-test based, via the GitHub Security Advisory), but EPSS is only 0.02% (6th percentile) and the issue is not in CISA KEV - no public exploit identified as actively used at time of analysis.

Python Authlib Information Disclosure +1
NVD GitHub VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

LangGraph SQLite Checkpoint versions 1.0.9 and prior are vulnerable to unsafe deserialization of msgpack-encoded objects, allowing attackers with write access to the checkpoint database to execute arbitrary code when checkpoints are loaded. This vulnerability affects Python-based AI/ML applications using LangGraph's persistence layer and requires adversary control of the backing storage to exploit. No public patch is currently available for this issue.

Python Deserialization
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. [CVSS 7.5 HIGH]

Python Denial Of Service Information Disclosure +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Joserfc versions 1.6.2 and earlier fail to validate the PBES2 iteration count parameter in JWE tokens, allowing unauthenticated attackers to trigger CPU exhaustion by specifying arbitrarily large values in the p2c header field. An attacker can exploit this resource exhaustion vulnerability to cause denial of service against any system using the library to decrypt JWE tokens. Public exploit code exists for this vulnerability, and a patch is available.

Python Denial Of Service Joserfc +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Arbitrary file write in BentoML prior to version 1.4.36 allows local attackers to write files to arbitrary locations on the host system by crafting malicious tar archives containing symlinks that point outside the extraction directory. The vulnerability exists because the safe_extract_tarfile() function fails to validate symlink targets, only validating the symlink path itself, enabling attackers to bypass directory traversal protections. Public exploit code exists for this vulnerability; users should upgrade to version 1.4.36 or later.

Python AI / ML Bentoml
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Django URL field validation triggers excessive Unicode normalization on Windows when processing certain malicious Unicode characters, enabling remote attackers to cause denial of service through crafted URL inputs. Affected versions include Django 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29, with potential impact to unsupported series 5.0.x, 4.1.x, and 3.2.x. A patch is available for all affected supported versions.

Python Django Denial Of Service +1
NVD VulDB HeroDevs
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Server-Side Request Forgery in Gradio prior to version 6.6.0 allows attackers to execute arbitrary HTTP requests through a victim's infrastructure by crafting a malicious Space with a poisoned proxy_url configuration. Applications that load untrusted Gradio Spaces via gr.load() are vulnerable to attacks targeting internal services, cloud metadata endpoints, and private networks. No patch is currently available for affected Python/ML applications.

Python SSRF AI / ML +2
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Open redirect in Gradio's OAuth implementation allows unauthenticated attackers to redirect users to arbitrary external URLs through the unvalidated _target_url parameter on /logout and /login/callback endpoints in applications with OAuth enabled. This affects Gradio versions prior to 6.6.0 running on Hugging Face Spaces with gr.LoginButton, enabling phishing attacks or credential theft. The vulnerability has been patched in version 6.6.0 by sanitizing the parameter to only accept relative URLs.

Python AI / ML Gradio +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Gradio versions up to 6.7 contains a vulnerability that allows attackers to read arbitrary files from the file system (CVSS 7.5).

Windows Python Path Traversal +2
NVD GitHub
EPSS 0%
NONE POC PATCH Awaiting Data

Gradio is an open-source Python package designed for quick prototyping. Starting in version 4.16.0 and prior to version 6.6.0, Gradio applications running outside of Hugging Face Spaces automatically enable "mocked" OAuth routes when OAuth components (e.g.

Python Hugging Face AI / ML
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Crafted PDF files can trigger excessive memory consumption in pypdf versions before 6.7.4 when processing content streams with the RunLengthDecode filter, enabling denial-of-service attacks against applications using the library. An unauthenticated attacker can exploit this remotely by submitting a malicious PDF, causing the affected application to exhaust system memory. A patch is available in pypdf 6.7.4 and later.

Python Pypdf Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 9.1
CRITICAL POC PATCH Act Now

Integer overflow in pillow_heif Python library before 1.3.0 leads to out-of-bounds read when processing HEIF images, potentially causing information disclosure or crashes. PoC and patch available.

Python Integer Overflow Denial Of Service +3
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in NVDA Dev & Test Toolbox versions 2.0-8.0 through unsafe evaluation of Python expressions embedded in log files. An attacker can trick users into opening a malicious log file and reading it with the add-on's log reader commands, causing arbitrary code execution under the user's privileges without requiring elevated permissions or user interaction beyond opening the file.

Python
NVD GitHub
EPSS 0% CVSS 9.6
CRITICAL POC Act Now

Remote control vulnerability in Unitree Go2 robot dog firmware 1.1.7-1.1.11. The companion Android app allows remote attackers to take control of the robot. PoC available.

Android Python RCE +2
NVD
EPSS 0% CVSS 8.5
HIGH POC This Week

Unitree Go2 robots running firmware versions V1.1.7-V1.1.9 and V1.1.11 (EDU) lack authentication controls on the DDS actuator API, allowing network-adjacent attackers to inject and execute arbitrary Python code as root by publishing a crafted message. Public exploit code exists for this vulnerability, which enables persistent code execution through controller keybindings that survive reboots. No patch is currently available.

Python Authentication Bypass
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

Code injection in Langflow CSV Agent node before 1.8.0. The node hardcodes allow_dangerous_code=True, enabling arbitrary code execution through crafted CSV files. EPSS 0.41% with PoC and patch available.

Python RCE Command Injection +3
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Arbitrary code execution in Agenta-API prior to version 0.48.1 allows authenticated users to escape the RestrictedPython sandbox through unsafe whitelisting of the numpy package, enabling execution of arbitrary system commands on the API server. The vulnerability leverages numpy.ma.core.inspect to access Python introspection utilities and bypass sandbox restrictions. Public exploit code exists for this vulnerability, and no patch is currently available.

Python AI / ML Agenta
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in pypdf prior to version 6.7.3 allows remote attackers to exhaust system memory by crafting malicious PDF files that exploit FlateDecode-compressed streams accessed through the xfa property. The vulnerability requires no authentication or user interaction and affects any application processing untrusted PDF documents with the vulnerable library. Upgrade to pypdf 6.7.3 or later to remediate.

Python Pypdf Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 9.1
CRITICAL POC PATCH Act Now

Integer overflow in psd-tools Python library before 1.12.2 when processing malformed RLE-compressed PSD files leads to heap overflow. PoC and patch available.

Adobe Python Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Python sandbox escape in n8n workflow automation before 2.10.1/2.9.3/1.123.22. Users who can modify workflows can escape the Python Code node sandbox for full host compromise on instances using internal Task Runners.

Python AI / ML N8n
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Pypdf versions up to 6.7.2 is affected by loop with unreachable exit condition (infinite loop) (CVSS 7.5).

Python Pypdf Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

NiceGUI versions prior to 3.8.0 are vulnerable to stored cross-site scripting (XSS) through multiple APIs that improperly handle user-controlled method names, allowing attackers to inject arbitrary JavaScript that executes in victims' browsers. The vulnerability stems from unsafe use of eval() and string interpolation in Element.run_method(), AgGrid.run_grid_method(), EChart.run_chart_method(), and related functions. A patch is available in version 3.8.0 and later.

Python Nicegui
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

yt-dlp is a command-line audio/video downloader. [CVSS 8.8 HIGH]

Python Command Injection Yt Dlp +2
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

SQL injection in Ormar async ORM for Python versions 0.9.9 through 0.22.0. Aggregate queries pass unsanitized input to SQL, enabling database compromise through the ORM abstraction. PoC and patch available.

Python Ormar
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Stored cross-site scripting in Isso's comment server allows unauthenticated attackers to inject malicious JavaScript through improperly escaped website and comment fields, enabling session hijacking or credential theft when victims interact with affected comments. The vulnerability stems from insufficient HTML escaping that leaves quotes unescaped in href attributes and comment edit endpoints, permitting arbitrary event handler injection. No patch is currently available for Python deployments.

Python XSS
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Flask versions 3.1.2 and earlier fail to set proper cache headers when the session object is accessed through certain methods like the Python `in` operator, allowing cached responses containing user-specific session data to be served to other users. An attacker can exploit this to access sensitive information from cached responses if the application runs behind a caching proxy that doesn't ignore Set-Cookie headers. This requires the vulnerable application to lack explicit Cache-Control headers and access session data in ways that bypass normal cache-control logic.

Python Flask Red Hat +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Pypdf versions up to 6.7.1 is affected by allocation of resources without limits or throttling (CVSS 5.5).

Python Pypdf Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Resource exhaustion in pypdf versions prior to 6.7.1 occurs when processing maliciously crafted PDF files with manipulated /ToUnicode font entries, causing excessive memory consumption and processing delays during text extraction operations. A local attacker with file access can exploit this to degrade system performance, though no code execution or data compromise is possible. The vulnerability affects Python environments using pypdf and is remedied by upgrading to version 6.7.1 or later.

Python Pypdf Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Pypdf versions up to 6.7.1 is affected by loop with unreachable exit condition (infinite loop) (CVSS 5.5).

Python Pypdf Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in Music Assistant Server 2.6.3 and below enables unauthenticated network-adjacent attackers to execute arbitrary code through path traversal in the playlist update API, which fails to enforce file extension restrictions and allows writing malicious Python files to site-packages. The vulnerability is particularly critical because affected containers typically run as root, amplifying the impact of successful exploitation. No patch is currently available, leaving installations at risk until an upgrade to version 2.7.0 or later is performed.

Python RCE Path Traversal +1
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

Stored HTML injection in Pi-hole Admin Interface versions 6.0+ allows authenticated attackers to inject arbitrary HTML into the active sessions table via the X-Forwarded-For header, which is unsafely rendered when administrators view the API settings page. Public exploit code exists for this vulnerability, affecting administrators who manage Pi-hole instances. An attacker with valid credentials can exploit this to perform client-side attacks against other administrators viewing the compromised session data.

Python Jquery Web Interface
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Remote code execution in Microsoft Semantic Kernel Python SDK before 1.39.4. Code injection in the AI orchestration framework. Patch available.

Microsoft Linux Python +3
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

BSV Blockchain SDK is a unified TypeScript SDK for developing scalable apps on the BSV Blockchain. versions up to 2.0.0 contains a security vulnerability (CVSS 5.4).

Python Authentication Bypass
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Arbitrary code execution in the NLTK (Natural Language Toolkit) Python library affects all versions through its data downloader: the _unzip_iter function in nltk/downloader.py calls zipfile.extractall() with no path validation, so a malicious data package can drop attacker-controlled Python files (e.g. __init__.py) that execute automatically on import. Any application that downloads NLTK data from an attacker-influenced source is exposed to full remote code execution. Publicly available exploit code exists (huntr.com bounty), EPSS is modest at 0.57% (68th percentile), and there is no public exploit identified as actively exploited in CISA KEV.

Python RCE Nltk +1
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Use After Free vulnerability in Apache Arrow C++. This issue affects Apache Arrow C++ from 15.0.0 through 23.0.0. [CVSS 7.0 HIGH]

Apache Python Ruby +6
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in AutoGPT prior to version 0.6.48 allows authenticated users to execute arbitrary Python code on the backend server by embedding a disabled BlockInstallationBlock within a workflow graph, bypassing validation controls that only checked the disabled flag at direct execution endpoints. An attacker with valid credentials can exploit this to gain full control over the backend system and automate malicious workflows. The vulnerability has been patched in version 0.6.48 and all users should upgrade immediately.

Python RCE AI / ML +1
NVD GitHub
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Remote code execution in Crawl4AI Docker API before 0.8.0 via hooks parameter. The /crawl endpoint accepts Python code in hooks that executes on the server. EPSS 0.28%.

Python Docker RCE +3
NVD GitHub VulDB
EPSS 0% CVSS 8.6
HIGH PATCH This Week

Out-of-bounds write in Pillow versions 10.3.0 through 12.1.0 allows remote denial of service when processing maliciously crafted PSD image files. An attacker can trigger a crash by supplying a specially crafted image without authentication or user interaction. A patch is available in version 12.1.1.

Python Buffer Overflow Memory Corruption +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Unsafe deserialization in DiskCache Python library through 5.6.3. Uses pickle by default, allowing attackers with cache directory write access to execute arbitrary code.

Python RCE Code Injection
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Private-key information disclosure in the pyca/cryptography Python package (versions <= 46.0.4) arises because public-key loading and construction routines skip prime-order subgroup validation for SECT binary elliptic curves, letting an attacker submit a small-order point that leaks bits of a victim's private key during ECDH or enables signature forgery in ECDSA. Per the CVSS vector exploitation is unauthenticated and network-reachable (PR:N/AV:N) but high-complexity (AC:H), and only the rarely used SECT/binary curves are affected. There is no public exploit identified at time of analysis, EPSS risk is negligible (0.01%), and a fix is available in 46.0.5.

Python Cryptography Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

LangSmith Client SDKs for Python and AI/ML platforms are susceptible to server-side request forgery through malicious HTTP baggage headers that allow attackers to redirect trace data exfiltration to attacker-controlled endpoints. An unauthenticated attacker can inject arbitrary api_url values during distributed tracing operations, causing the SDK to send sensitive trace data outside the intended infrastructure. No patch is currently available for this medium-severity vulnerability.

Python SSRF AI / ML
NVD GitHub
EPSS 0% CVSS 5.8
MEDIUM This Month

Python code execution through Pyodide in the mcp-run-python library lacks isolation from the JavaScript environment, enabling attackers to manipulate the JS runtime and hijack MCP server functionality. This allows adversaries to perform malicious operations including tool shadowing and potential server compromise through crafted Python payloads. No patch is available as the project is archived.

Python AI / ML
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

Pydantic-AI's MCP Run Python tool uses an insufficiently restrictive Deno sandbox configuration that permits Python code to access the host's localhost interface, enabling Server-Side Request Forgery (SSRF) attacks. An attacker can exploit this to probe or interact with services running on the local machine that should be isolated from external access. The archived project status means no patch is expected to be released.

Python SSRF AI / ML
NVD
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Path traversal in NiceGUI before 3.7.0 allows remote attackers to write arbitrary files outside intended directories by exploiting unsanitized filename metadata in the FileUpload.name property, potentially leading to remote code execution when developers incorporate this value directly into file paths. Public exploit code exists for this vulnerability, affecting applications using common patterns like concatenating user-supplied filenames with upload directories. Developers are only protected if they use fixed paths, generate filenames server-side, or explicitly sanitize user input.

Python RCE Path Traversal +1
NVD GitHub Exploit-DB VulDB
EPSS 0% CVSS 6.1
MEDIUM POC PATCH This Month

Cross-site scripting in NiceGUI's ui.markdown() component allows unauthenticated attackers to inject malicious HTML and JavaScript into applications that render user-controlled markdown content, as the component lacks built-in sanitization unlike other NiceGUI HTML rendering functions. Public exploit code exists for this vulnerability affecting NiceGUI versions before 3.7.0. Applications using ui.markdown() with untrusted input are vulnerable to session hijacking, credential theft, and other client-side attacks.

Python XSS Nicegui
NVD GitHub
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

EPyT-Flow hydraulic simulation package has a CVSS 10.0 insecure deserialization enabling code execution when loading simulation scenario files.

Python Command Injection Deserialization +1
NVD GitHub VulDB
EPSS 0% CVSS 9.9
CRITICAL POC PATCH Act Now

Microsoft Semantic Kernel SDK has a CVSS 9.9 path traversal vulnerability enabling AI agents to access arbitrary files outside their intended scope.

Microsoft Linux Python +2
NVD GitHub
EPSS 0% CVSS 8.6
HIGH POC PATCH This Week

Pydantic AI versions 0.0.26 through 1.55.x contain a server-side request forgery vulnerability in URL download functionality that allows remote attackers to make arbitrary HTTP requests to internal network resources when applications process untrusted message history. Public exploit code exists for this vulnerability, which could enable attackers to access internal services or cloud credentials. Applications must upgrade to version 1.56.0 or later to remediate the issue.

Python SSRF Pydantic Ai
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Pydantic AI versions 1.34.0 through 1.50.x contain a path traversal vulnerability in the web UI that allows unauthenticated attackers to inject arbitrary JavaScript by manipulating the CDN version parameter in a malicious URL. When a victim visits the crafted link, attacker-controlled code executes in their browser, enabling theft of chat history and other sensitive client-side data. No patch is currently available.

Python Path Traversal Pydantic Ai
NVD GitHub VulDB
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

n8n has a protection mechanism bypass (CVSS 9.9) in the Python sandbox allowing authenticated users to escape code execution restrictions.

Python N8n
NVD GitHub
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Claude Code versions prior to 1.0.111 fail to properly validate trusted domains for WebFetch requests, allowing attackers to register lookalike domains (e.g., modelcontextprotocol.io.example.com) that bypass validation checks. This enables unauthorized automated requests to attacker-controlled servers without user interaction, potentially resulting in sensitive data exfiltration from the user's environment. The vulnerability affects Claude Code's agentic coding functionality and requires upgrading to version 1.0.111 or later to remediate.

Python AI / ML Claude Code
NVD GitHub
EPSS 0% CVSS 8.4
HIGH This Week

Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to deserialize molecule data files without validation. [CVSS 8.4 HIGH]

Python Deserialization Boltz +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation. [CVSS 6.5 MEDIUM]

Python Privilege Escalation Deserialization +2
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

SQL injection in Django's QuerySet.order_by() method allows authenticated attackers to execute arbitrary SQL commands through specially crafted column aliases containing periods when used with FilteredRelation and dictionary expansion. This vulnerability affects Django versions 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28, with potentially older unsupported versions also impacted. Patches are available for all affected versions.

Django SQLi Python
NVD HeroDevs VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

SQL injection via FilteredRelation column aliases in Django 4.2, 5.2, and 6.0 allows authenticated attackers to execute arbitrary SQL queries through crafted dictionary arguments in QuerySet methods like annotate() and aggregate(). An attacker with database access can exploit control characters in alias names to bypass input validation and potentially extract sensitive data or modify database contents. Patches are available for all affected versions, and unsupported Django releases may also be vulnerable.

Django SQLi Python
NVD HeroDevs VulDB
EPSS 5% CVSS 5.4
MEDIUM POC PATCH This Month

SQL injection in Django's PostGIS RasterField lookups allows authenticated attackers to execute arbitrary SQL commands through the band index parameter in affected versions 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Unsupported Django series including 5.0.x, 4.1.x, and 3.2.x may also be vulnerable. A patch is available and authentication is required to exploit this vulnerability.

Django SQLi Python
NVD HeroDevs VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Amazon SageMaker Python SDK versions prior to v2.256.0 or v3.1.1 disable TLS certificate verification when importing Triton Python models, enabling attackers to perform man-in-the-middle attacks by presenting invalid or self-signed certificates. This vulnerability affects organizations using the affected SDK versions for model imports over HTTPS connections. No patch is currently available for this vulnerability.

Python TLS AI / ML
NVD GitHub
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Amazon SageMaker Python SDK versions before 3.2.0 and 2.256.0 expose the ModelBuilder HMAC signing key in cleartext API responses, allowing authenticated users with S3 bucket write access to inject malicious artifacts into training jobs that execute with elevated privileges. An attacker with dual permissions to call the DescribeTrainingJob API and modify the training output S3 location can achieve arbitrary code execution when the compromised job runs. No patch is currently available for this vulnerability.

Python AI / ML
NVD GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions (0o777). [CVSS 7.0 HIGH]

Python RCE
NVD GitHub
EPSS 0% CVSS 9.6
CRITICAL Act Now

Local File Inclusion in parisneo/lollms-webui /reinstall_extension endpoint allows authenticated users to include arbitrary local files. EPSS 0.26%.

Python RCE
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Arbitrary Python code execution in Backstage's @backstage/plugin-techdocs-node (versions < 1.13.11 and = 1.14.0) lets a contributor who can add or edit a repository's mkdocs.yml inject a malicious MkDocs `hooks` directive that runs on the TechDocs build server whenever TechDocs is configured with `runIn: local`. The flaw also affects documentation built in CI/CD via @techdocs/cli, which bundles the same package. EPSS is very low (0.02%, 6th percentile) and there is no public exploit identified at time of analysis, but the CVSS of 8.8 reflects full host compromise of the build environment.

Python Node.js Docker +3
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Remote code execution in AutoGPT Platform prior to v0.6.44 allows authenticated users to execute disabled blocks and write arbitrary Python code to the server filesystem. The vulnerability stems from insufficient validation of the disabled flag in block execution endpoints, enabling attackers to achieve code execution via the BlockInstallationBlock component. Public exploit code exists, and self-hosted instances with Supabase signup enabled are particularly vulnerable to account creation and exploitation.

Python RCE AI / ML +1
NVD GitHub
EPSS 0% CVSS 7.1
HIGH POC PATCH This Week

vLLM before version 0.14.1 contains a server-side request forgery vulnerability in the MediaConnector class where inconsistent URL parsing between libraries allows attackers to bypass host restrictions and force the server to make arbitrary requests to internal network resources. Public exploit code exists for this vulnerability, which poses significant risk in containerized environments where a compromised vLLM instance could be leveraged to access restricted internal systems. The vulnerability affects users running vLLM's multimodal features with untrusted input.

Python SSRF Denial Of Service +2
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

PyTorch is a Python package that provides tensor computation. [CVSS 8.8 HIGH]

Python Pytorch Checkpoint +2
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Pypdf versions up to 6.6.2 is affected by loop with unreachable exit condition (infinite loop) (CVSS 4.3).

Python Pypdf Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

HTTP header injection in the Gakido Python HTTP client prior to version 0.1.1 allows unauthenticated attackers to inject arbitrary headers into requests by embedding CRLF or null byte sequences in user-supplied header values and names. An attacker could leverage this to manipulate HTTP requests and potentially bypass security controls or perform request smuggling attacks. The vulnerability has been patched in version 0.1.1 with header sanitization functions, though no patch is currently available for affected systems.

Python
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Arbitrary file write in python-multipart prior to 0.0.22 lets remote attackers place uploaded files outside the intended upload directory by supplying a filename that begins with an absolute path (e.g. '/etc/...'). The flaw only manifests in deployments that enable the non-default options UPLOAD_DIR plus UPLOAD_KEEP_FILENAME=True, where os.path.join silently discards the configured directory. Publicly available exploit code exists (Exploit-DB 52543, GHSA-wp53-j4wj-2cfg), though EPSS is very low (0.03%, 7th percentile) and it is not in CISA KEV.

Python Path Traversal Python Multipart
NVD GitHub Exploit-DB VulDB
EPSS 0%
NONE PATCH Awaiting Data

sigstore-python is a Python tool for generating and verifying Sigstore signatures. Prior to version 4.2.0, the sigstore-python OAuth authentication flow is susceptible to Cross-Site Request Forgery.

Python CSRF
NVD GitHub
EPSS 0% CVSS 7.4
HIGH PATCH This Week

BentoML versions prior to 1.4.34 allow path traversal attacks through improperly validated file path fields in bentofile.yaml configurations, enabling attackers to embed arbitrary files from the victim's system into bento archives during the build process. This vulnerability can be exploited to exfiltrate sensitive data such as credentials, SSH keys, and environment variables into supply chain artifacts that may be pushed to registries or deployed in production environments. A patch is available in version 1.4.34.

Python Docker Path Traversal +2
NVD GitHub
EPSS 0% CVSS 8.2
HIGH PATCH This Week

A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages.

Google Python Authentication Bypass +1
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Langflow's PythonFunction component allows authenticated attackers with user interaction to inject and execute arbitrary Python code within application workflows, achieving remote code execution. The vulnerability affects Langflow deployments using Python-based AI/ML components, with exploitation feasibility depending on specific product configurations. No patch is currently available.

Python RCE Code Injection +2
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Langflow has an eval injection in eval_custom_component_code (EPSS 2.0%) enabling remote code execution through crafted custom component definitions.

Python RCE AI / ML +1
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Langflow has a code injection vulnerability in the code component (EPSS 2.6%) enabling remote code execution through the visual AI workflow builder.

Python RCE Code Injection +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Remote code execution in Open WebUI through the load_tool_module_by_id function allows authenticated attackers to execute arbitrary Python code due to insufficient input validation on user-supplied strings. An attacker with valid credentials can leverage this vulnerability to achieve code execution with service account privileges. No patch is currently available, making this a critical risk for deployed Open WebUI instances.

Python RCE Command Injection +2
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

MetaGPT has a code injection vulnerability in actionoutput_str_to_mapping (EPSS 2.6%) allowing remote attackers to execute arbitrary code through crafted AI agent output processing.

Python RCE Code Injection +2
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Moonraker versions 0.9.3 and below with LDAP authentication enabled are susceptible to LDAP injection attacks through the login endpoint, enabling attackers to enumerate valid user IDs and attributes via response analysis. An unauthenticated remote attacker can exploit this vulnerability to discover LDAP directory information without requiring valid credentials. A patch is available in version 0.10.0 and later.

Python LDAP Moonraker
NVD GitHub
EPSS 0%
This Week

MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle.

macOS Python
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Malicious wheel files can modify file permissions on critical system files during extraction in Python wheel versions 0.40.0-0.46.1, enabling attackers to alter SSH keys, configuration files, or executable scripts. This path traversal and permission manipulation flaw affects systems unpacking untrusted wheels and can lead to privilege escalation or arbitrary code execution. Public exploit code exists for this vulnerability, though a patch is available in version 0.46.2.

Python Privilege Escalation Wheel +2
NVD GitHub VulDB
EPSS 0% CVSS 9.0
CRITICAL PATCH Act Now

Grist spreadsheet software has an injection vulnerability in Python formula execution that allows authenticated users to escape the formula sandbox and execute arbitrary code.

Python AI / ML Grist Core
NVD GitHub
Prev Page 10 of 25 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy