Vulnerabilities

Recent vulnerabilities

Recent vulnerabilities from 🏠GNA-1 (CIRCL)
Select from 78 available sources using the dropdown above.

PySec 🐍

Recent vulnerabilities · 2783 entries
ID Severity Description Package Published Updated
pysec-2026-99
10.0 (3.1)
NLTK versions <=3.9.2 are vulnerable to arbitrary code execution due to improper input va… nltk 2026-03-05T21:16:14.263Z 2026-05-20T09:19:09.284207Z
pysec-2026-96
10.0 (3.1)
A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting … nltk 2026-02-18T18:24:19.410Z 2026-05-20T09:19:09.128608Z
pysec-2026-560
10.0 (3.1)
## Summary The `_substitute_utcp_args` method in `cli_communication_protocol.py` inserts… utcp-cli 2026-06-29T11:50:49.296555Z 2026-07-01T20:23:10.958711Z
pysec-2026-551
10.0 (3.1)
A command injection vulnerability in the execute_command function of terminal-controller-… terminal-controller 2026-06-29T11:50:51.891261Z 2026-07-01T20:23:10.079817Z
pysec-2026-543
10.0 (3.1)
Hugging Face smolagents Remote Python Executor Deserialization of Untrusted Data Remote C… smolagents 2026-06-29T11:50:38.792590Z 2026-07-01T20:23:05.184038Z
pysec-2026-512
10.0 (3.1)
The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers … radicale 2026-06-29T11:50:32.382591Z 2026-07-01T20:23:03.510449Z
pysec-2026-484
10.0 (3.1)
### Summary `execute_code()` in `praisonai-agents` runs attacker-controlled Python insid… praisonaiagents 2026-06-29T11:50:48.390200Z 2026-07-01T20:23:01.886289Z
pysec-2026-456
10.0 (3.1)
## Summary `pkgutil.resolve_name()` is a Python stdlib function that resolves any `"modu… picklescan 2026-06-29T11:50:44.845189Z 2026-07-01T20:23:00.003107Z
pysec-2026-423
10.0 (3.1)
A command injection vulnerability exists in MLflow's model serving container initializati… mlflow 2026-06-29T11:50:45.390530Z 2026-07-01T20:22:58.350388Z
pysec-2026-420
10.0 (3.1)
MLflow allowed arbitrary files to be PUT onto the server. mlflow 2026-06-29T11:50:43.209628Z 2026-07-01T20:22:58.313071Z
pysec-2026-417
10.0 (3.1)
The mlflow web server includes tools for tracking experiments, packaging code into reprod… mlflow 2026-06-29T11:50:43.022632Z 2026-07-01T20:22:58.282280Z
pysec-2026-411
10.0 (3.1)
#### Summary A Path Traversal vulnerability allows any user (or attacker) supplying an un… mesop 2026-06-29T11:50:44.967175Z 2026-07-01T20:22:57.656652Z
pysec-2026-410
10.0 (3.1)
## Resolution Fixed in [v3.1.0](https://github.com/startreedata/mcp-pinot/releases/tag/v… mcp-pinot-server 2026-06-29T11:50:52.123329Z 2026-07-01T20:22:57.505231Z
pysec-2026-398
10.0 (3.1)
A vulnerability in the FinanceChatLlamaPack of the llama-index-packs-finchat package, ver… llama-index-packs-finchat 2026-06-29T11:50:35.108513Z 2026-07-01T20:22:56.502059Z
pysec-2026-364
10.0 (4.0)
### Summary The environment variables (`KERNEL_XXX`) used during the rendering of the Ku… jupyter-enterprise-gateway 2026-06-29T11:50:52.903440Z 2026-07-01T20:22:54.829379Z
pysec-2026-362
10.0 (4.0)
### Summary The environment variables used during the rendering of the Kubernetes manife… jupyter-enterprise-gateway 2026-06-29T11:50:52.747336Z 2026-07-01T20:22:54.803627Z
pysec-2026-338
10.0 (3.1)
10.0 (4.0)
## Technical Description The `OpenAPIProvider` in FastMCP exposes internal APIs to MCP c… fastmcp 2026-06-29T11:50:45.183289Z 2026-07-01T20:22:52.844800Z
pysec-2026-330
10.0 (3.1)
### Impact EPyT-Flow’s REST API parses attacker-controlled JSON request bodies using a cu… epyt-flow 2026-06-29T11:50:50.959788Z 2026-07-01T20:22:52.406443Z
pysec-2026-33
10.0 (3.1)
Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Doc… crawl4ai 2026-02-12T16:16:17.447Z 2026-05-20T09:18:55.751893Z
pysec-2026-327
10.0 (4.0)
### Summary [Python class pollution](https://blog.abdulrah33m.com/prototype-pollution-in-… deepdiff 2026-06-29T11:50:37.443319Z 2026-07-01T20:22:51.022251Z
pysec-2026-310
10.0 (3.1)
### Summary A Server Side Template Injection in changedetection.io caused by usage of uns… changedetection-io 2026-06-29T11:50:40.769702Z 2026-07-01T20:22:50.314743Z
pysec-2026-299
10.0 (3.1)
#### Summary Boxlite is a sandbox service that allows users to create lightweight virtua… boxlite 2026-06-29T11:50:48.664381Z 2026-07-01T20:22:50.017812Z
pysec-2025-70
10.0 (3.1)
A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit componen… langchain-community 2025-06-23T21:15:25+00:00 2025-07-16T21:23:40.211079+00:00
pysec-2023-308
10.0 (3.1)
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0. mlflow 2023-07-19T01:15:10+00:00 2025-04-09T17:27:26.223213+00:00
pysec-2026-82
9.9 (3.1)
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to v… langflow 2026-03-27T21:17:23.953Z 2026-05-20T09:19:04.693650Z
pysec-2026-79
9.9 (3.1)
Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1… langflow 2026-03-24T13:16:02.983Z 2026-05-20T09:19:04.514929Z
pysec-2026-6
9.9 (3.1)
Agenta is an open-source LLMOps platform. In Agenta-API prior to version 0.48.1, a Python… agenta 2026-02-26T02:16:22.940Z 2026-05-20T09:18:50.937531Z
pysec-2026-577
9.9 (4.0)
## Summary Alice exposes a Python SDK `ProxyShare` with a fixed target URL. Bob sends a … zrok 2026-06-29T11:50:50.353793Z 2026-07-01T20:23:12.283893Z
pysec-2026-574
9.9 (3.1)
### Summary The `reset_user_password` and `gym_permissions_user_edit` views in wger perf… wger 2026-06-29T11:50:48.728363Z 2026-07-01T20:23:12.000871Z
pysec-2026-542
9.9 (3.1)
A sandbox escape vulnerability was identified in huggingface/smolagents version 1.14.0, a… smolagents 2026-06-29T11:50:37.329072Z 2026-07-01T20:23:05.176528Z