Vulnerabilities
Recent vulnerabilities
Recent vulnerabilities from
🏠GNA-1 (CIRCL)
Select from 78 available sources using the dropdown above.
| ID | Severity | Description | Package | Published | Updated |
|---|---|---|---|---|---|
| pysec-2026-2030 |
5.1 (4.0)
|
### Impact Due to a missing permission check on the preview endpoints, a user with access… | wagtail | 2026-07-07T16:42:05.813187Z | 2026-07-07T17:25:48.981556Z |
| pysec-2026-1224 |
8.4 (3.1)
|
Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading fu… | boltz | 2026-07-07T16:42:05.657818Z | 2026-07-07T17:23:51.799657Z |
| pysec-2026-1888 |
7.2 (3.1)
8.7 (4.0)
|
### Summary SageMaker Python SDK is an open source library for training and deploying ma… | sagemaker | 2026-07-07T16:42:05.574892Z | 2026-07-07T17:25:19.561157Z |
| pysec-2026-1886 |
5.9 (3.1)
8.7 (4.0)
|
### Summary SageMaker Python SDK is an open source library for training and deploying mac… | sagemaker | 2026-07-07T16:42:05.484460Z | 2026-07-07T17:25:19.341097Z |
| pysec-2026-1789 |
8.9 (4.0)
|
### Summary An unsafe deserialization vulnerability allows any unauthenticated user to e… | picklescan | 2026-07-07T16:42:05.209907Z | 2026-07-07T17:25:02.512311Z |
| pysec-2026-1491 |
5.4 (3.1)
|
### Summary An IDOR in the Notion OAuth callback allows an attacker to hijack any user's … | khoj | 2026-07-07T16:36:56.149951Z | 2026-07-07T17:24:25.678066Z |
| pysec-2026-1796 |
2.0 (4.0)
|
When pip is installing and extracting a maliciously crafted wheel archive, files may be e… | pip | 2026-07-07T16:36:56.040886Z | 2026-07-07T17:25:03.454323Z |
| pysec-2026-1075 |
|
Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08, maliciou… | tiktoken-mcp | 2026-07-07T16:26:46Z | 2026-07-07T16:26:46Z |
| pysec-2026-1074 |
|
Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08, maliciou… | ray-mcp-server | 2026-07-07T16:19:27Z | 2026-07-07T16:19:27Z |
| pysec-2026-1073 |
|
Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08, maliciou… | orchestr8-platform | 2026-07-07T16:16:21Z | 2026-07-07T16:16:21Z |
| pysec-2026-1072 |
|
Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08, maliciou… | openai-mcp | 2026-07-07T16:12:30Z | 2026-07-07T16:12:30Z |
| pysec-2026-1071 |
|
Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08, maliciou… | mem8 | 2026-07-07T16:09:47Z | 2026-07-07T16:09:47Z |
| pysec-2026-1070 |
|
Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08, maliciou… | langchain-core-mcp | 2026-07-07T16:04:20Z | 2026-07-07T16:04:20Z |
| pysec-2026-1965 |
7.5 (3.1)
|
A vulnerability in huggingface/text-generation-inference version 3.3.6 allows unauthentic… | text-generation | 2026-07-07T16:03:21.466506Z | 2026-07-07T17:25:41.621325Z |
| pysec-2026-1639 |
7.0 (3.1)
|
In mlflow version 2.20.3, the temporary directory used for creating Python virtual enviro… | mlflow | 2026-07-07T16:03:21.413817Z | 2026-07-07T17:24:41.914330Z |
| pysec-2026-1560 |
5.3 (3.1)
|
The `SimpleDirectoryReader` component in `llama_index.core` version 0.12.23 suffers from … | llama-index-core | 2026-07-07T16:03:21.353538Z | 2026-07-07T17:24:33.333405Z |
| pysec-2026-1586 |
8.2 (3.1)
|
A vulnerability in the `lollms_generation_events.py` component of parisneo/lollms version… | lollms | 2026-07-07T16:03:21.287571Z | 2026-07-07T17:24:35.833438Z |
| pysec-2026-1894 |
7.8 (3.1)
7.3 (4.0)
|
Salt's junos execution module contained an unsafe YAML decode/load usage. A specially cra… | salt | 2026-07-07T16:03:21.219152Z | 2026-07-07T17:25:20.589148Z |
| pysec-2026-1902 |
6.2 (3.1)
7.5 (4.0)
|
Salt contains an authentication protocol version downgrade weakness that can allow a mali… | salt | 2026-07-07T16:03:21.156662Z | 2026-07-07T17:25:21.300231Z |
| pysec-2026-1572 |
3.2 (3.1)
|
Llama Stack (aka llama-stack) before 0.4.0rc3 does not censor the pgvector password in th… | llama-stack | 2026-07-07T16:03:21.074750Z | 2026-07-07T17:24:34.683728Z |
| pysec-2026-1294 |
7.5 (3.1)
8.7 (4.0)
|
### Summary The compressed data parser uses `zlib.decompress()` without a maximum output … | dfir-unfurl | 2026-07-07T16:03:21.008991Z | 2026-07-07T17:24:00.300957Z |
| pysec-2026-1078 |
8.6 (4.0)
|
### Summary AutoGPT Platform's block execution endpoints (both main web API and external… | agpt | 2026-07-07T16:03:20.951862Z | 2026-07-07T17:23:33.464384Z |
| pysec-2026-2020 |
7.1 (3.1)
|
### Summary A Server-Side Request Forgery (SSRF) vulnerability exists in the `MediaConnec… | vllm | 2026-07-07T16:03:20.898386Z | 2026-07-07T17:25:47.810776Z |
| pysec-2026-1856 |
8.8 (3.1)
|
### Summary A vulnerability in PyTorch's `weights_only` unpickler allows an attacker to … | pytorch | 2026-07-07T16:03:20.837738Z | 2026-07-07T17:25:15.153263Z |
| pysec-2026-1716 |
5.9 (3.1)
6.0 (4.0)
|
### Impact OctoPrint versions up to and including 1.11.5 are affected by a (theoretical)… | octoprint | 2026-07-07T16:03:20.785868Z | 2026-07-07T17:24:53.289854Z |
| pysec-2026-1193 |
5.3 (4.0)
|
All versions of askbot before and including 0.12.2 allow an attacker authenticated with n… | askbot | 2026-07-07T16:03:20.731805Z | 2026-07-07T17:23:47.347558Z |
| pysec-2026-1827 |
5.1 (4.0)
|
### Impact An attacker who uses this vulnerability can craft a PDF which leads to an inf… | pypdf | 2026-07-07T16:03:20.675725Z | 2026-07-07T17:25:12.724293Z |
| pysec-2026-1668 |
8.1 (3.1)
|
### Summary A Stored Cross-site Scripting (XSS) vulnerability in MobSF's Android manifest… | mobsf | 2026-07-07T16:03:20.612144Z | 2026-07-07T17:24:44.561173Z |
| pysec-2026-1400 |
5.3 (3.1)
|
A vulnerability was discovered in Gakido that allowed HTTP Header Injection through CRLF … | gakido | 2026-07-07T16:03:20.559426Z | 2026-07-07T17:24:11.115334Z |
| pysec-2026-1852 |
8.6 (3.1)
|
### Summary A Path Traversal vulnerability exists when using non-default configuration o… | python-multipart | 2026-07-07T16:03:20.509610Z | 2026-07-07T17:25:14.687761Z |