Recent vulnerabilities
Recent vulnerabilities from
Select from 70 available sources using the dropdown above.
| ID | Severity | Description | Package | Published | Updated |
|---|---|---|---|---|---|
| pysec-2026-4 |
5.3 (3.1)
|
A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is … | gdal | 2026-05-09T23:16:33.113Z | 2026-05-13T15:31:52.070Z |
| pysec-2017-151 |
9.8 (3.1)
|
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.1… | salt | 2017-08-23T14:29:00.283Z | 2026-05-13T00:24:29.033Z |
| pysec-2017-150 |
8.8 (3.1)
|
protobuf allows remote authenticated attackers to cause a heap-based buffer overflow. | protobuf | 2017-09-25T17:29:00.397Z | 2026-05-13T00:24:29.033Z |
| pysec-2017-149 |
8.8 (3.1)
|
Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arb… | bzr | 2017-11-27T10:29:00.207Z | 2026-05-13T00:24:29.033Z |
| pysec-2025-52 |
|
gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation. | mlflow | 2025-06-23T15:15:29Z | 2026-05-12T09:14:03.704411Z |
| pysec-2014-117 |
|
The parser cache functionality in parsergenerator.py in RPLY (aka python-rply) before 0.7… | rply | 2014-01-28T00:55:04.037Z | 2026-04-29T01:13:23.040Z |
| pysec-2012-42 |
|
OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM b… | nova | 2012-12-26T22:55:03.783Z | 2026-04-29T01:13:23.040Z |
| pysec-2011-31 |
|
Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.… | django | 2011-02-14T21:00:03.273Z | 2026-04-29T01:13:23.040Z |
| pysec-2011-30 |
|
Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests… | django | 2011-02-14T21:00:03.210Z | 2026-04-29T01:13:23.040Z |
| pysec-2011-29 |
|
The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x bef… | django | 2011-01-10T20:00:16.937Z | 2026-04-29T01:13:23.040Z |
| pysec-2011-28 |
|
The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before… | django | 2011-01-10T20:00:16.877Z | 2026-04-29T01:13:23.040Z |
| pysec-2010-33 |
|
ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows remote attackers to… | zope | 2010-09-08T20:00:04.573Z | 2026-04-29T01:13:23.040Z |
| pysec-2024-85 |
7.5 (3.1)
|
Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsD… | mindsdb | 2024-09-12T13:15:00Z | 2026-04-23T07:43:20.598639Z |
| pysec-2024-84 |
7.5 (3.1)
|
Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsD… | mindsdb | 2024-09-12T13:15:00Z | 2026-04-23T07:43:20.526718Z |
| pysec-2024-83 |
7.5 (3.1)
|
Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsD… | mindsdb | 2024-09-12T13:15:00Z | 2026-04-23T07:43:20.456202Z |
| pysec-2024-82 |
8.8 (3.1)
|
Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB… | mindsdb | 2024-09-12T13:15:00Z | 2026-04-23T07:43:20.386659Z |
| pysec-2023-278 |
5.3 (3.1)
|
MindsDB connects artificial intelligence models to real time data. Versions prior to 23.1… | mindsdb | 2023-12-11T21:15:00Z | 2026-04-23T07:43:20.300009Z |
| pysec-2025-77 |
8.2 (3.1)
|
A vulnerability has been identified in keylime where an attacker can exploit this flaw by… | keylime | 2025-11-24T18:15:49.830Z | 2026-04-15T00:35:42.020Z |
| pysec-2025-73 |
2.7 (4.0)
|
Datasette is an open source multi-tool for exploring and publishing data. In versions 0.6… | datasette | 2025-11-07T21:15:42.010Z | 2026-04-15T00:35:42.020Z |
| pysec-2026-3 |
|
After an API token exposure from an exploited Trivy dependency, two new releases of `teln… | telnyx | 2026-03-27T14:53:14Z | |
| pysec-2026-2 |
|
After an API Token exposure from an exploited Trivy dependency, two new releases of `lite… | litellm | 2026-03-24T15:35:32Z | |
| pysec-2023-121 |
|
A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as a… | zstd | 2023-03-31T20:15:00+00:00 | 2026-02-25T19:20:58+00:00 |
| pysec-2026-1 |
|
A PyPI user account compromised by an attacker and was able to upload a malicious version… | dydx-v4-client | 2026-01-28T21:09:02+00:00 | |
| pysec-2025-78 |
8.8 (3.1)
|
Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables … | langflow | 2025-12-05T23:15:47.433Z | 2026-01-16T21:17:02.097Z |
| pysec-2020-220 |
|
A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage coll… | ansible | 2020-10-05T14:15:00Z | 2025-10-31T04:43:53.616247Z |
| pysec-2025-76 |
7.3 (3.1)
|
The Keras Model.load_model method can be exploited to achieve arbitrary code execution, e… | keras | 2025-09-19T09:15:36.353Z | 2025-09-23T16:53:28.170Z |
| pysec-2025-79 |
7.1 (3.1)
|
Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nauto… | nautobot | 2025-06-10T16:15:42.293Z | 2025-08-21T22:36:18.030Z |
| pysec-2025-74 |
7.1 (3.1)
|
Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nauto… | jinja2 | 2025-06-10T16:15:42.293Z | 2025-08-21T22:36:18.030Z |
| pysec-2025-75 |
7.8 (3.1)
|
A safe mode bypass vulnerability in the `Model.load_model` method in Keras versions 3.0.0… | keras | 2025-08-11T08:15:26.507Z | 2025-08-14T16:24:41.287Z |
| pysec-2025-72 |
|
The `num2words` project was compromised via a phishing attack and two new versions were u… | num2words | 2025-07-31T14:34:47+00:00 |