Vulnerabilities
Recent vulnerabilities
Recent vulnerabilities from
🏠GNA-1 (CIRCL)
Select from 78 available sources using the dropdown above.
| ID | Severity | Description | Package | Published | Updated |
|---|---|---|---|---|---|
| pysec-2026-99 |
10.0 (3.1)
|
NLTK versions <=3.9.2 are vulnerable to arbitrary code execution due to improper input va… | nltk | 2026-03-05T21:16:14.263Z | 2026-05-20T09:19:09.284207Z |
| pysec-2026-96 |
10.0 (3.1)
|
A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting … | nltk | 2026-02-18T18:24:19.410Z | 2026-05-20T09:19:09.128608Z |
| pysec-2026-560 |
10.0 (3.1)
|
## Summary The `_substitute_utcp_args` method in `cli_communication_protocol.py` inserts… | utcp-cli | 2026-06-29T11:50:49.296555Z | 2026-07-01T20:23:10.958711Z |
| pysec-2026-551 |
10.0 (3.1)
|
A command injection vulnerability in the execute_command function of terminal-controller-… | terminal-controller | 2026-06-29T11:50:51.891261Z | 2026-07-01T20:23:10.079817Z |
| pysec-2026-543 |
10.0 (3.1)
|
Hugging Face smolagents Remote Python Executor Deserialization of Untrusted Data Remote C… | smolagents | 2026-06-29T11:50:38.792590Z | 2026-07-01T20:23:05.184038Z |
| pysec-2026-512 |
10.0 (3.1)
|
The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers … | radicale | 2026-06-29T11:50:32.382591Z | 2026-07-01T20:23:03.510449Z |
| pysec-2026-484 |
10.0 (3.1)
|
### Summary `execute_code()` in `praisonai-agents` runs attacker-controlled Python insid… | praisonaiagents | 2026-06-29T11:50:48.390200Z | 2026-07-01T20:23:01.886289Z |
| pysec-2026-456 |
10.0 (3.1)
|
## Summary `pkgutil.resolve_name()` is a Python stdlib function that resolves any `"modu… | picklescan | 2026-06-29T11:50:44.845189Z | 2026-07-01T20:23:00.003107Z |
| pysec-2026-423 |
10.0 (3.1)
|
A command injection vulnerability exists in MLflow's model serving container initializati… | mlflow | 2026-06-29T11:50:45.390530Z | 2026-07-01T20:22:58.350388Z |
| pysec-2026-420 |
10.0 (3.1)
|
MLflow allowed arbitrary files to be PUT onto the server. | mlflow | 2026-06-29T11:50:43.209628Z | 2026-07-01T20:22:58.313071Z |
| pysec-2026-417 |
10.0 (3.1)
|
The mlflow web server includes tools for tracking experiments, packaging code into reprod… | mlflow | 2026-06-29T11:50:43.022632Z | 2026-07-01T20:22:58.282280Z |
| pysec-2026-411 |
10.0 (3.1)
|
#### Summary A Path Traversal vulnerability allows any user (or attacker) supplying an un… | mesop | 2026-06-29T11:50:44.967175Z | 2026-07-01T20:22:57.656652Z |
| pysec-2026-410 |
10.0 (3.1)
|
## Resolution Fixed in [v3.1.0](https://github.com/startreedata/mcp-pinot/releases/tag/v… | mcp-pinot-server | 2026-06-29T11:50:52.123329Z | 2026-07-01T20:22:57.505231Z |
| pysec-2026-398 |
10.0 (3.1)
|
A vulnerability in the FinanceChatLlamaPack of the llama-index-packs-finchat package, ver… | llama-index-packs-finchat | 2026-06-29T11:50:35.108513Z | 2026-07-01T20:22:56.502059Z |
| pysec-2026-364 |
10.0 (4.0)
|
### Summary The environment variables (`KERNEL_XXX`) used during the rendering of the Ku… | jupyter-enterprise-gateway | 2026-06-29T11:50:52.903440Z | 2026-07-01T20:22:54.829379Z |
| pysec-2026-362 |
10.0 (4.0)
|
### Summary The environment variables used during the rendering of the Kubernetes manife… | jupyter-enterprise-gateway | 2026-06-29T11:50:52.747336Z | 2026-07-01T20:22:54.803627Z |
| pysec-2026-338 |
10.0 (3.1)
10.0 (4.0)
|
## Technical Description The `OpenAPIProvider` in FastMCP exposes internal APIs to MCP c… | fastmcp | 2026-06-29T11:50:45.183289Z | 2026-07-01T20:22:52.844800Z |
| pysec-2026-330 |
10.0 (3.1)
|
### Impact EPyT-Flow’s REST API parses attacker-controlled JSON request bodies using a cu… | epyt-flow | 2026-06-29T11:50:50.959788Z | 2026-07-01T20:22:52.406443Z |
| pysec-2026-33 |
10.0 (3.1)
|
Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Doc… | crawl4ai | 2026-02-12T16:16:17.447Z | 2026-05-20T09:18:55.751893Z |
| pysec-2026-327 |
10.0 (4.0)
|
### Summary [Python class pollution](https://blog.abdulrah33m.com/prototype-pollution-in-… | deepdiff | 2026-06-29T11:50:37.443319Z | 2026-07-01T20:22:51.022251Z |
| pysec-2026-310 |
10.0 (3.1)
|
### Summary A Server Side Template Injection in changedetection.io caused by usage of uns… | changedetection-io | 2026-06-29T11:50:40.769702Z | 2026-07-01T20:22:50.314743Z |
| pysec-2026-299 |
10.0 (3.1)
|
#### Summary Boxlite is a sandbox service that allows users to create lightweight virtua… | boxlite | 2026-06-29T11:50:48.664381Z | 2026-07-01T20:22:50.017812Z |
| pysec-2025-70 |
10.0 (3.1)
|
A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit componen… | langchain-community | 2025-06-23T21:15:25+00:00 | 2025-07-16T21:23:40.211079+00:00 |
| pysec-2023-308 |
10.0 (3.1)
|
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0. | mlflow | 2023-07-19T01:15:10+00:00 | 2025-04-09T17:27:26.223213+00:00 |
| pysec-2026-82 |
9.9 (3.1)
|
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to v… | langflow | 2026-03-27T21:17:23.953Z | 2026-05-20T09:19:04.693650Z |
| pysec-2026-79 |
9.9 (3.1)
|
Langflow is a tool for building and deploying AI-powered agents and workflows. Versions 1… | langflow | 2026-03-24T13:16:02.983Z | 2026-05-20T09:19:04.514929Z |
| pysec-2026-6 |
9.9 (3.1)
|
Agenta is an open-source LLMOps platform. In Agenta-API prior to version 0.48.1, a Python… | agenta | 2026-02-26T02:16:22.940Z | 2026-05-20T09:18:50.937531Z |
| pysec-2026-577 |
9.9 (4.0)
|
## Summary Alice exposes a Python SDK `ProxyShare` with a fixed target URL. Bob sends a … | zrok | 2026-06-29T11:50:50.353793Z | 2026-07-01T20:23:12.283893Z |
| pysec-2026-574 |
9.9 (3.1)
|
### Summary The `reset_user_password` and `gym_permissions_user_edit` views in wger perf… | wger | 2026-06-29T11:50:48.728363Z | 2026-07-01T20:23:12.000871Z |
| pysec-2026-542 |
9.9 (3.1)
|
A sandbox escape vulnerability was identified in huggingface/smolagents version 1.14.0, a… | smolagents | 2026-06-29T11:50:37.329072Z | 2026-07-01T20:23:05.176528Z |