Recent vulnerabilities
Recent vulnerabilities from
Select from 70 available sources using the dropdown above.
| ID | Severity | Description | Package | Published | Updated |
|---|---|---|---|---|---|
| pysec-2026-210 |
7.5 (3.1)
|
SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects an… | sqlfluff | 2026-06-09T23:16:59.313Z | 2026-06-13T09:38:42.414489Z |
| pysec-2026-209 |
7.5 (3.1)
|
SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects an… | sqlfluff | 2026-06-09T23:16:59.167Z | 2026-06-13T09:38:42.362943Z |
| pysec-2026-207 |
|
`durabletask` versions 1.4.1, 1.4.2, and 1.4.3 were published on 2026-05-19 within a 35-m… | durabletask | 2026-06-09T19:34:23Z | |
| pysec-2026-208 |
6.5 (3.1)
|
The Apache Airflow Samba provider's `GCSToSambaOperator` joined GCS object names to the S… | apache-airflow-providers-samba | 2026-06-09T09:16:30.443Z | 2026-06-13T09:37:37.959463Z |
| pysec-2026-206 |
9.6 (3.1)
|
Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at … | guardrails-ai | 2026-06-05T20:17:32.357Z | 2026-06-09T10:40:25.273181Z |
| pysec-2026-195 |
1.1 (4.0)
|
A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data… | mlflow | 2026-06-04T12:16:24.440Z | 2026-06-05T10:22:43.284691Z |
| pysec-2026-201 |
5.3 (3.1)
|
An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.middlew… | django | 2026-06-03T14:16:47.650Z | 2026-06-06T09:31:27.759745Z |
| pysec-2026-200 |
2.3 (4.0)
|
An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. `django.core.ma… | django | 2026-06-03T14:16:47.087Z | 2026-06-06T09:31:27.551806Z |
| pysec-2026-199 |
4.3 (3.1)
|
An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. `django.http.Ht… | django | 2026-06-03T14:16:46.483Z | 2026-06-06T09:31:27.325350Z |
| pysec-2026-198 |
5.3 (3.1)
|
An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.utils.c… | django | 2026-06-03T14:16:44.983Z | 2026-06-06T09:31:27.147158Z |
| pysec-2026-197 |
2.3 (4.0)
|
An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.middlew… | django | 2026-06-03T14:16:41.247Z | 2026-06-06T09:31:26.956057Z |
| pysec-2026-203 |
6.1 (3.1)
|
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and o… | pycti | 2026-06-02T22:16:16.727Z | 2026-06-06T09:31:54.080036Z |
| pysec-2026-196 |
5.5 (3.1)
|
pip would treat console_scripts and gui_scripts as paths instead of file names without sa… | pip | 2026-06-01T17:17:35.770Z | 2026-06-05T10:22:47.002500Z |
| pysec-2026-187 |
6.5 (3.1)
|
A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens … | apache-airflow | 2026-06-01T09:16:20.187Z | 2026-06-03T10:54:36.532595Z |
| pysec-2026-174 |
3.1 (3.1)
|
Exploitation requires the attacker to already be an authenticated Airflow worker holding … | apache-airflow | 2026-06-01T09:16:19.583Z | 2026-06-02T10:33:39.263217Z |
| pysec-2026-186 |
7.3 (3.1)
|
Apache Airflow's scheduler-side deadline-reference decoder (`SerializedCustomReference.de… | apache-airflow | 2026-06-01T09:16:19.480Z | 2026-06-03T10:54:36.471897Z |
| pysec-2026-172 |
6.5 (3.1)
|
A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key ma… | apache-airflow | 2026-06-01T09:16:19.033Z | 2026-06-02T10:33:38.991817Z |
| pysec-2026-185 |
8.8 (3.1)
|
A bug in Apache Airflow's XCom PATCH endpoint `PATCH /api/v2/xcomEntries/{key}` allowed a… | apache-airflow | 2026-06-01T09:16:18.907Z | 2026-06-03T10:54:36.415081Z |
| pysec-2026-184 |
9.1 (3.1)
|
Apache Airflow's official documentation at `core-concepts/dag-run.html` ("Passing Paramet… | apache-airflow | 2026-06-01T09:16:18.560Z | 2026-06-03T10:54:36.359072Z |
| pysec-2026-183 |
7.5 (3.1)
|
A bug in Apache Airflow's bulk Task Instances API (`PATCH/DELETE /api/v2/dags/{dag_id}/da… | apache-airflow | 2026-06-01T09:16:18.453Z | 2026-06-03T10:54:36.305146Z |
| pysec-2026-171 |
5.9 (3.1)
|
Apache Airflow's `JWTRefreshMiddleware` set the JWT auth cookie without the `Secure` flag… | apache-airflow | 2026-06-01T09:16:18.343Z | 2026-06-02T10:33:38.862191Z |
| pysec-2026-182 |
4.3 (3.1)
|
The partitioned_dag_runs endpoints in the Airflow UI enforced only asset-level access con… | apache-airflow | 2026-06-01T09:16:18.230Z | 2026-06-03T10:54:36.252940Z |
| pysec-2026-181 |
6.5 (3.1)
|
A Dag author could either (a) create a symlink under their task's log directory pointing … | apache-airflow | 2026-06-01T09:16:17.893Z | 2026-06-03T10:54:36.197008Z |
| pysec-2026-173 |
6.5 (3.1)
|
A bug in the GET `/api/v2/connections/{connection_id}` REST API endpoint in Apache Airflo… | apache-airflow | 2026-06-01T08:16:20.567Z | 2026-06-02T10:33:39.129557Z |
| pysec-2026-191 |
5.5 (3.1)
|
Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, local authe… | matrix-synapse | 2026-05-28T17:16:31.750Z | 2026-06-03T10:54:47.970200Z |
| pysec-2026-194 |
2.7 (3.1)
|
Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federate… | matrix-synapse | 2026-05-28T17:16:31.590Z | 2026-06-05T10:22:40.838242Z |
| pysec-2026-179 |
7.4 (3.1)
|
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is… | pyjwt | 2026-05-28T16:16:29.657Z | 2026-06-02T10:34:21.268376Z |
| pysec-2026-178 |
5.3 (3.1)
|
PyJWT is a JSON Web Token implementation in Python. From 2.8.0 to 2.12.1, when verifying … | pyjwt | 2026-05-28T16:16:29.533Z | 2026-06-02T10:34:21.164106Z |
| pysec-2026-177 |
3.7 (3.1)
|
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.get_sign… | pyjwt | 2026-05-28T16:16:29.403Z | 2026-06-02T10:34:21.056558Z |
| pysec-2026-176 |
5.4 (3.1)
|
PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a veri… | pyjwt | 2026-05-28T16:16:29.280Z | 2026-06-02T10:34:20.952243Z |