Recent vulnerabilities
Recent vulnerabilities from
Select from 70 available sources using the dropdown above.
| ID | Severity | Description | Package | Published | Updated |
|---|---|---|---|---|---|
| pysec-2026-207 |
|
`durabletask` versions 1.4.1, 1.4.2, and 1.4.3 were published on 2026-05-19 within a 35-m… | durabletask | 2026-06-09T19:34:23Z | |
| pysec-2019-123 |
|
SQLAlchemy before 1.3.0b3 allows SQL Injection via the order_by parameter. The fix (commi… | sqlalchemy | 2019-02-20T00:29:00Z | 2026-06-09T16:59:10.953350Z |
| pysec-2026-206 |
9.6 (3.1)
|
Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at … | guardrails-ai | 2026-06-05T20:17:32.357Z | 2026-06-09T10:40:25.273181Z |
| pysec-2026-205 |
7.5 (3.1)
|
An issue was discovered in OpenStack ironic-python-agent 1.0.0 through 11.5.0. Ironic Pyt… | ironic-python-agent | 2026-05-01T09:16:17.440Z | 2026-06-08T12:31:44.732269Z |
| pysec-2023-72 |
|
** UNSUPPORTED WHEN ASSIGNED ** The Apache Spark UI offers the possibility to enable ACLs… | pyspark | 2023-05-02T09:15:00Z | 2026-06-08T10:06:18.030132Z |
| pysec-2022-42972 |
|
Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Ser… | apache-iotdb | 2022-10-26T16:15:00Z | 2026-06-08T10:05:39.223451Z |
| pysec-2026-204 |
8.3 (3.1)
|
A critical security vulnerability in parisneo/lollms versions up to 2.2.0 allows any auth… | lollms | 2026-03-29T18:16:14.460Z | 2026-06-06T19:12:55.895665Z |
| pysec-2026-203 |
6.1 (3.1)
|
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and o… | pycti | 2026-06-02T22:16:16.727Z | 2026-06-06T09:31:54.080036Z |
| pysec-2026-202 |
5.3 (3.1)
|
An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0… | keystone | 2026-04-10T03:16:02.723Z | 2026-06-06T09:31:39.395371Z |
| pysec-2026-201 |
5.3 (3.1)
|
An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.middlew… | django | 2026-06-03T14:16:47.650Z | 2026-06-06T09:31:27.759745Z |
| pysec-2026-200 |
2.3 (4.0)
|
An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. `django.core.ma… | django | 2026-06-03T14:16:47.087Z | 2026-06-06T09:31:27.551806Z |
| pysec-2026-199 |
4.3 (3.1)
|
An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. `django.http.Ht… | django | 2026-06-03T14:16:46.483Z | 2026-06-06T09:31:27.325350Z |
| pysec-2026-198 |
5.3 (3.1)
|
An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.utils.c… | django | 2026-06-03T14:16:44.983Z | 2026-06-06T09:31:27.147158Z |
| pysec-2026-197 |
2.3 (4.0)
|
An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. `django.middlew… | django | 2026-06-03T14:16:41.247Z | 2026-06-06T09:31:26.956057Z |
| pysec-2026-193 |
7.8 (3.1)
|
In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code … | gdal | 2026-05-27T02:16:34.180Z | 2026-06-05T11:37:29.752863Z |
| pysec-2026-196 |
5.5 (3.1)
|
pip would treat console_scripts and gui_scripts as paths instead of file names without sa… | pip | 2026-06-01T17:17:35.770Z | 2026-06-05T10:22:47.002500Z |
| pysec-2026-195 |
1.1 (4.0)
|
A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data… | mlflow | 2026-06-04T12:16:24.440Z | 2026-06-05T10:22:43.284691Z |
| pysec-2026-194 |
2.7 (3.1)
|
Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federate… | matrix-synapse | 2026-05-28T17:16:31.590Z | 2026-06-05T10:22:40.838242Z |
| pysec-2025-102 |
6.6 (3.1)
|
Local File Inclusion in dagster._grpc.impl.get_notebook_data in Dagster 1.10.14 allows at… | dagster-ge | 2025-07-22T17:15:33.543Z | 2026-06-04T17:40:20.615875Z |
| pysec-2026-192 |
7.5 (3.1)
|
Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the bu… | python-liquid | 2026-05-28T16:16:25.883Z | 2026-06-03T10:54:55.739943Z |
| pysec-2026-191 |
5.5 (3.1)
|
Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, local authe… | matrix-synapse | 2026-05-28T17:16:31.750Z | 2026-06-03T10:54:47.970200Z |
| pysec-2026-190 |
8.8 (3.1)
|
BentoML is a Python library for building online serving systems optimized for AI apps and… | bentoml | 2026-05-27T18:16:23.333Z | 2026-06-03T10:54:38.301238Z |
| pysec-2026-189 |
8.8 (3.1)
|
BentoML is a Python library for building online serving systems optimized for AI apps and… | bentoml | 2026-05-27T18:16:23.200Z | 2026-06-03T10:54:38.245535Z |
| pysec-2026-188 |
6.1 (3.1)
|
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.1… | authlib | 2026-05-27T20:16:37.463Z | 2026-06-03T10:54:38.033325Z |
| pysec-2026-187 |
6.5 (3.1)
|
A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens … | apache-airflow | 2026-06-01T09:16:20.187Z | 2026-06-03T10:54:36.532595Z |
| pysec-2026-186 |
7.3 (3.1)
|
Apache Airflow's scheduler-side deadline-reference decoder (`SerializedCustomReference.de… | apache-airflow | 2026-06-01T09:16:19.480Z | 2026-06-03T10:54:36.471897Z |
| pysec-2026-185 |
8.8 (3.1)
|
A bug in Apache Airflow's XCom PATCH endpoint `PATCH /api/v2/xcomEntries/{key}` allowed a… | apache-airflow | 2026-06-01T09:16:18.907Z | 2026-06-03T10:54:36.415081Z |
| pysec-2026-184 |
9.1 (3.1)
|
Apache Airflow's official documentation at `core-concepts/dag-run.html` ("Passing Paramet… | apache-airflow | 2026-06-01T09:16:18.560Z | 2026-06-03T10:54:36.359072Z |
| pysec-2026-183 |
7.5 (3.1)
|
A bug in Apache Airflow's bulk Task Instances API (`PATCH/DELETE /api/v2/dags/{dag_id}/da… | apache-airflow | 2026-06-01T09:16:18.453Z | 2026-06-03T10:54:36.305146Z |
| pysec-2026-182 |
4.3 (3.1)
|
The partitioned_dag_runs endpoints in the Airflow UI enforced only asset-level access con… | apache-airflow | 2026-06-01T09:16:18.230Z | 2026-06-03T10:54:36.252940Z |