Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-46561 |
|
SSRF (Server-Side Request Forgery) in pyload-ng (CVE-2026-46561)
SSRF in pyload-ng (CVE-2026-46561). Risk of unauthorized operations or information disclosure. Exploitable via ``PREREQFUNCTION``. Mitigation: upgrade to `0.5.0b3.dev100` or later.
|
| CVE-2026-48207 |
|
Unsafe Deserialization in pyfory (CVE-2026-48207)
vulnerability in pyfory (CVE-2026-48207). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.0.0` or later.
|
| CVE-2026-4224 |
|
Vulnerability in libpython (CVE-2026-4224)
vulnerability in libpython (CVE-2026-4224). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.13.13, 3.14.4` or later.
|
| CVE-2026-31072 |
|
Unsafe Deserialization in apscheduler (CVE-2026-31072)
vulnerability in apscheduler (CVE-2026-31072). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45758 |
|
Vulnerability in guardrails-ai (CVE-2026-45758)
vulnerability in guardrails-ai (CVE-2026-45758). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45409 |
|
Vulnerability in idna (CVE-2026-45409)
vulnerability in idna (CVE-2026-45409). Risk of unauthorized operations or information disclosure. Exploitable via ``valid_contexto``. Mitigation: upgrade to `3.15` or later.
|
| CVE-2026-33234 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-33234)
SSRF in ssrf (CVE-2026-33234). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4137 |
|
Vulnerability in mlflow (CVE-2026-4137)
vulnerability in mlflow (CVE-2026-4137). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.11.0` or later.
|
| CVE-2026-8838 |
|
Code Injection in Amazon redshift-connector (CVE-2026-8838)
code injection in Amazon redshift-connector (CVE-2026-8838). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.1.14` or later.
|
| CVE-2026-45554 |
|
Vulnerability in nicegui (CVE-2026-45554)
vulnerability in nicegui (CVE-2026-45554). Risk of unauthorized operations or information disclosure. Exploitable via ``RuntimeError``. Mitigation: upgrade to `3.12.0` or later.
|
| CVE-2026-45553 |
|
Information Disclosure in nicegui (CVE-2026-45553)
vulnerability in nicegui (CVE-2026-45553). Confidential information can be exposed externally. Exploitable via ``include``. Mitigation: upgrade to `3.12.0` or later.
|
| CVE-2026-45829 |
|
Code Injection in chromadb (CVE-2026-45829)
code injection in chromadb (CVE-2026-45829). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7304 |
|
Unsafe Deserialization in sglang (CVE-2026-7304)
vulnerability in sglang (CVE-2026-7304). Successful exploitation can lead to full system takeover.
|
| CVE-2021-47952 |
|
Code Injection in deserialization (CVE-2021-47952)
code injection in deserialization (CVE-2021-47952). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46383 |
|
Path Traversal in apm-cli (CVE-2026-46383)
path traversal in apm-cli (CVE-2026-46383). Data can be tampered with by attackers. Exploitable via ``main``. Mitigation: upgrade to `0.13.0` or later.
|
| CVE-2026-44716 |
|
Path Traversal in pipecat-ai (CVE-2026-44716)
path traversal in pipecat-ai (CVE-2026-44716). Confidential information can be exposed externally. Exploitable via `GET /files/{filename`. Mitigation: upgrade to `1.2.0` or later.
|
| CVE-2026-44661 |
|
SSRF (Server-Side Request Forgery) in utcp-http (CVE-2026-44661)
SSRF in utcp-http (CVE-2026-44661). Risk of unauthorized operations or information disclosure. Exploitable via ``tool_call_template.url``. Mitigation: upgrade to `1.1.2` or later.
|
| CVE-2026-45370 |
|
Vulnerability in utcp-cli (CVE-2026-45370)
vulnerability in utcp-cli (CVE-2026-45370). Confidential information can be exposed externally. Exploitable via ``cli_communication_protocol.py``. Mitigation: upgrade to `1.1.2` or later.
|
| CVE-2026-45369 |
|
OS Command Injection in utcp-cli (CVE-2026-45369)
OS command injection in utcp-cli (CVE-2026-45369). Successful exploitation can lead to full system takeover. Exploitable via ``_substitute_utcp_args``. Mitigation: upgrade to `1.1.2` or later.
|
| CVE-2026-45672 |
|
Authorization Flaw in open-webui (CVE-2026-45672)
vulnerability in open-webui (CVE-2026-45672). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.8.12` or later.
|
| CVE-2026-45395 |
|
Privilege Escalation in open-webui (CVE-2026-45395)
vulnerability in open-webui (CVE-2026-45395). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/v1/tools/id/{id}/update`. Mitigation: upgrade to `0.9.5` or later.
|
| CVE-2026-45348 |
|
Cross-Site Scripting (XSS) in pyload-ng (CVE-2026-45348)
cross-site scripting in pyload-ng (CVE-2026-45348). Confidential information can be exposed externally. Exploitable via `POST /flash/add`.
|
| CVE-2026-45306 |
|
Vulnerability in pyload-ng (CVE-2026-45306)
vulnerability in pyload-ng (CVE-2026-45306). Confidential information can be exposed externally. Exploitable via `GET /files/get/`.
|
| CVE-2026-8597 |
|
Vulnerability in sagemaker (CVE-2026-8597)
vulnerability in sagemaker (CVE-2026-8597). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.8.0` or later.
|
| CVE-2026-8596 |
|
Vulnerability in Amazon sagemaker (CVE-2026-8596)
vulnerability in Amazon sagemaker (CVE-2026-8596). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.8.0` or later.
|
| CVE-2026-44899 |
|
Cross-Site Scripting (XSS) in mistune (CVE-2026-44899)
cross-site scripting in mistune (CVE-2026-44899). Risk of unauthorized operations or information disclosure. Exploitable via ``outline``. Mitigation: upgrade to `3.2.1` or later.
|
| CVE-2026-44898 |
|
Cross-Site Scripting (XSS) in mistune (CVE-2026-44898)
cross-site scripting in mistune (CVE-2026-44898). Risk of unauthorized operations or information disclosure. Exploitable via ``text``. Mitigation: upgrade to `3.2.1` or later.
|
| CVE-2026-42561 |
|
Vulnerability in python-multipart (CVE-2026-42561)
vulnerability in python-multipart (CVE-2026-42561). Risk of unauthorized operations or information disclosure. Exploitable via ``MultipartParser``. Mitigation: upgrade to `0.0.27` or later.
|
| CVE-2026-42304 |
|
Vulnerability in Twisted (CVE-2026-42304)
vulnerability in Twisted (CVE-2026-42304). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `26.4.0rc2` or later.
|
| CVE-2026-45136 |
|
OS Command Injection in claude-code-cache-fix (CVE-2026-45136)
OS command injection in claude-code-cache-fix (CVE-2026-45136). Successful exploitation can lead to full system takeover. Exploitable via ``statusLine``. Mitigation: upgrade to `3.5.2` or later.
|
| CVE-2026-45134 |
|
Unsafe Deserialization in langsmith (CVE-2026-45134)
vulnerability in langsmith (CVE-2026-45134). Confidential information can be exposed externally. Exploitable via ``pull_prompt``. Mitigation: upgrade to `0.8.0` or later.
|
| CVE-2026-44681 |
|
Open Redirect in authlib (CVE-2026-44681)
vulnerability in authlib (CVE-2026-44681). Risk of unauthorized operations or information disclosure. Exploitable via `GET /oauth/authorize`. Mitigation: upgrade to `3be08468` or later.
|
| CVE-2026-44660 |
|
Vulnerability in ujson (CVE-2026-44660)
vulnerability in ujson (CVE-2026-44660). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.12.1` or later.
|
| CVE-2026-45227 |
|
Vulnerability in CVE-2026-45227 (CVE-2026-45227)
vulnerability in CVE-2026-45227 (CVE-2026-45227). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44304 |
|
Vulnerability in lemur (CVE-2026-44304)
vulnerability in lemur (CVE-2026-44304). Confidential information can be exposed externally. Exploitable via `POST /auth/login`. Mitigation: upgrade to `1.9.0` or later.
|
| CVE-2026-44307 |
|
Path Traversal in Mako (CVE-2026-44307)
path traversal in Mako (CVE-2026-44307). Risk of unauthorized operations or information disclosure. Exploitable via ``Template.__init__``. Mitigation: upgrade to `1.3.12` or later.
|
| CVE-2026-43948 |
|
Authorization Flaw in wger (CVE-2026-43948)
vulnerability in wger (CVE-2026-43948). Successful exploitation can lead to full system takeover. Exploitable via `GET /en/gym/user/`. Mitigation: upgrade to `2.6` or later.
|
| CVE-2026-42544 |
|
Vulnerability in granian (CVE-2026-42544)
vulnerability in granian (CVE-2026-42544). Risk of unauthorized operations or information disclosure. Exploitable via ``Err``. Mitigation: upgrade to `2.7.4` or later.
|
| CVE-2026-42545 |
|
Vulnerability in granian (CVE-2026-42545)
vulnerability in granian (CVE-2026-42545). Risk of unauthorized operations or information disclosure. Exploitable via ``Location``. Mitigation: upgrade to `2.7.4` or later.
|
| CVE-2026-31237 |
|
Unsafe Deserialization in ludwig (CVE-2026-31237)
vulnerability in ludwig (CVE-2026-31237). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31238 |
|
Unsafe Deserialization in ludwig (CVE-2026-31238)
vulnerability in ludwig (CVE-2026-31238). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31236 |
|
Code Injection in llm (CVE-2026-31236)
code injection in llm (CVE-2026-31236). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31235 |
|
Unsafe Deserialization in imgaug (CVE-2026-31235)
vulnerability in imgaug (CVE-2026-31235). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31239 |
|
Unsafe Deserialization in mamba-ssm (CVE-2026-31239)
vulnerability in mamba-ssm (CVE-2026-31239). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31231 |
|
Code Injection in CVE-2026-31231 (CVE-2026-31231)
code injection in CVE-2026-31231 (CVE-2026-31231). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31229 |
|
Unsafe Deserialization in deserialization (CVE-2026-31229)
vulnerability in deserialization (CVE-2026-31229). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31230 |
|
Vulnerability in CVE-2026-31230 (CVE-2026-31230)
vulnerability in CVE-2026-31230 (CVE-2026-31230). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31232 |
|
Unsafe Deserialization in deserialization (CVE-2026-31232)
vulnerability in deserialization (CVE-2026-31232). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31221 |
|
Unsafe Deserialization in pytorch-lightning (CVE-2026-31221)
vulnerability in pytorch-lightning (CVE-2026-31221). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31222 |
|
Unsafe Deserialization in snorkel (CVE-2026-31222)
vulnerability in snorkel (CVE-2026-31222). Successful exploitation can lead to full system takeover.
|