pypi

Top products

The 15 most recently published vulnerabilities affecting pypi.

• CVE-2025-55449AstrBotDevs AstrBot 3.5.15 has Advanced_System_for_Text_Response_and_Bot_Operations_Tool as the hardcoded private key used to sign a JWT.7.3May 8, 2026
• CVE-2026-32722Memray-generated HTML reports vulnerable to Stored XSS via unescaped command-line metadata3.6Mar 18, 2026
• CVE-2026-32634Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers8.1Mar 18, 2026
• CVE-2026-32633Glances's Browser API Exposes Reusable Downstream Credentials via `/api/4/serverslist`9.1Mar 18, 2026
• CVE-2026-32632Glances's REST/WebUI Lacks Host Validation and Remains Exposed to DNS Rebinding5.9Mar 18, 2026
• CVE-2026-32611Glances has a SQL Injection in DuckDB Export via Unparameterized DDL Statements7.0Mar 18, 2026
• CVE-2026-32610Glances's Default CORS Configuration Allows Cross-Origin Credential Theft8.1Mar 18, 2026
• CVE-2026-32609Glances has Incomplete Secrets Redaction: /api/v4/args Endpoint Leaks Password Hash and SNMP Credentials7.5Mar 18, 2026
• CVE-2026-32608Glances has a Command Injection via Process Names in Action Command Templates7.0Mar 18, 2026
• CVE-2026-32596Glances exposes the REST API without authentication7.5Mar 18, 2026
• CVE-2026-28500ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack8.6Mar 18, 2026
• CVE-2026-27459pyOpenSSL DTLS cookie callback buffer overflow9.8Mar 17, 2026
• CVE-2026-27448pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback5.3Mar 17, 2026
• CVE-2025-69196FastMCP OAuth Proxy token reuse across MCP servers6.5Mar 16, 2026
• CVE-2026-28498Authlib: Fail-Open Cryptographic Verification in OIDC Hash Binding7.5Mar 16, 2026