Launch Week Day 1: Announcing Security Design Review
Start for Free

Know every threat before it ships

200K+ vulnerabilities, malicious packages, and supply chain threats enriched with Corgea's research.

All npm PyPI Go NuGet crates.io Maven RubyGems

2,301 vulnerabilities

MEDIUM 4.2
PyPI

CVE-2026-48522

PyJWKClient: missing scheme allowlist enables CVE-2024-21643-class SSRF + token forgery via file://, ftp://, data: schemes
MEDIUM 5.4
PyPI

CVE-2026-48523

PyJWT: Algorithm allow-list bypass when decoding with `PyJWK` / `PyJWKClient` keys
MEDIUM 5.3
PyPI

CVE-2026-48525

PyJWT: Unauthenticated DoS via unbounded Base64URL decoding of unused payload segment in b64=false detached JWS
MEDIUM 5.3
PyPI

CVE-2025-3000

PyTorch is vulnerable to memory corruption through its torch.jit.script function
MEDIUM 6.5
PyPI

CVE-2026-49818

CVE-2026-49818
MEDIUM 6.5
PyPI

CVE-2026-48710

Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks
MEDIUM 6.5
PyPI

CVE-2026-47157

aiograpi: Unsafe signup challenge path handling
MEDIUM 4.3
PyPI

CVE-2026-53954

Bugsink: DOS using large numbers of event tags
MEDIUM 6.5
PyPI

CVE-2026-2734

MLflow authenticated users can enumerate any registered model versions due to lack of per-model permissions checks
MEDIUM 6.6
PyPI

CVE-2025-51481

CVE-2025-51481
MEDIUM 5.8
PyPI

CVE-2026-48053

Kolibri has Unauthenticated Server-Side Request Forgery (SSRF) in RemoteFacilityUserViewset
MEDIUM 6.5
PyPI

CVE-2026-47213

BoxLite has a Timeout Bypass Vulnerability
MEDIUM 5.7
PyPI

CVE-2026-47734

Dulwich has unbounded memory allocation in receive-pack from crafted thin packs
MEDIUM 4.3
PyPI

CVE-2026-46645

SQLAdmin: Authorization Bypass on `ajax_lookup`
MEDIUM 6.5
PyPI

CVE-2026-48045

python-zeroconf: Unbounded TC-deferred queue allows LAN-local memory exhaustion via spoofed-source flood
MEDIUM 4.6
PyPI

CVE-2026-45106

Weblate: Stored HTML injection in editor search preview
MEDIUM 5.4
PyPI

CVE-2012-5571

OpenStack Keystone intended authorization restrictions bypass
MEDIUM 5.9
PyPI

CVE-2026-48061

Litestar: AllowedHostsMiddleware bypasses host validation via client-controlled X-Forwarded-Host header
MEDIUM 5.4
PyPI

CVE-2025-70960

Tendenci CMS contains a stored Cross-site Scripting (XSS) vulnerability in the Forums module
MEDIUM 5.5
PyPI

CVE-2022-33124

Withdrawn: Denial of Service in aiohttp
MEDIUM 5.3
PyPI

CVE-2021-31604

furlongm openvpn-monitor allows CSRF to disconnect an arbitrary client
MEDIUM 6.1
PyPI

CVE-2020-19002

Mezzanine Cross Site Scripting (XSS) vulnerability
MEDIUM 6.1
PyPI

CVE-2020-18699

Lin-CMS-Flask Cross Site Scripting (XSS) vulnerability
MEDIUM 5.5
PyPI

CVE-2024-11319

django CMS Cross-Site Scripting (XSS)
MEDIUM 6.5
PyPI

CVE-2021-39432

diplib Double Free
MEDIUM 5.5
PyPI

CVE-2016-7151

Capstone SEGV caused by a read memory access
MEDIUM 5.3
PyPI

CVE-2025-3001

PyTorch is vulnerable to memory corruption through its torch.lstm_cell function
MEDIUM 5.3
PyPI

CVE-2025-2999

PyTorch is vulnerable to memory corruption through its unpack_sequence function
MEDIUM 6.5
PyPI

CVE-2026-47155

vLLM's Artifact Pin Decay allows pinned deployments to load unpinned code, weights, and processors
MEDIUM 5.3
PyPI

CVE-2024-32481

vyper's range(start, start + N) reverts for negative numbers
MEDIUM 5.3
PyPI

CVE-2024-32649

vyper performs multiple eval of `sqrt()` argument built in
MEDIUM 5.3
PyPI

CVE-2024-26149

CVE-2024-26149
MEDIUM 6.1
PyPI

CVE-2024-35225

CVE-2024-35225
MEDIUM 4.0
PyPI

CVE-2024-28237

XSS via the "Snapshot Test" feature in Classic Webcam plugin settings
MEDIUM 5.3
PyPI

CVE-2024-32646

vyper performs double eval of the slice start/length args in certain cases
MEDIUM 5.3
PyPI

CVE-2024-32647

vyper performs double eval of raw_args in create_from_blueprint
MEDIUM 4.4
PyPI

CVE-2025-31116

Mobile Security Framework (MobSF) has a SSRF Vulnerability fix bypass on assetlinks_check with DNS Rebinding
MEDIUM 5.3
PyPI

CVE-2024-27305

aiosmtpd vulnerable to SMTP smuggling
MEDIUM 5.3
PyPI

CVE-2024-32648

vyper default functions don't respect nonreentrancy keys
MEDIUM 5.3
PyPI

CVE-2024-32645

vyper performs incorrect topic logging in raw_log
MEDIUM 5.4
PyPI

CVE-2023-41048

CVE-2023-41048
MEDIUM 5.3
PyPI

CVE-2024-24564

CVE-2024-24564
MEDIUM 4.7
PyPI

CVE-2024-26152

Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config

MEDIUM 6.3
PyPI

CVE-2024-36112

Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects
MEDIUM 6.5
PyPI

CVE-2025-48887

vLLM has a Regular Expression Denial of Service (ReDoS, Exponential Complexity) Vulnerability in `pythonic_tool_parser.py`
MEDIUM 5.5
PyPI

CVE-2023-25399

Withdrawn: scipy memory leak vulnerability
MEDIUM 5.3
PyPI

CVE-2024-29370

Duplicate Advisory: python-jose denial of service via compressed JWE content
MEDIUM 4.8
PyPI

CVE-2024-2171

CVE-2024-2171
MEDIUM 6.5
PyPI

CVE-2024-2035

CVE-2024-2035

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes