CVE Archive

PyPI Vulnerability Archive

Recent and critical CVEs affecting PyPI packages. Kodem’s runtime-powered SCA identifies which are actually reachable in your applications.

Top affected packages
Recent PyPI CVEs
CVE
Package / summary
Severity
CVE-2026-55447
langflow · Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit
Critical
CVE-2026-55446
langflow · Langflow: Unauthenticated DoS through multipart form boundary file upload
High
CVE-2026-55423
langflow · Langflow: Logout button does not clear session
Medium
CVE-2026-55255
langflow · Langflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows…
Critical
CVE-2026-55837
dbt-mcp · dbt MCP Server: Unauthenticated OAuth Context Endpoint Leaks dbt Platform Tokens
Medium
CVE-2026-54911
ujson · UltraJSON: Malformed/Truncated UTF-8 Accepted and Silently Rewritten in…
Medium
CVE-2026-54528
jupyterlab-git · jupyterlab-git excluded_paths Case-Sensitivity Bypass Allows Reading Excluded…
High
CVE-2026-54499
stanza · Stanza: Remote Code Execution via Unsafe Pickle Deserialization in Model Loaders
High
CVE-2026-54317
homeassistant · Home Assistant: Konnected alarm-panel switch state and zone topology disclosed…
High
CVE-2026-23879
py7zr · py7zr: Arbitrary File Write Vulnerability
High
CVE-2026-12530
bedrock-agentcore · Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python…
High
CVE-2026-54695
pipecat-ai · Pipecat: Telephony WebSocket `/ws` Unauthenticated Call-Control Abuse via…
High
CVE-2026-12568
bbot · BBOT: Arbitrary File Write in postman_download Module
Medium
CVE-2026-12565
bbot · BBOT: Path traversal (Zip-Slip) in unarchive module - incomplete fix for…
Medium
CVE-2026-47103
python-statemachine · python-statemachine SCXML <data expr> Eval Injection
Critical

Stop the waste.
Protect your environment with Kodem.

Get a personalized demo
Get a personalized demo