pip
pip
- CVE-2026-55166 - Lemur ACME SSRF and creator-equality IDOR
- CVE-2026-48818 - Starlette StaticFiles UNC SSRF and NTLM leak
- CVE-2026-49853 - Tornado cross-origin redirect credential leak
- CVE-2026-42271 - LiteLLM MCP stdio command execution
- CVE-2026-44023 - Docling Core remote filename SSRF
- CVE-2026-47412 - PraisonAI Platform workspace delete RBAC bypass
- CVE-2026-47418 - PraisonAI Platform project IDOR
- CVE-2026-40576 - excel-mcp-server path traversal
- CVE-2026-47214 - Docling HTML backend URI and path handling
- CVE-2026-47391 - PraisonAI A2A eval tool RCE
- CVE-2026-47397 - PraisonAI arbitrary file write
- CVE-2026-47407 - PraisonAI Platform workspace takeover
- CVE-2026-47413 - PraisonAI Platform member-add owner injection
- CVE-2026-47416 - PraisonAI Platform workspace owner promotion
- CVE-2026-48169 - PraisonAI Platform cross-workspace IDOR
- CVE-2026-47410 - PraisonAI Platform default JWT secret
- CVE-2026-44513 - Diffusers trust_remote_code bypass
- CVE-2026-41490 - Dagster dynamic partition SQL injection
- CVE-2026-42601 - ArchiveBox AddView config override RCE
- CVE-2026-41497 - PraisonAI MCP command injection incomplete fix
- GHSA-rpm5/GHSA-x2qx - GitPython command injection