python
python
- CVE-2026-42208 - LiteLLM security control bypass
- CVE-2026-44018 - Docling simplifies document processing security control bypass
- CVE-2026-55166 - Lemur ACME SSRF and creator-equality IDOR
- CVE-2026-12191 - openpilot pickle deserialization
- CVE-2026-48818 - Starlette StaticFiles UNC SSRF and NTLM leak
- CVE-2026-49853 - Tornado cross-origin redirect credential leak
- CVE-2026-42563 - Dulwich merge driver path command injection
- CVE-2026-48039 - Meta Ads MCP HTTP tool auth bypass
- CVE-2025-3248 - Langflow validate/code unauthenticated RCE
- CVE-2025-68143 - mcp-server-git arbitrary repository creation
- CVE-2025-68144 - mcp-server-git diff and checkout argument injection
- CVE-2025-68145 - mcp-server-git repository path validation bypass
- CVE-2026-10142 - kafka-python frame length parser DoS
- CVE-2026-10143 - kafka-python SCRAM iteration count DoS
- CVE-2026-42271 - LiteLLM MCP stdio command execution
- CVE-2026-5058 - aws-mcp-server command injection RCE
- CVE-2026-11455 - MetaGPT Mermaid path command injection
- CVE-2026-27494 - n8n Python Code node sandbox escape
- CVE-2026-27905 - BentoML tar symlink arbitrary write
- CVE-2026-34070 - LangChain load_prompt path traversal
- CVE-2026-39922 - GeoNode service registration SSRF
- CVE-2026-44023 - Docling Core remote filename SSRF
- CVE-2026-47412 - PraisonAI Platform workspace delete RBAC bypass
- CVE-2026-47418 - PraisonAI Platform project IDOR
- CVE-2026-27893 - vLLM trust_remote_code bypass
- CVE-2026-40576 - excel-mcp-server path traversal
- CVE-2026-44180 - Jupyter Enterprise Gateway prohibited UID/GID bypass
- CVE-2026-44181 - Jupyter Enterprise Gateway Jinja2 SSTI RCE
- CVE-2026-44182 - Jupyter Enterprise Gateway YAML manifest injection
- CVE-2026-47214 - Docling HTML backend URI and path handling
- CVE-2026-47391 - PraisonAI A2A eval tool RCE
- CVE-2026-47397 - PraisonAI arbitrary file write
- CVE-2026-47407 - PraisonAI Platform workspace takeover
- CVE-2026-47413 - PraisonAI Platform member-add owner injection
- CVE-2026-47416 - PraisonAI Platform workspace owner promotion
- CVE-2026-47708 - stata-mcp log_file_name command injection
- CVE-2026-47731 - AIT-Core BSC path traversal file append
- CVE-2026-48169 - PraisonAI Platform cross-workspace IDOR
- CVE-2026-48710 - Starlette BadHost request.url path bypass
- CVE-2026-47410 - PraisonAI Platform default JWT secret
- CVE-2026-45395 - Open WebUI tool update authorization RCE
- CVE-2026-44336 - PraisonAI MCP tools/call path traversal RCE
- CVE-2026-44339 - PraisonAI unsafe tool resolution
- CVE-2026-44340 - PraisonAI recipe symlink extraction escape
- GHSA-6xcp-7mpr-m7wm - Open WebUI CORS and session RCE chain
- CVE-2026-44513 - Diffusers trust_remote_code bypass
- CVE-2026-41490 - Dagster dynamic partition SQL injection
- CVE-2026-42601 - ArchiveBox AddView config override RCE
- CVE-2026-41497 - PraisonAI MCP command injection incomplete fix
- CVE-2026-42354 - Sentry SAML SSO identity linking
- GHSA-rpm5/GHSA-x2qx - GitPython command injection
- CVE-2025-60455 - Modular Max Serve unsafe deserialization
- CVE-2026-39987 — Marimo pre-auth RCE
- CVE-2017-18342 — PyYAML default `load` resolves arbitrary tags
- Python pickle / dill on untrusted input
- PyYAML `yaml.load` without a safe Loader