MEDIUM6.5CVE-2026-45192EPSS 0.04%Apache Airflow: Incomplete Redaction of Sensitive Fields in Connection Extra API Response
MEDIUM6.5praisonai-platform: list_issue_activity returns activity log for any issue regardless of workspace ownership
MEDIUM5.5PraisonAI CLI automatically resolves @url mentions in prompt text and can read loopback URLs into model context
MEDIUM5.5PraisonAI spider_tools SSRF protection bypass via alternate loopback host encodings
MEDIUM6.5BoxLite has a Timeout Bypass Vulnerability
MEDIUM6.5zeroconf has unbounded DNS record cache that allows LAN-local memory exhaustion via multicast flood
MEDIUM6.5zeroconf: Unbounded exception-dedup state retains packet buffers via traceback frame locals, enabling LAN-local memory exhaustion
MEDIUM6.5zeroconf has unbounded recursion in DNS compression-pointer decoder that allows LAN-local denial of service
MEDIUM5.7Dulwich has unbounded memory allocation in receive-pack from crafted thin packs
MEDIUM5.5Shamefile has an arbitrary file read via shamefile.yaml in shame next
MEDIUM5.0EPSS 0.03%local-deep-research has an SSRF bypass in `safe_get`
MEDIUM6.7compliance-trestle Vulnerable to SSRF in Remote Fetching Subsystem
MEDIUM5.3EPSS 0.05%PyJWT is a JSON Web Token implementation in Python.
MEDIUM5.4EPSS 0.01%PyJWT is a JSON Web Token implementation in Python.
MEDIUM4.2EPSS 0.03%PyJWT is a JSON Web Token implementation in Python.
MEDIUM5.5EPSS 0.01%pypdf: Possible large memory usage for large offsets for layout mode text
MEDIUM5.5EPSS 0.01%pip would treat console_scripts and gui_scripts as paths instead of file names without sanitizing the resolved absolute path to the install…
MEDIUM5.0EPSS 0.02%Weblate has a Server-Side Request Forgery issue