PyPI — vulnerability landscape

Every CVE-affected package in the PyPI ecosystem, sorted by risk.

Last updated 6/4/2026, 12:34:37 PM

#	Package	CVEs	KEV	Max EPSS
1	salt	69	3	94.4%
2	langflow	23	3	92.7%
3	apache-airflow	125	2	94.3%
4	apache-superset	66	1	84.2%
5	pillow	61	1	93.3%
6	opencv-contrib-python	31	1	93.3%
7	opencv-python	31	1	93.3%
8	litellm	20	1	88.6%
9	pyspark	11	1	93.5%
10	opencv-contrib-python-headless	10	1	93.3%
11	opencv-python-headless	10	1	93.3%
12	langflow-base	5	1	92.7%
13	marimo	1	1	82.2%
14	imagecodecs	1	1	93.3%
15	telnyx	1	1	29.4%
16	tensorflow	427	—	1.5%
17	tensorflow-cpu	424	—	1.5%
18	tensorflow-gpu	421	—	1.5%
19	django	152	—	92.8%
20	plone	101	—	11.7%
21	open-webui	86	—	6.7%
22	mlflow	71	—	93.3%
23	ansible	68	—	10.1%
24	nova	53	—	87.2%
25	praisonai	50	—	0.6%
26	gradio	47	—	93.4%
27	pyload-ng	45	—	93.4%
28	matrix-synapse	44	—	13.2%
29	rdiffweb	43	—	0.7%
30	vllm	41	—	10.0%
31	moin	41	—	73.6%
32	vyper	40	—	1.5%
33	keystone	40	—	4.0%
34	weblate	33	—	1.6%
35	paddlepaddle	32	—	1.8%
36	aiohttp	32	—	93.5%
37	torch	30	—	25.1%
38	transformers	28	—	79.5%
39	pyassimp	28	—	0.3%
40	pgadmin4	28	—	92.9%
41	pypdf	24	—	0.2%
42	mindsdb	23	—	82.8%
43	glance	22	—	3.6%
44	ethyca-fides	22	—	22.2%
45	octoprint	22	—	2.2%
46	langchain	21	—	62.2%
47	lollms	20	—	17.5%
48	wagtail	20	—	1.3%
49	aim	20	—	8.4%
50	notebook	19	—	0.9%
51	praisonaiagents	19	—	0.1%
52	neutron	19	—	14.3%
53	urllib3	19	—	1.1%
54	mercurial	18	—	77.2%
55	changedetection-io	18	—	92.1%
56	cobbler	18	—	93.2%
57	calibreweb	18	—	16.4%
58	mobsf	18	—	14.8%
59	nautobot	17	—	3.0%
60	nicegui	17	—	1.4%
61	zope	16	—	1.9%
62	pycti	16	—	0.7%
63	praisonai-platform	16	—	—
64	h2o	16	—	2.9%
65	glances	16	—	6.7%
66	chuanhuchatgpt	16	—	5.4%
67	openexr	15	—	2.4%
68	cryptography	15	—	88.3%
69	sentry	15	—	4.2%
70	vantage6	15	—	6.1%
71	ckan	15	—	13.8%
72	exiv2	15	—	2.6%
73	roundup	15	—	16.5%
74	modoboa	15	—	77.8%
75	werkzeug	14	—	90.1%
76	pyftpdlib	14	—	1.0%
77	agentscope	14	—	0.9%
78	flask-appbuilder	14	—	1.0%
79	trytond	14	—	5.6%
80	twisted	14	—	67.8%
81	zenml	14	—	89.6%
82	bentoml	14	—	75.8%
83	llama-index	13	—	3.9%
84	horizon	13	—	2.9%
85	swift	12	—	5.8%
86	keras	12	—	8.0%
87	jupyter-server	12	—	1.5%
88	lunasvg	12	—	0.4%
89	nltk	12	—	10.8%
90	copyparty	11	—	89.9%
91	lief	11	—	0.6%
92	ray	11	—	92.2%
93	label-studio	11	—	70.6%
94	authlib	11	—	0.4%
95	onionshare-cli	11	—	0.7%
96	pywasm3	11	—	1.1%
97	jinja2	11	—	2.3%
98	wger	11	—	0.4%
99	indico	11	—	9.0%
100	zope2	11	—	90.5%
101	pip	11	—	39.9%
102	onnx	10	—	5.8%
103	llama-index-core	10	—	1.6%
104	kiwitcms	10	—	12.9%
105	pyjwt	10	—	1.0%
106	mistune	10	—	0.5%
107	trac	10	—	3.0%
108	apache-iotdb	10	—	3.4%
109	pretix	10	—	0.3%
110	langchain-core	9	—	13.4%
111	aubio	9	—	1.0%
112	waitress	9	—	13.3%
113	ryu	9	—	2.2%
114	python-keystoneclient	9	—	0.8%
115	cinder	9	—	3.6%
116	gitpython	9	—	68.9%
117	metagpt	9	—	0.5%
118	keylime	9	—	0.5%
119	scrapy	8	—	0.5%
120	codechecker	8	—	73.9%
121	jupyterlab	8	—	0.9%
122	requests	8	—	6.1%
123	web2py	8	—	40.8%
124	ipython	8	—	2.1%
125	homeassistant	8	—	1.1%
126	numpy	8	—	71.5%
127	dbgpt	8	—	1.8%
128	dtale	8	—	91.7%
129	sglang	8	—	1.9%
130	sagemaker	7	—	0.9%
131	matrix-sydent	7	—	1.4%
132	langchain-community	7	—	2.0%
133	pysaml2	7	—	2.1%
134	litestar	7	—	1.0%
135	tornado	7	—	1.2%
136	jupyterhub	7	—	0.5%
137	astrbot	7	—	1.1%
138	mayan-edms	7	—	1.1%
139	lxml	7	—	5.4%
140	graphite-web	7	—	91.6%
141	gdal	7	—	2.2%
142	picklescan	7	—	16.2%
143	fschat	7	—	0.9%
144	fickling	7	—	0.1%
145	executorch	7	—	0.4%
146	apache-atlas	7	—	1.9%
147	starlette	7	—	3.3%
148	tryton	7	—	5.6%
149	oauthenticator	6	—	0.7%
150	rucio-webui	6	—	0.1%
151	saleor	6	—	0.4%
152	ollama	6	—	0.6%
153	mailman	6	—	10.6%
154	openc3	6	—	4.0%
155	copier	6	—	0.1%
156	lmdeploy	6	—	8.7%
157	fastmcp	6	—	0.1%
158	pytorch-lightning	6	—	2.1%
159	langchain-chatchat	6	—	0.7%
160	paramiko	6	—	54.2%
161	ajenti-panel	6	—	0.8%
162	yt-dlp	6	—	13.0%
163	mage-ai	6	—	0.2%
164	whoogle-search	6	—	0.5%
165	apache-airflow-providers-apache-hive	6	—	31.2%
166	products-cmfplone	6	—	0.5%
167	wabt	6	—	0.1%
168	prefect	6	—	0.2%
169	guarddog	6	—	0.8%
170	grpcio	6	—	1.8%
171	bugsink	6	—	1.0%
172	mezzanine	6	—	1.8%
173	flask-cors	6	—	0.9%
174	ujson	6	—	0.3%
175	omero-web	6	—	0.6%
176	esphome	6	—	4.8%
177	snowflake-connector-python	6	—	0.5%
178	ansible-core	6	—	0.1%
179	lmdb	5	—	0.4%
180	python-multipart	5	—	3.3%
181	langroid	5	—	0.4%
182	composio-core	5	—	0.3%
183	langchain-experimental	5	—	13.4%
184	python-gnupg	5	—	21.4%
185	compliance-trestle	5	—	—
186	jwcrypto	5	—	0.4%
187	kallithea	5	—	5.3%
188	ironic	5	—	0.8%
189	pygments	5	—	7.4%
190	invokeai	5	—	44.2%
191	ait-core	5	—	0.9%
192	protobuf	5	—	0.8%
193	pyarrow	5	—	84.8%
194	poetry	5	—	0.7%
195	mesop	5	—	12.9%
196	tripleo-heat-templates	5	—	0.3%
197	torchserve	5	—	91.7%
198	flask	5	—	0.6%
199	bleach	5	—	0.6%
200	tendenci	5	—	0.7%
201	nvflare	5	—	22.4%
202	feedparser	5	—	7.2%
203	dulwich	5	—	2.8%
204	strawberry-graphql	5	—	0.2%
205	smolagents	5	—	3.1%
206	nemo-toolkit	5	—	0.3%
207	pyopenssl	5	—	2.9%
208	mitmproxy	5	—	3.6%
209	micropython-copy	4	—	0.2%
210	barbican	4	—	0.4%
211	micropython-io	4	—	0.2%
212	mcp-server-git	4	—	0.2%
213	mem0ai	4	—	0.2%
214	materialx	4	—	1.8%
215	markdown2	4	—	0.7%
216	reportlab	4	—	26.9%
217	restrictedpython	4	—	1.1%
218	mako	4	—	1.0%
219	red-discordbot	4	—	2.4%
220	llamafactory	4	—	4.2%
221	lemur	4	—	0.3%
222	pyyaml	4	—	13.7%
223	awsiotsdk	4	—	0.3%
224	lin-cms	4	—	1.2%
225	python-jose	4	—	0.9%
226	qutebrowser	4	—	0.7%
227	pypdf2	4	—	0.2%
228	asyncssh	4	—	0.4%
229	radicale	4	—	1.8%
230	clearml	4	—	82.8%
231	kedro	4	—	6.1%
232	koji	4	—	0.6%
233	setuptools	4	—	9.9%
234	xgrammar	4	—	0.4%
235	wlc	4	—	0.0%
236	zodb3	4	—	1.0%
237	indy-node	4	—	1.6%
238	pycrypto	4	—	13.6%
239	pretalx	4	—	76.8%
240	apache-airflow-core	4	—	0.1%
241	vantage6-server	4	—	0.3%
242	guardrails-ai	4	—	0.4%
243	vanna	4	—	7.5%
244	httpie	4	—	0.6%
245	vtk	4	—	0.5%
246	wasmtime	4	—	0.2%
247	buildbot	4	—	0.6%
248	geonode	4	—	0.2%
249	gerapy	4	—	78.3%
250	apache-submarine	4	—	77.1%
251	bottle	4	—	1.2%
252	freetakserver-ui	4	—	0.3%
253	frappe	4	—	0.8%
254	pandasai	4	—	5.9%
255	flask-security-too	4	—	17.1%
256	tuf	4	—	0.6%
257	apache-dolphinscheduler	4	—	2.2%
258	democritus-urls	4	—	0.5%
259	democritus-file-system	4	—	0.9%
260	streampipes	4	—	1.8%
261	motioneye	4	—	85.3%
262	ecdsa	4	—	0.6%
263	monai	4	—	2.1%
264	skops	4	—	0.4%
265	nbconvert	4	—	0.8%
266	django-unicorn	4	—	0.3%
267	django-helpdesk	4	—	0.5%
268	bbot	4	—	0.3%
269	streamlit	4	—	1.7%
270	dagster	3	—	2.2%
271	scikit-learn	3	—	0.9%
272	scipy	3	—	0.3%
273	scitokens	3	—	0.0%
274	mcp	3	—	0.2%
275	anki	3	—	3.1%
276	backend-ai	3	—	0.3%
277	rsa	3	—	3.1%
278	lxml-html-clean	3	—	0.5%
279	redshift-connector	3	—	0.9%
280	local-deep-research	3	—	0.0%
281	localstack	3	—	0.4%
282	rembg	3	—	0.1%
283	crawl4ai	3	—	0.2%
284	apache-airflow-providers-google	3	—	2.2%
285	couchbase	3	—	0.5%
286	lightrag-hku	3	—	0.1%
287	langgraph-checkpoint-sqlite	3	—	0.0%
288	langsmith	3	—	0.0%
289	python-ldap	3	—	0.2%
290	quokka	3	—	2.6%
291	avro	3	—	3.0%
292	keystonemiddleware	3	—	0.6%
293	khoj	3	—	0.9%
294	keyring	3	—	0.3%
295	admesh	3	—	0.6%
296	jupyter-server-proxy	3	—	1.1%
297	asyncua	3	—	0.5%
298	pyspector	3	—	0.0%
299	apache-airflow-providers-apache-spark	3	—	3.0%
300	ciguard	3	—	0.0%