pkg:PyPI/pycti
16 total CVEsCRITICAL3HIGH7MEDIUM6
✅ Check your installed version
All known vulnerabilities
- CRITICAL9.8CVE-2026-27960OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables.>= 6.9.0, < 6.9.13
- CRITICAL9.1CVE-2025-61781OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables.from 0, < 6.8.1
- >= 6.4.8, < 6.4.11
- HIGH8.1CVE-2026-21886OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables.from 0, < 6.9.1
- from 0, < 6.2.18
- HIGH8.1CVE-2024-26139OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables.from 0, < 5.12.32
- HIGH7.7CVE-2026-21887OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables.from 0, < 6.8.16
- HIGH7.5CVE-2020-37041OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint.from 0, <= 3.3.1
- HIGH7.5CVE-2022-30290In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint.from 0, < 5.3.0
- HIGH7.2CVE-2026-44730OpenCTI: Privilege escalation via graphQL API is abusable by organization admins, due to incorrect ACL on userEdit relationAddfrom 0, < 6.9.7
- MEDIUM6.8CVE-2025-26621OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables.from 0, < 6.5.2
- >= 6.4.9, < 6.4.11
- MEDIUM6.1CVE-2020-37044OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting (XSS) attack via the /graphql endpoint.from 0, <= 3.3.1
- MEDIUM5.4CVE-2025-46732OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables.from 0, < 6.6.6
- MEDIUM5.4CVE-2022-30289A stored Cross-site Scripting (XSS) vulnerability was identified in the Data Import functionality of OpenCTI through 5.2.4.from 0, < 5.3.0
- from 0, < 6.3.0