PyPI packages — vulnerability index
These pages aggregate every CVE that affects a given PyPI package, sourced from NVD's CPE matching.
About these pages
Each entry below links to the full CVE history for that PyPI package: severity, CVSS, KEV flag, summary, and the original NVD record. Counts update as new advisories land — typically within hours of publication. The catalog is curated and bounded to high-impact Python libraries with verified CPE mappings; expansion to Maven / crates / Go-modules follows the same shape as the existing npm and PyPI wedges.
All packages (49)
| Package | CVEs | KEV | Highest CVSS | Latest disclosed |
|---|---|---|---|---|
| TensorFlow | 404 | — | 9.8 | 2026-02-20 |
| Django | 86 | — | 9.8 | 2026-06-03 |
| Ansible | 48 | — | 9.8 | 2022-04-18 |
| Salt | 37 | — | 9.8 | 2026-01-30 |
| aiohttp | 34 | — | 7.5 | 2026-06-02 |
| MLflow | 30 | — | 10.0 | 2026-06-04 |
| Pillow | 21 | — | 9.8 | 2026-05-09 |
| Apache Airflow | 19 | — | 9.1 | 2026-06-01 |
| PyTorch | 14 | — | 8.8 | 2026-03-22 |
| Transformers | 14 | — | 9.6 | 2026-06-03 |
| jupyter-server | 13 | — | 8.8 | 2026-06-02 |
| urllib3 | 11 | — | 7.5 | 2026-05-13 |
| Werkzeug | 10 | — | 8.0 | 2026-02-21 |
| PyJWT | 9 | — | 7.5 | 2026-05-28 |
| Tornado | 9 | — | 7.5 | 2026-04-03 |
| pip | 9 | — | 5.5 | 2026-06-01 |
| JupyterLab | 8 | — | 9.6 | 2026-05-13 |
| Twisted | 8 | — | 8.3 | 2026-05-13 |
| Requests | 7 | — | 6.1 | 2026-03-25 |
| Starlette | 7 | — | 7.5 | 2026-05-26 |
| cryptography | 7 | — | 7.5 | 2026-04-08 |
| JupyterHub | 5 | — | 8.1 | 2026-05-22 |
| Flask | 4 | — | 7.5 | 2026-02-21 |
| Poetry | 4 | — | 7.3 | 2026-04-24 |
| Ray | 4 | — | 8.8 | 2026-05-08 |
| Bottle | 3 | — | 6.8 | 2021-01-18 |
| Dulwich | 3 | — | 9.8 | 2017-10-29 |
| Jinja2 | 3 | — | 5.3 | 2021-02-01 |
| PyCrypto | 3 | — | 9.8 | 2017-02-15 |
| lxml | 3 | — | 8.2 | 2026-04-24 |
| Celery | 2 | — | 7.5 | 2021-12-29 |
| FastAPI | 2 | — | 8.2 | 2024-02-05 |
| Paramiko | 2 | — | 5.9 | 2026-05-06 |
| PyYAML | 2 | — | 9.8 | 2021-02-09 |
| Pydantic | 2 | — | 5.9 | 2024-04-15 |
| Sanic | 2 | — | 8.3 | 2022-08-01 |
| setuptools | 2 | — | — | 2025-05-17 |
| virtualenv | 2 | — | 4.5 | 2026-01-10 |
| Matplotlib | 1 | — | — | 2025-06-26 |
| NumPy | 1 | — | 7.5 | 2017-08-15 |
| OAuthLib | 1 | — | 5.7 | 2022-09-09 |
| PyMongo | 1 | — | 4.7 | 2024-06-05 |
| Pyramid | 1 | — | 4.3 | 2023-08-25 |
| SQLAlchemy | 1 | — | — | 2012-06-05 |
| SciPy | 1 | — | — | 2019-11-04 |
| marshmallow | 1 | — | 5.3 | 2025-12-22 |
| pytest | 1 | — | 6.8 | 2026-01-22 |
| wheel | 1 | — | 7.1 | 2026-01-22 |
| CherryPy | 0 | — | — | — |