pkg:PyPI/pycti

All known vulnerabilities

• CRITICAL9.8CVE-2026-27960OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables.
  >= 6.9.0, < 6.9.13
• CRITICAL9.1CVE-2025-61781OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables.
  from 0, < 6.8.1
• CRITICAL9.1CVE-2025-24977OpenCTI is an open cyber threat intelligence (CTI) platform.
  >= 6.4.8, < 6.4.11
• HIGH8.1OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables.
  from 0, < 6.9.1
• HIGH8.1OpenCTI is an open-source cyber threat intelligence platform.
  from 0, < 6.2.18
• HIGH8.1OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables.
  from 0, < 5.12.32
• HIGH7.7OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables.
  from 0, < 6.8.16
• HIGH7.5OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint.
  from 0, <= 3.3.1
• HIGH7.5In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint.
  from 0, < 5.3.0
• HIGH7.2OpenCTI: Privilege escalation via graphQL API is abusable by organization admins, due to incorrect ACL on userEdit relationAdd
  from 0, < 6.9.7
• HIGH7.2OpenCTI: Privilege escalation via graphQL API is abusable by organization admins, due to incorrect ACL on userEdit relationAdd
  from 0, < 6.9.7
• MEDIUM6.8OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables.
  from 0, < 6.5.2
• MEDIUM6.3OpenCTI is an open-source cyber threat intelligence platform.
  >= 6.4.9, < 6.4.11
• MEDIUM6.1OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables.
  from 0, < 7.260227.0
• MEDIUM6.1OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting (XSS) attack via the /graphql endpoint.
  from 0, <= 3.3.1
• MEDIUM5.4OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables.
  from 0, < 6.6.6
• MEDIUM5.4A stored Cross-site Scripting (XSS) vulnerability was identified in the Data Import functionality of OpenCTI through 5.2.4.
  from 0, < 5.3.0
• MEDIUM4.3OpenCTI is an open-source cyber threat intelligence platform.
  from 0, < 6.3.0