Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
pypi Security Advisories
Loading...
Moderate
Ecosystems: pypi
Packages: social-auth-app-django
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: about 3 hours ago
GSA_kwCzR0hTQS0yZ3I4LTN3YzcteGhqM84AA7Sd
social-auth-app-django affected by Improper Handling of Case SensitivityEcosystems: pypi
Packages: social-auth-app-django
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: about 3 hours ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 1 day ago
GSA_kwCzR0hTQS0zaDdxLXJmaDkteG00ds4AA7QQ
Synapse V2 state resolution weakness allows Denial of Service (DoS)Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 1 day ago
Moderate
Ecosystems: pypi
Packages: cg
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 1 day ago
GSA_kwCzR0hTQS13MjI4LXJmcHgtZmhtNM4AA7QL
cg vulnerable to an Open Redirect Vulnerability on Referer HeaderEcosystems: pypi
Packages: cg
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 1 day ago
High
Ecosystems: pypi
Packages: dbt-core
Source: GitHub Advisory Database
Blast Radius: 20.6
Published: 2 days ago
GSA_kwCzR0hTQS1wNzJxLWgzN2otM2hxN84AA7Pf
dbt uses a SQLparse version with a high vulnerabilityEcosystems: pypi
Packages: dbt-core
Source: GitHub Advisory Database
Blast Radius: 20.6
Published: 2 days ago
Moderate
Ecosystems: pypi
Packages: apache-airflow-providers-ftp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
GSA_kwCzR0hTQS0zZ2c4LW1jODctY3EzaM4AA7OB
Improper Certificate Validation vulnerability in Apache Airflow FTP ProviderEcosystems: pypi
Packages: apache-airflow-providers-ftp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
High
Ecosystems: pypi
Packages: sentry
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: 6 days ago
GSA_kwCzR0hTQS02Y2ptLTRweHctN3hwOc4AA7Lx
Sentry vulnerable to leaking superuser cleartext password in logsEcosystems: pypi
Packages: sentry
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: 6 days ago
Moderate
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 29.4
Published: 6 days ago
GSA_kwCzR0hTQS03Z3B3LTh3bWMtcG04Z84AA7Ls
aiohttp Cross-site Scripting vulnerability on index pages for static file handlingEcosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 29.4
Published: 6 days ago
Moderate
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 days ago
GSA_kwCzR0hTQS0yNTIyLW1yamMtbTY4OM4AA7Kq
Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config usedEcosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 days ago
Critical
Ecosystems: pypi
Packages: llama-index-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
GSA_kwCzR0hTQS1yNmdwLXJmZjItcDNoZs4AA7Ca
llama-index-core Command Injection vulnerabilityEcosystems: pypi
Packages: llama-index-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
Moderate
Ecosystems: pypi
Packages: mindsdb
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 9 days ago
GSA_kwCzR0hTQS05M2M1LXJqMnAtdzUyeM4AA7CX
Cross-site Scripting (XSS) in mindsdb/mindsdbEcosystems: pypi
Packages: mindsdb
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 9 days ago
Critical
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 34.5
Published: 9 days ago
GSA_kwCzR0hTQS1ocTg4LXdnN3EtZ3A0Z84AA7CC
mlflow vulnerable to Path TraversalEcosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 34.5
Published: 9 days ago
Moderate
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 9 days ago
GSA_kwCzR0hTQS1yZ3A4LXBtMjgtMzc1Oc4AA7CB
langchain vulnerable to path traversalEcosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 9 days ago
Critical
Ecosystems: pypi
Packages: bentoml
Source: GitHub Advisory Database
Blast Radius: 26.4
Published: 9 days ago
GSA_kwCzR0hTQS1odmo1LW12dzktOTNqM84AA7CZ
Insecure deserialization in BentoMLEcosystems: pypi
Packages: bentoml
Source: GitHub Advisory Database
Blast Radius: 26.4
Published: 9 days ago
High
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 9 days ago
GSA_kwCzR0hTQS1tNDljLTVjNTItNjY5Ns4AA7B8
mlflow vulnerable to Path TraversalEcosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 9 days ago
High
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 9 days ago
GSA_kwCzR0hTQS1mNDJtLW12ZnYtY2d3Nc4AA7B7
mlflow vulnerable to Path TraversalEcosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 9 days ago
Moderate
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 9 days ago
GSA_kwCzR0hTQS1nM3I1LTcyaGYtcDdwMs4AA7CW
zenml Session Fixation vulnerabilityEcosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 9 days ago
High
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 30.0
Published: 9 days ago
GSA_kwCzR0hTQS01bXZqLXdtZ2otN3E4Y84AA7CR
mlflow vulnerable to Path TraversalEcosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 30.0
Published: 9 days ago
Critical
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: 9 days ago
GSA_kwCzR0hTQS02aDNmLTQzdnEtNTNoas4AA7CV
Directory traversal in zenmlEcosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: 9 days ago
High
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: 9 days ago
GSA_kwCzR0hTQS1nOWNqLWNmcHAtNGcyeM4AA7B5
gradio vulnerable to Path TraversalEcosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: 9 days ago
High
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 9 days ago
GSA_kwCzR0hTQS1mODJyLWpqNXItNmc5N84AA7CM
mlflow Path Traversal vulnerabilityEcosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 9 days ago
Moderate
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: 9 days ago
GSA_kwCzR0hTQS1xaDZ4LWo4MmgtdnBmOc4AA7CK
gradio Server-Side Request Forgery vulnerabilityEcosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: 9 days ago
High
Ecosystems: pypi
Packages: gunicorn
Source: GitHub Advisory Database
Blast Radius: 44.6
Published: 9 days ago
GSA_kwCzR0hTQS13M2gzLTRyajctNHBoNM4AA7B3
Request smuggling leading to endpoint restriction bypass in GunicornEcosystems: pypi
Packages: gunicorn
Source: GitHub Advisory Database
Blast Radius: 44.6
Published: 9 days ago
High
Ecosystems: pypi
Packages: sqlparse
Source: GitHub Advisory Database
Blast Radius: 39.8
Published: 9 days ago
GSA_kwCzR0hTQS0ybTU3LWhmMjUtcGhnZ84AA7Be
sqlparse parsing heavily nested list leads to Denial of ServiceEcosystems: pypi
Packages: sqlparse
Source: GitHub Advisory Database
Blast Radius: 39.8
Published: 9 days ago
High
Ecosystems: pypi
Packages: nicegui
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 12 days ago
GSA_kwCzR0hTQS1td2M3LTY0d2ctcGd2as4AA69-
NiceGUI allows potential access to local file systemEcosystems: pypi
Packages: nicegui
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 12 days ago
Moderate
Ecosystems: pypi
Packages: magnum
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: 12 days ago
GSA_kwCzR0hTQS1qeDd4LTlyOTgtaDV4cs4AA68u
OpenStack magnum vulnerable to time-of-check to time-of-use (TOCTOU) attackEcosystems: pypi
Packages: magnum
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: 12 days ago
Moderate
Ecosystems: pypi
Packages: idna
Source: GitHub Advisory Database
Blast Radius: 34.8
Published: 13 days ago
GSA_kwCzR0hTQS1qamc3LTJ2NHYteDM4aM4AA670
Internationalized Domain Names in Applications (IDNA) vulnerable to denial of service from specially crafted inputs to idna.encodeEcosystems: pypi
Packages: idna
Source: GitHub Advisory Database
Blast Radius: 34.8
Published: 13 days ago
Moderate
Ecosystems: pypi
Packages: dnspython, eventlet
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: 13 days ago
GSA_kwCzR0hTQS0zcnE1LTJnOGgtNTloY84AA67c
Potential DoS via the Tudoor mechanism in eventlet and dnspythonEcosystems: pypi
Packages: dnspython, eventlet
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: 13 days ago
High
Ecosystems: pypi
Packages: aim
Source: GitHub Advisory Database
Blast Radius: 18.8
Published: 14 days ago
GSA_kwCzR0hTQS05OXcyLTY3aDgtNTk0OM4AA64t
Aim Cross-Site Request Forgery vulnerability allows user to delete runs and perform other operationsEcosystems: pypi
Packages: aim
Source: GitHub Advisory Database
Blast Radius: 18.8
Published: 14 days ago
Critical
Ecosystems: pypi
Packages: litellm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
GSA_kwCzR0hTQS00NmNtLXBmd3YtY2dmOM4AA64p
LiteLLM has Server-Side Template Injection vulnerability in /completions endpointEcosystems: pypi
Packages: litellm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Critical
Ecosystems: pypi
Packages: aim
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: 14 days ago
GSA_kwCzR0hTQS1teHZ3LWNqMzctOGcyaM4AA64v
Aim Web API vulnerable to Remote Code ExecutionEcosystems: pypi
Packages: aim
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: 14 days ago
Low
Ecosystems: pypi
Packages: transformers
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: 14 days ago
GSA_kwCzR0hTQS0zN3E1LXY1cW0tYzl2OM4AA649
Transformers Deserialization of Untrusted Data vulnerabilityEcosystems: pypi
Packages: transformers
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: 14 days ago
High
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: 14 days ago
GSA_kwCzR0hTQS0zZjk1LW14cTItMmY2M84AA64H
Gradio Local File Inclusion vulnerabilityEcosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: 14 days ago
Critical
Ecosystems: pypi
Packages: llama-index-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 14 days ago
GSA_kwCzR0hTQS13dnB4LWc0MjctcTl3Y84AA64y
llama-index-core Prompt Injection vulnerability leading to Arbitrary Code ExecutionEcosystems: pypi
Packages: llama-index-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 14 days ago
High
Ecosystems: pypi
Packages: yt-dlp
Source: GitHub Advisory Database
Blast Radius: 29.8
Published: 14 days ago
GSA_kwCzR0hTQS1oanE2LTUyZ3ctMmc3cM4AA63l
yt-dlp: `--exec` command injection when using `%q` in yt-dlp on Windows (Bypass of CVE-2023-40581)Ecosystems: pypi
Packages: yt-dlp
Source: GitHub Advisory Database
Blast Radius: 29.8
Published: 14 days ago
High
Ecosystems: pypi
Packages: DIRAC
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 15 days ago
GSA_kwCzR0hTQS12NmYzLWdoNWgtbXF3eM4AA6wV
DIRAC: Unauthorized users can read proxy contents during generationEcosystems: pypi
Packages: DIRAC
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 15 days ago
High
Ecosystems: pypi
Packages: ryu
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: 16 days ago
GSA_kwCzR0hTQS1wMjh4LWhqNjgtN3ZmcM4AA6ug
Ryu Infinite Loop vulnerabilityEcosystems: pypi
Packages: ryu
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: 16 days ago
Moderate
Ecosystems: pypi
Packages: pymongo
Source: GitHub Advisory Database
Blast Radius: 25.1
Published: 19 days ago
GSA_kwCzR0hTQS1jcjZmLWdmNXctdmhyY84AA6rV
PyMongo Out-of-bounds Read in the bson moduleEcosystems: pypi
Packages: pymongo
Source: GitHub Advisory Database
Blast Radius: 25.1
Published: 19 days ago
High
Ecosystems: pypi
Packages: pgadmin4
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 20 days ago
GSA_kwCzR0hTQS0yN2p4LWZmdzgteHJxds4AA6pB
pgAdmin Remote Code Execution (RCE) vulnerabilityEcosystems: pypi
Packages: pgadmin4
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 20 days ago
Moderate
Ecosystems: pypi
Packages: mobsf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 20 days ago
GSA_kwCzR0hTQS13cGZmLXdtODQteDVjeM4AA6o4
Mobile Security Framework (MobSF) vulnerable to SSRF in firebase database checkEcosystems: pypi
Packages: mobsf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 20 days ago
High
Ecosystems: pypi
Packages: voila
Source: GitHub Advisory Database
Blast Radius: 22.1
Published: 21 days ago
GSA_kwCzR0hTQS0ycTU5LWgyNGMtdzZmZ84AA6ks
Voilà Local file inclusionEcosystems: pypi
Packages: voila
Source: GitHub Advisory Database
Blast Radius: 22.1
Published: 21 days ago
Moderate
Ecosystems: pypi
Packages: pillow
Source: GitHub Advisory Database
Blast Radius: 33.2
Published: 22 days ago
GSA_kwCzR0hTQS00NHdtLWYyNDQteGhwM84AA6j6
Pillow buffer overflow vulnerabilityEcosystems: pypi
Packages: pillow
Source: GitHub Advisory Database
Blast Radius: 33.2
Published: 22 days ago
High
Ecosystems: pypi
Packages: piccolo-admin
Source: GitHub Advisory Database
Blast Radius: 8.0
Published: 23 days ago
GSA_kwCzR0hTQS1wbXd3LXY2YzktN3A4M84AA6gN
Piccolo Admin's raw SVG loading may lead to complete data compromise from admin pageEcosystems: pypi
Packages: piccolo-admin
Source: GitHub Advisory Database
Blast Radius: 8.0
Published: 23 days ago
High
Ecosystems: pypi, cargo
Packages: aliyundrive-webdav
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 26 days ago
GSA_kwCzR0hTQS03M3YyLXJ4cXAtN3E0Zs4AA6dc
aliyundrive-webdav vulnerable to Command InjectionEcosystems: pypi, cargo
Packages: aliyundrive-webdav
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 26 days ago
Moderate
Ecosystems: pypi
Packages: saleor
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: 27 days ago
GSA_kwCzR0hTQS1tcmozLWYyaDQtN3c0Nc4AA6av
Saleor: Customers' addresses leak when using Warehouse as a `Pickup: Local stock only` delivery methodEcosystems: pypi
Packages: saleor
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: 27 days ago
High
Ecosystems: pypi
Packages: jupyterhub
Source: GitHub Advisory Database
Blast Radius: 23.5
Published: 27 days ago
GSA_kwCzR0hTQS03cjNoLTRwaDgtdzM4Z84AA6at
Cross site scripting (XSS) in JupyterHub via Self-XSS leveraged by Cookie TossingEcosystems: pypi
Packages: jupyterhub
Source: GitHub Advisory Database
Blast Radius: 23.5
Published: 27 days ago
High
Ecosystems: pypi
Packages: Lektor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 29 days ago
GSA_kwCzR0hTQS13djI4LTdmcHctZmo0Oc4AA6Vg
Lektor does not sanitize database path traversalEcosystems: pypi
Packages: Lektor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 29 days ago
High
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 29.7
Published: 29 days ago
GSA_kwCzR0hTQS1yMzY0LW0yajktbWY0aM4AA6Un
gradio Server-Side Request Forgery vulnerabilityEcosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 29.7
Published: 29 days ago
Moderate
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: 29 days ago
GSA_kwCzR0hTQS1jZmYzLTVxcnAtaHF4N84AA6TU
Apache Airflow Improper Preservation of Permissions vulnerabilityEcosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: 29 days ago
Moderate
Ecosystems: pypi
Packages: langchain-core
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: 29 days ago
GSA_kwCzR0hTQS1xODRtLXJtdzMtNDM4Ms4AA6Si
LangChain's XMLOutputParser vulnerable to XML Entity ExpansionEcosystems: pypi
Packages: langchain-core
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: 29 days ago
Low
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 30 days ago
GSA_kwCzR0hTQS1tNzMyLXd2aDItN2NxNM4AA6R7
Unauthenticated views may expose information to anonymous usersEcosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 30 days ago
High
Ecosystems: pypi
Packages: ansys-geometry-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
GSA_kwCzR0hTQS0zOGpyLTI5Zmgtdzl2bc4AA6RX
ansys-geometry-core OS Command Injection vulnerabilityEcosystems: pypi
Packages: ansys-geometry-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 27.4
Published: about 1 month ago
GSA_kwCzR0hTQS1qd3JjLTN2M2YtNWNxNc4AA6Ph
PaddlePaddle allows arbitrary file read via paddle.vision.ops.read_fileEcosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 27.4
Published: about 1 month ago
High
Ecosystems: pypi
Packages: mobsfscan
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
GSA_kwCzR0hTQS13ZmdqLXdyZ2gtaDNyM84AA6PP
SSRF Vulnerability on assetlinks_check(act_name, well_knowns)Ecosystems: pypi
Packages: mobsfscan
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: about 1 month ago
GSA_kwCzR0hTQS0zeDlnLXhmajUtZnE4NM4AA6Nf
Cross-Site Request Forgery in GradioEcosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: about 1 month ago
High
Ecosystems: pypi
Packages: esphome
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: about 1 month ago
GSA_kwCzR0hTQS01OTI1LTg4eGgtNmg5Oc4AA6NN
ESPHome vulnerable to Authentication bypass via Cross site request forgeryEcosystems: pypi
Packages: esphome
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: about 1 month ago
High
Ecosystems: pypi
Packages: oauthenticator
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: about 1 month ago
GSA_kwCzR0hTQS01NW0zLTQ0eGYtaGc0aM4AA6LI
GoogleOAuthenticator.hosted_domain incorrectly verifies membership of an Google organization/workspaceEcosystems: pypi
Packages: oauthenticator
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: about 1 month ago
Moderate
Ecosystems: pypi
Packages: qiskit-ibm-runtime
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 1 month ago
GSA_kwCzR0hTQS14NHg1LWp2M3gtOWM3bc4AA6LF
`qiskit_ibm_runtime.RuntimeDecoder` can execute arbitrary codeEcosystems: pypi
Packages: qiskit-ibm-runtime
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 1 month ago
Low
Ecosystems: pypi
Packages: qiskit-ibm-runtime
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: about 1 month ago
GSA_kwCzR0hTQS1jcTk2LTk5NzQtdjhobc4AA6LE
Dynamic Variable Evaluation in qiskit-ibm-runtimeEcosystems: pypi
Packages: qiskit-ibm-runtime
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: about 1 month ago
Critical
Ecosystems: pypi
Packages: jupyter-server-proxy
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: about 1 month ago
GSA_kwCzR0hTQS13M3ZjLWZ4OXAtd3A0ds4AA6JP
Jupyter Server Proxy's Websocket Proxying does not require authenticationEcosystems: pypi
Packages: jupyter-server-proxy
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: about 1 month ago
Moderate
Ecosystems: pypi
Packages: black
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: about 1 month ago
GSA_kwCzR0hTQS1majd4LXE5ajctZzZxNs4AA6He
Black vulnerable to Regular Expression Denial of Service (ReDoS)Ecosystems: pypi
Packages: black
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: about 1 month ago
High
Ecosystems: pypi
Packages: wiki
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: about 1 month ago
GSA_kwCzR0hTQS13ajg1LXc0ZjQteGg4aM4AA6Gp
Denial of service via regular expressionEcosystems: pypi
Packages: wiki
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: about 1 month ago
Moderate
Ecosystems: pypi
Packages: OctoPrint
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: about 1 month ago
GSA_kwCzR0hTQS14N21mLXdyaDktcjc2Y84AA6Gj
XSS via the "Snapshot Test" feature in Classic Webcam plugin settingsEcosystems: pypi
Packages: OctoPrint
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: about 1 month ago
High
Ecosystems: pypi
Packages: astropy
Source: GitHub Advisory Database
Blast Radius: 34.0
Published: about 1 month ago
GSA_kwCzR0hTQS1oMng2LTVqeDUtNDZoZs4AA6Gg
RCE in TranformGraph().to_dot_graph functionEcosystems: pypi
Packages: astropy
Source: GitHub Advisory Database
Blast Radius: 34.0
Published: about 1 month ago
Moderate
Ecosystems: pypi
Packages: yaql
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
GSA_kwCzR0hTQS1tdmY2LWh3eGgtN3Y3Ns4AA6Eg
Information leakage in YAQLEcosystems: pypi
Packages: yaql
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
Ecosystems: pypi
Packages: djangorestframework-simplejwt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
GSA_kwCzR0hTQS01dmNjLTg2d20tNTQ3cc4AA6DQ
Improper Privilege Management in djangorestframework-simplejwtEcosystems: pypi
Packages: djangorestframework-simplejwt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Low
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
GSA_kwCzR0hTQS12bThxLW01N2ctcGZmM84AA6CU
Regular expression denial-of-service in DjangoEcosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Low
Ecosystems: pypi
Packages: fgr
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
GSA_kwCzR0hTQS04NzlwLThndzQtbWNwd84AA6CK
fgr Vulnerable to Insecure Default Variable InitializationEcosystems: pypi
Packages: fgr
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: about 1 month ago
GSA_kwCzR0hTQS01aDN4LTZnd2YtNzNqbc4AA6B2
vantage6 vulnerable to a username timing attack on recover password/MFA tokenEcosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: about 1 month ago
Moderate
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: about 1 month ago
GSA_kwCzR0hTQS00OTQ2LTg1cHItZnZ4aM4AA6B1
vantage6's CORS settings overly permissiveEcosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: about 1 month ago
Moderate
Ecosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
GSA_kwCzR0hTQS1waGc2LTQ0bTctaHgzaM4AA6AX
Whoogle Search Cross-site Scripting vulnerabilityEcosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Critical
Ecosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
GSA_kwCzR0hTQS0zcTZnLXFtcHgtcnF3NM4AA6AY
Whoogle Search Server-Side Request Forgery vulnerabilityEcosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
Ecosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
GSA_kwCzR0hTQS1oaDJxLXF2NjYtamNxZ84AA6AZ
Whoogle Search Path Traversal vulnerabilityEcosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Critical
Ecosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
GSA_kwCzR0hTQS1xOTdnLWMyOWgteDJwN84AA6Ab
Whoogle Search Path Traversal vulnerabilityEcosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
GSA_kwCzR0hTQS1oNTc0LTY2NDYtdmZ4eM4AA6AB
Apache Airflow: Ignored Airflow PermissionEcosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
Ecosystems: pypi
Packages: aiosmtpd
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: about 1 month ago
GSA_kwCzR0hTQS1wcjJtLXB4N2oteGc2Nc4AA584
aiosmtpd vulnerable to SMTP smugglingEcosystems: pypi
Packages: aiosmtpd
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: about 1 month ago
Moderate
Ecosystems: pypi
Packages: ckan
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 1 month ago
GSA_kwCzR0hTQS04ZzM4LTNtNnYtMjMyas4AA58k
Potential log injection in reset user endpoint in CKANEcosystems: pypi
Packages: ckan
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 1 month ago
High
Ecosystems: pypi
Packages: mssql-django
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: about 1 month ago
GSA_kwCzR0hTQS12bXF2LTQ3ajgtZ3d2OM4AA57r
Remote Code Execution Vulnerability in Microsoft Django Backend for SQL ServerEcosystems: pypi
Packages: mssql-django
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: about 1 month ago
High
Ecosystems: pypi
Packages: weasyprint
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: about 2 months ago
GSA_kwCzR0hTQS0zNWpqLXd4NDctNHc4cs4AA52-
WeasyPrint allows the attachment of arbitrary files and URLs to a PDFEcosystems: pypi
Packages: weasyprint
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: about 2 months ago
Moderate
Ecosystems: pypi
Packages: libosdp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
GSA_kwCzR0hTQS14aGp3LTd2aDUtcXhxbc4AA522
LibOSDP RMAC revert to the beginning of the sessionEcosystems: pypi
Packages: libosdp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
Ecosystems: pypi
Packages: libosdp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
GSA_kwCzR0hTQS03OTQ1LTVtY3YtZjJwcM4AA521
LibOSDP vulnerable to a null pointer deref in osdp_reply_nameEcosystems: pypi
Packages: libosdp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
Ecosystems: pypi
Packages: django-markdownx
Source: GitHub Advisory Database
Blast Radius: 14.9
Published: about 2 months ago
GSA_kwCzR0hTQS1mdng4LTc5aHgteDgyZs4AA520
Django MarkdownX Cross-Site Scripting (XSS) vulnerabilityEcosystems: pypi
Packages: django-markdownx
Source: GitHub Advisory Database
Blast Radius: 14.9
Published: about 2 months ago
Critical
Ecosystems: pypi
Packages: pgAdmin4
Source: GitHub Advisory Database
Blast Radius: 17.1
Published: about 2 months ago
GSA_kwCzR0hTQS1yajk4LWNyZjQtZzY5d84AA51E
pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated userEcosystems: pypi
Packages: pgAdmin4
Source: GitHub Advisory Database
Blast Radius: 17.1
Published: about 2 months ago
Critical
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 30.4
Published: about 2 months ago
GSA_kwCzR0hTQS0ycnA4LWhmZjktYzV3cs4AA50x
PaddlePaddle Path Traversal vulnerabilityEcosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 30.4
Published: about 2 months ago
Critical
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: about 2 months ago
GSA_kwCzR0hTQS1tcm1tLXFtcmoteGdwNs4AA50i
PaddlePaddle vulnerable to remote code executionEcosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: about 2 months ago
Critical
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: about 2 months ago
GSA_kwCzR0hTQS1xcXYyLTM1cTgtcDJnMs4AA50P
PaddlePaddle command injection in paddle.utils.download._wget_downloadEcosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: about 2 months ago
Critical
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: about 2 months ago
GSA_kwCzR0hTQS1maDU0LTN2aGctbXBjMs4AA5z7
PaddlePaddle command injection vulnerabilityEcosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: about 2 months ago
Moderate
Ecosystems: pypi
Packages: jwcrypto
Source: GitHub Advisory Database
Blast Radius: 22.4
Published: about 2 months ago
GSA_kwCzR0hTQS1qODU3LTdydnYtdmo5N84AA5zv
JWCrypto vulnerable to JWT bomb Attack in `deserialize` functionEcosystems: pypi
Packages: jwcrypto
Source: GitHub Advisory Database
Blast Radius: 22.4
Published: about 2 months ago
High
Ecosystems: pypi
Packages: rpyc
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: about 2 months ago
GSA_kwCzR0hTQS1oNWNnLTUzZzctZ3Fqd84AA5zS
RPyC's missing security check results in code execution when using numpy.array on the server-side.Ecosystems: pypi
Packages: rpyc
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: about 2 months ago
Moderate
Ecosystems: pypi
Packages: esphome
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: about 2 months ago
GSA_kwCzR0hTQS05cDQzLWhqNWotOTZoNc4AA5zH
esphome vulnerable to stored Cross-site Scripting in edit configuration file APIEcosystems: pypi
Packages: esphome
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: about 2 months ago
Moderate
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS14ZzVwLTh3ZzUtcmh4bc4AA5yI
Phone information disclosure vulnerabilityEcosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
Ecosystems: pypi
Packages: eth-abi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS0zcXdjLTQ3amYtNXJmN84AA5xT
eth-abi is vulnerable to recursive DoSEcosystems: pypi
Packages: eth-abi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Low
Ecosystems: pypi
Packages: langchain-core, langchain
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS1oNTl4LXA3MzktOTgyY84AA5ue
LangChain directory traversal vulnerabilityEcosystems: pypi
Packages: langchain-core, langchain
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
High
Ecosystems: pypi
Packages: esphome
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: about 2 months ago
GSA_kwCzR0hTQS04cDI1LTNxNDYtOHEycM4AA5sM
ESPHome vulnerable to remote code execution via arbitrary file writeEcosystems: pypi
Packages: esphome
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: about 2 months ago
Moderate
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS02eHdmLXh2ZjMtdjQ1Oc4AA5rU
Apache Airflow: Incorrect Default Permissions in audit logs for Ops and Viewers usersEcosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
Ecosystems: pypi
Packages: docassemble.webapp
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: about 2 months ago
GSA_kwCzR0hTQS1wY2Z4LWcyajItZjZmNs4AA5qg
Docassemble HTML and javascript injectionEcosystems: pypi
Packages: docassemble.webapp
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: about 2 months ago
Moderate
Ecosystems: pypi
Packages: docassemble.webapp
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: about 2 months ago
GSA_kwCzR0hTQS03d3hmLXIycXYtOXh3cs4AA5qf
Docassemble open redirectEcosystems: pypi
Packages: docassemble.webapp
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: about 2 months ago
High
Ecosystems: pypi
Packages: docassemble.base, docassemble.webapp
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 2 months ago
GSA_kwCzR0hTQS1qcTU3LTN3N3Atdnd2ds4AA5qh
Docassemble unauthorized access through URL manipulationEcosystems: pypi
Packages: docassemble.base, docassemble.webapp
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 2 months ago
Moderate
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS02djZ3LWg4bTYtN212Ms4AA5qK
Apache Airflow: DAG Code and Import Error Permissions IgnoredEcosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
Ecosystems: pypi
Packages: Mezzanine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS0yMmNjLXc3eG0tcmZoeM4AA5l7
Mezzanine allows attackers to bypass access controls via manipulating the Host headerEcosystems: pypi
Packages: Mezzanine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
Ecosystems: pypi
Packages: Mezzanine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS1xcDU2LTgydnAteHFnds4AA5l8
Mezzanine allows attackers to bypass access control mechanismsEcosystems: pypi
Packages: Mezzanine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Statistics
Advisories: 17,930
Packages: 8,207
Repositories: 730
Ecosystems: 12
Packages: 8,207
Repositories: 730
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
tensorflow
432
tensorflow-cpu
387
tensorflow-gpu
384
django
80
apache-airflow
78
ansible
63
apache-superset
48
rdiffweb
42
plone
42
Pillow
41
salt
38
Plone
36
matrix-synapse
35
vyper
32
opencv-python
30
mlflow
30
opencv-contrib-python
30
Django
21
langchain
18
PaddlePaddle
17
cobbler
17
paddlepaddle
15
cryptography
15
pillow
15
notebook
15
modoboa
14
gradio
14
pyload-ng
13
pyftpdlib
13
nova
13
OctoPrint
12
neutron
12
keystone
12
vantage6
12
onionshare-cli
11
twisted
11
calibreweb
11
glance
11
urllib3
11
Flask-AppBuilder
10
aiohttp
10
moin
9
ethyca-fides
9
kiwitcms
9
Zope
9
wagtail
9
opencv-python-headless
9
waitress
9
opencv-contrib-python-headless
9
zope
9
aubio
8
label-studio
8
numpy
8
matrix-sydent
7
jupyter-server
7
python-keystoneclient
7
pysaml2
7
nautobot
7
scrapy
7
swift
7
pip
7
lief
7
graphite-web
6
tuf
6
sentry
6
lxml
6
ipython
6
pgadmin4
6
Zope2
6
apache-airflow-providers-apache-hive
6
mindsdb
6
web2py
6
mailman
6
inventree
6
feedparser
5
lmdb
5
trytond
5
paramiko
5
bleach
5
requests
5
python-gnupg
5
pyspark
5
roundup
5
Products.CMFPlone
5
ckan
5
whoogle-search
5
horizon
5
saleor
5
datasette
4
ansible-core
4
httpie
4
oauthenticator
4
werkzeug
4
starlette
4
bottle
4
grpcio
4
grpc
4
reportlab
4
jupyterhub
4
yt-dlp
4
nvflare
4
nltk
4
Jinja2
4
pretix
4
markdown2
4
transformers
4
GitPython
4
qutebrowser
4
FreeTAKServer-UI
4
keylime
4
buildbot
4
Flask-Security-Too
4
software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
4
aws-iot-device-sdk-v2
4
awsiotsdk
4
esphome
4
omero-web
4
PyPDF2
4
Pygments
4
pyyaml
3
aim
3
rsa
3
flask
3
ecdsa
3
tripleo-heat-templates
3
indy-node
3
apache-airflow-providers-apache-spark
3
bitlyshortener
3
indico
3
gerapy
3
torchserve
3
pywasm3
3
protobuf
3
sickrage
3
Weblate
3
ujson
3
keyring
3
apache-libcloud
3
wger
3
ansible-runner
3
asyncua
3
pandasai
3
onnx
3
mayan-edms
3
apache-iotdb
3
sanic
3
mistune
3
zenml
3
poetry
3
copyparty
3
Werkzeug
3
asyncssh
3
ray
3
fava
3
jwcrypto
3
mitmproxy
3
django-helpdesk
3
plone.supermodel
3
Products.PluggableAuthService
3
localstack
3
plone.app.dexterity
3
plone.app.event
3
ryu
3
jupyterlab
3
slixmpp
3
tornado
3
streamlit
3
cinder
3
io.grpc:grpc-protobuf
3
clearml
3
barbican
3
docassemble.webapp
3
sqlparse
3
openvpn-monitor
3
quokka
3
Keystone
3
pyarrow
3
plone.app.theming
3
tlslite-ng
2
aws-encryption-sdk-cli
2
ctx
2
cabot
2
aiohttp-session
2
pyxdg
2
pyopenssl
2
keystonemiddleware
2
flaskcode
2
snowflake-connector-python
2
wasm3
2
zope2
2
apache-airflow-providers-apache-drill
2
dtale
2
python-cjson
2
openapi-python-client
2
Products.CMFCore
2
scancodeio
2
ubi-reader
2
tripleo-ansible
2
wagtail-2fa
2
mobsf
2
Filter by Repository
https://github.com/tensorflow/tensorflow
432
https://github.com/apache/airflow
90
https://github.com/django/django
72
https://github.com/ansible/ansible
53
https://github.com/python-pillow/Pillow
51
https://github.com/ikus060/rdiffweb
42
https://github.com/plone/Products.CMFPlone
36
https://github.com/vyperlang/vyper
32
https://github.com/matrix-org/synapse
32
https://github.com/PaddlePaddle/Paddle
31
https://github.com/opencv/opencv
28
https://github.com/mlflow/mlflow
25
https://github.com/saltstack/salt
25
https://github.com/langchain-ai/langchain
14
https://github.com/cobbler/cobbler
14
https://github.com/vantage6/vantage6
14
https://github.com/pyca/cryptography
14
https://github.com/pyload/pyload
13
https://github.com/gradio-app/gradio
13
https://github.com/modoboa/modoboa
13
https://github.com/twisted/twisted
12
https://github.com/janeczku/calibre-web
11
https://github.com/urllib3/urllib3
11
https://github.com/onionshare/onionshare
11
https://github.com/jupyter/notebook
10
https://github.com/dpgaspar/Flask-AppBuilder
10
https://github.com/zopefoundation/Zope
10
https://github.com/openstack/keystone
10
https://github.com/aio-libs/aiohttp
10
https://github.com/ethyca/fides
9
https://github.com/wagtail/wagtail
9
https://github.com/apache/superset
9
https://github.com/Pylons/waitress
9
https://github.com/scrapy/scrapy
8
https://github.com/giampaolo/pyftpdlib
8
https://github.com/octoprint/octoprint
8
https://github.com/kiwitcms/Kiwi
8
https://github.com/numpy/numpy
8
https://github.com/aubio/aubio
7
https://github.com/nautobot/nautobot
7
https://github.com/ipython/ipython
7
https://github.com/lief-project/LIEF
7
https://github.com/pgadmin-org/pgadmin4
7
https://github.com/mindsdb/mindsdb
6
https://github.com/lxml/lxml
6
https://github.com/getsentry/sentry
6
https://github.com/graphite-project/graphite-web
6
https://github.com/pypa/pip
6
https://github.com/jupyter-server/jupyter_server
6
https://github.com/matrix-org/sydent
6
https://github.com/HumanSignal/label-studio
6
https://github.com/pallets/werkzeug
5
https://github.com/mozilla/bleach
5
https://github.com/OctoPrint/OctoPrint
5
https://github.com/keylime/keylime
5
https://github.com/gitpython-developers/GitPython
5
https://github.com/benbusby/whoogle-search
5
https://github.com/hwchase17/langchain
5
https://github.com/TeamSeri0us/pocs
5
https://github.com/openstack/neutron
4
https://github.com/inventree/InvenTree
4
https://github.com/openstack/horizon
4
https://github.com/jhpyle/docassemble
4
https://github.com/py-pdf/pypdf
4
https://github.com/esphome/esphome
4
https://sourceforge.net/projects/sourceforge.net
4
https://github.com/simonw/datasette
4
https://github.com/FreeTAKTeam/UI
4
https://github.com/Flask-Middleware/flask-security
4
https://github.com/NVIDIA/NVFlare
4
https://github.com/aws/aws-iot-device-sdk-java-v2
4
https://github.com/yt-dlp/yt-dlp
4
https://github.com/ronf/asyncssh
4
https://github.com/rohe/pysaml2
4
https://github.com/psf/requests
4
https://github.com/bottlepy/bottle
4
https://github.com/saleor/saleor
4
https://github.com/grpc/grpc
4
https://github.com/ckan/ckan
4
https://github.com/qutebrowser/qutebrowser
4
https://github.com/huggingface/transformers
4
https://github.com/web2py/web2py
4
https://github.com/WeblateOrg/weblate
4
https://github.com/jupyterhub/oauthenticator
4
https://github.com/pretix/pretix
3
https://github.com/poezio/slixmpp
3
https://github.com/rochacbruno/quokka
3
https://github.com/ome/omero-web
3
https://github.com/python/cpython
3
https://github.com/paramiko/paramiko
3
https://github.com/django-helpdesk/django-helpdesk
3
https://github.com/onnx/onnx
3
https://github.com/pallets/jinja
3
https://github.com/Cog-Creators/Red-DiscordBot
3
https://github.com/run-llama/llama_index
3
https://github.com/encode/starlette
3
https://github.com/pyca/pyopenssl
3
https://github.com/beancount/fava
3
https://github.com/openstack/glance
3
https://github.com/pallets/flask
3
https://github.com/pytorch/serve
3
https://github.com/djblets/djblets
3
https://github.com/pygments/pygments
3
https://github.com/openstack/swift
3
https://github.com/openstack/python-keystoneclient
3
https://github.com/openstack/nova
3
https://github.com/pypa/advisory-db
3
https://github.com/lepture/mistune
3
https://github.com/mitmproxy/mitmproxy
3
https://github.com/andialbrecht/sqlparse
3
https://github.com/impredicative/bitlyshortener
3
https://github.com/jupyterlab/jupyterlab
3
https://github.com/Gerapy/Gerapy
3
https://github.com/theupdateframework/python-tuf
3
https://github.com/zenml-io/zenml
3
https://github.com/theupdateframework/tuf
3
https://github.com/github/securitylab
3
https://github.com/9001/copyparty
3
https://github.com/yaml/pyyaml
3
https://github.com/IdentityPython/pysaml2
3
https://github.com/tornadoweb/tornado
3
https://github.com/hyperledger/indy-node
3
https://github.com/gventuri/pandas-ai
3
https://github.com/ansible/ansible-runner
3
https://github.com/trentm/python-markdown2
3
https://github.com/furlongm/openvpn-monitor
3
https://github.com/MobSF/Mobile-Security-Framework-MobSF
3
https://github.com/indico/indico
3
https://github.com/moinwiki/moin-1.9
3
https://github.com/wasm3/wasm3
3
https://github.com/streamlit/streamlit
3
https://github.com/jupyterhub/jupyterhub
3
https://github.com/latchset/jwcrypto
3
https://github.com/nltk/nltk
3
https://github.com/faucetsdn/ryu
3
https://gitlab.com/mayan-edms/mayan-edms
3
https://github.com/petl-developers/petl
2
https://github.com/piccolo-orm/piccolo
2
https://github.com/DataDog/guarddog
2
https://github.com/Kozea/CairoSVG
2
https://github.com/dbt-labs/dbt-core
2
https://github.com/plone/plone.restapi
2
https://github.com/plone/Products.ATContentTypes
2
https://github.com/Kozea/Radicale
2
https://github.com/dask/distributed
2
https://github.com/pretalx/pretalx
2
https://github.com/protocolbuffers/protobuf
2
https://github.com/cure53/DOMPurify
2
https://github.com/IncludeSecurity/safeurl-python
2
https://github.com/pyinstaller/pyinstaller
2
https://github.com/jupyterhub/jupyter-server-proxy
2
https://github.com/jrspruitt/ubi_reader
2
https://github.com/jpadilla/pyjwt
2
https://github.com/inventree/inventree
2
https://github.com/pytest-dev/py
2
https://github.com/jdennis/keycloak-httpd-client-install
2
https://github.com/jaraco/keyring
2
https://github.com/eventlet/eventlet
2
https://github.com/executablebooks/markdown-it-py
2
https://github.com/facebookresearch/ParlAI
2
https://github.com/NVIDIA/NeMo
2
https://github.com/ethereum/eth-abi
2
https://github.com/nexB/scancode.io
2
https://github.com/FreeOpcUa/opcua-asyncio
2
https://github.com/FreeTAKTeam/FreeTakServer
2
https://github.com/mongodb/mongo-python-driver
2
https://github.com/moggers87/django-sendfile2
2
https://github.com/encode/uvicorn
2
https://github.com/embedchain/embedchain
2
https://github.com/mirumee/saleor
2
https://github.com/MirahezeBots/sopel-channelmgnt
2
https://github.com/geopython/OWSLib
2
https://github.com/openstack/magnum
2
https://github.com/materialsproject/pymatgen
2
https://github.com/marshmallow-code/webargs
2
https://github.com/goToMain/libosdp
2
https://github.com/dlitz/pycrypto
2
https://github.com/OpenZeppelin/cairo-contracts
2
https://github.com/django-wiki/django-wiki
2
https://github.com/man-group/dtale
2
https://github.com/heartexlabs/label-studio
2
https://github.com/home-assistant/core
2
https://github.com/html5lib/html5lib-python
2
https://github.com/Legrandin/pycryptodome
2
https://github.com/httpie/httpie
2
https://github.com/httplib2/httplib2
2
https://github.com/labd/wagtail-2fa
2
https://github.com/DIRACGrid/DIRAC
2
https://github.com/dgtlmoon/changedetection.io
2
https://github.com/triaxtec/openapi-python-client
2
https://github.com/benoitc/gunicorn
2
https://github.com/tryton/trytond
2
https://github.com/scipy/scipy
2
https://github.com/savon-noir/python-libnmap
2
https://github.com/SAP/cloud-pysec
2
https://github.com/sanic-org/sanic
2
https://github.com/ultrajson/ultrajson
2
https://github.com/alex/rply
2
https://github.com/buildbot/buildbot
2