Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
pypi Security Advisories
Loading...
High
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 27.4
Published: about 2 months ago
GSA_kwCzR0hTQS1qd3JjLTN2M2YtNWNxNc4AA6Ph
PaddlePaddle allows arbitrary file read via paddle.vision.ops.read_fileEcosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 27.4
Published: about 2 months ago
High
Ecosystems: pypi
Packages: mobsfscan
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS13ZmdqLXdyZ2gtaDNyM84AA6PP
SSRF Vulnerability on assetlinks_check(act_name, well_knowns)Ecosystems: pypi
Packages: mobsfscan
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: about 2 months ago
GSA_kwCzR0hTQS0zeDlnLXhmajUtZnE4NM4AA6Nf
Cross-Site Request Forgery in GradioEcosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: about 2 months ago
High
Ecosystems: pypi
Packages: esphome
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: about 2 months ago
GSA_kwCzR0hTQS01OTI1LTg4eGgtNmg5Oc4AA6NN
ESPHome vulnerable to Authentication bypass via Cross site request forgeryEcosystems: pypi
Packages: esphome
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: about 2 months ago
High
Ecosystems: pypi
Packages: oauthenticator
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: about 2 months ago
GSA_kwCzR0hTQS01NW0zLTQ0eGYtaGc0aM4AA6LI
GoogleOAuthenticator.hosted_domain incorrectly verifies membership of an Google organization/workspaceEcosystems: pypi
Packages: oauthenticator
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: about 2 months ago
Moderate
Ecosystems: pypi
Packages: qiskit-ibm-runtime
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 2 months ago
GSA_kwCzR0hTQS14NHg1LWp2M3gtOWM3bc4AA6LF
`qiskit_ibm_runtime.RuntimeDecoder` can execute arbitrary codeEcosystems: pypi
Packages: qiskit-ibm-runtime
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 2 months ago
Low
Ecosystems: pypi
Packages: qiskit-ibm-runtime
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: about 2 months ago
GSA_kwCzR0hTQS1jcTk2LTk5NzQtdjhobc4AA6LE
Dynamic Variable Evaluation in qiskit-ibm-runtimeEcosystems: pypi
Packages: qiskit-ibm-runtime
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: about 2 months ago
Critical
Ecosystems: pypi
Packages: jupyter-server-proxy
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: about 2 months ago
GSA_kwCzR0hTQS13M3ZjLWZ4OXAtd3A0ds4AA6JP
Jupyter Server Proxy's Websocket Proxying does not require authenticationEcosystems: pypi
Packages: jupyter-server-proxy
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: about 2 months ago
Moderate
Ecosystems: pypi
Packages: black
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: about 2 months ago
GSA_kwCzR0hTQS1majd4LXE5ajctZzZxNs4AA6He
Black vulnerable to Regular Expression Denial of Service (ReDoS)Ecosystems: pypi
Packages: black
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: about 2 months ago
High
Ecosystems: pypi
Packages: wiki
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: 2 months ago
GSA_kwCzR0hTQS13ajg1LXc0ZjQteGg4aM4AA6Gp
Denial of service via regular expressionEcosystems: pypi
Packages: wiki
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: 2 months ago
Moderate
Ecosystems: pypi
Packages: OctoPrint
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: 2 months ago
GSA_kwCzR0hTQS14N21mLXdyaDktcjc2Y84AA6Gj
XSS via the "Snapshot Test" feature in Classic Webcam plugin settingsEcosystems: pypi
Packages: OctoPrint
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: 2 months ago
High
Ecosystems: pypi
Packages: astropy
Source: GitHub Advisory Database
Blast Radius: 34.0
Published: 2 months ago
GSA_kwCzR0hTQS1oMng2LTVqeDUtNDZoZs4AA6Gg
RCE in TranformGraph().to_dot_graph functionEcosystems: pypi
Packages: astropy
Source: GitHub Advisory Database
Blast Radius: 34.0
Published: 2 months ago
Moderate
Ecosystems: pypi
Packages: yaql
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
GSA_kwCzR0hTQS1tdmY2LWh3eGgtN3Y3Ns4AA6Eg
Information leakage in YAQLEcosystems: pypi
Packages: yaql
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
Ecosystems: pypi
Packages: djangorestframework-simplejwt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
GSA_kwCzR0hTQS01dmNjLTg2d20tNTQ3cc4AA6DQ
Improper Privilege Management in djangorestframework-simplejwtEcosystems: pypi
Packages: djangorestframework-simplejwt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Low
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
GSA_kwCzR0hTQS12bThxLW01N2ctcGZmM84AA6CU
Regular expression denial-of-service in DjangoEcosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Low
Ecosystems: pypi
Packages: fgr
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
GSA_kwCzR0hTQS04NzlwLThndzQtbWNwd84AA6CK
fgr Vulnerable to Insecure Default Variable InitializationEcosystems: pypi
Packages: fgr
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: 2 months ago
GSA_kwCzR0hTQS01aDN4LTZnd2YtNzNqbc4AA6B2
vantage6 vulnerable to a username timing attack on recover password/MFA tokenEcosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: 2 months ago
Moderate
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: 2 months ago
GSA_kwCzR0hTQS00OTQ2LTg1cHItZnZ4aM4AA6B1
vantage6's CORS settings overly permissiveEcosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: 2 months ago
Critical
Ecosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
GSA_kwCzR0hTQS0zcTZnLXFtcHgtcnF3NM4AA6AY
Whoogle Search Server-Side Request Forgery vulnerabilityEcosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
Ecosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
GSA_kwCzR0hTQS1oaDJxLXF2NjYtamNxZ84AA6AZ
Whoogle Search Path Traversal vulnerabilityEcosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
Ecosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
GSA_kwCzR0hTQS1waGc2LTQ0bTctaHgzaM4AA6AX
Whoogle Search Cross-site Scripting vulnerabilityEcosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Critical
Ecosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
GSA_kwCzR0hTQS1xOTdnLWMyOWgteDJwN84AA6Ab
Whoogle Search Path Traversal vulnerabilityEcosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
GSA_kwCzR0hTQS1oNTc0LTY2NDYtdmZ4eM4AA6AB
Apache Airflow: Ignored Airflow PermissionEcosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
Ecosystems: pypi
Packages: aiosmtpd
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: 2 months ago
GSA_kwCzR0hTQS1wcjJtLXB4N2oteGc2Nc4AA584
aiosmtpd vulnerable to SMTP smugglingEcosystems: pypi
Packages: aiosmtpd
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: 2 months ago
Moderate
Ecosystems: pypi
Packages: ckan
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 2 months ago
GSA_kwCzR0hTQS04ZzM4LTNtNnYtMjMyas4AA58k
Potential log injection in reset user endpoint in CKANEcosystems: pypi
Packages: ckan
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 2 months ago
High
Ecosystems: pypi
Packages: mssql-django
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: 2 months ago
GSA_kwCzR0hTQS12bXF2LTQ3ajgtZ3d2OM4AA57r
Remote Code Execution Vulnerability in Microsoft Django Backend for SQL ServerEcosystems: pypi
Packages: mssql-django
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: 2 months ago
High
Ecosystems: pypi
Packages: weasyprint
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: 2 months ago
GSA_kwCzR0hTQS0zNWpqLXd4NDctNHc4cs4AA52-
WeasyPrint allows the attachment of arbitrary files and URLs to a PDFEcosystems: pypi
Packages: weasyprint
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: 2 months ago
Moderate
Ecosystems: pypi
Packages: libosdp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
GSA_kwCzR0hTQS14aGp3LTd2aDUtcXhxbc4AA522
LibOSDP RMAC revert to the beginning of the sessionEcosystems: pypi
Packages: libosdp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
Ecosystems: pypi
Packages: libosdp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
GSA_kwCzR0hTQS03OTQ1LTVtY3YtZjJwcM4AA521
LibOSDP vulnerable to a null pointer deref in osdp_reply_nameEcosystems: pypi
Packages: libosdp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
Ecosystems: pypi
Packages: django-markdownx
Source: GitHub Advisory Database
Blast Radius: 14.9
Published: 2 months ago
GSA_kwCzR0hTQS1mdng4LTc5aHgteDgyZs4AA520
Django MarkdownX Cross-Site Scripting (XSS) vulnerabilityEcosystems: pypi
Packages: django-markdownx
Source: GitHub Advisory Database
Blast Radius: 14.9
Published: 2 months ago
Critical
Ecosystems: pypi
Packages: pgAdmin4
Source: GitHub Advisory Database
Blast Radius: 17.1
Published: 2 months ago
GSA_kwCzR0hTQS1yajk4LWNyZjQtZzY5d84AA51E
pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated userEcosystems: pypi
Packages: pgAdmin4
Source: GitHub Advisory Database
Blast Radius: 17.1
Published: 2 months ago
Critical
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 30.4
Published: 2 months ago
GSA_kwCzR0hTQS0ycnA4LWhmZjktYzV3cs4AA50x
PaddlePaddle Path Traversal vulnerabilityEcosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 30.4
Published: 2 months ago
Critical
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: 2 months ago
GSA_kwCzR0hTQS1tcm1tLXFtcmoteGdwNs4AA50i
PaddlePaddle vulnerable to remote code executionEcosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: 2 months ago
Critical
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: 2 months ago
GSA_kwCzR0hTQS1xcXYyLTM1cTgtcDJnMs4AA50P
PaddlePaddle command injection in paddle.utils.download._wget_downloadEcosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: 2 months ago
Critical
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: 2 months ago
GSA_kwCzR0hTQS1maDU0LTN2aGctbXBjMs4AA5z7
PaddlePaddle command injection vulnerabilityEcosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: 2 months ago
Moderate
Ecosystems: pypi
Packages: jwcrypto
Source: GitHub Advisory Database
Blast Radius: 22.4
Published: 2 months ago
GSA_kwCzR0hTQS1qODU3LTdydnYtdmo5N84AA5zv
JWCrypto vulnerable to JWT bomb Attack in `deserialize` functionEcosystems: pypi
Packages: jwcrypto
Source: GitHub Advisory Database
Blast Radius: 22.4
Published: 2 months ago
High
Ecosystems: pypi
Packages: rpyc
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: 2 months ago
GSA_kwCzR0hTQS1oNWNnLTUzZzctZ3Fqd84AA5zS
RPyC's missing security check results in code execution when using numpy.array on the server-side.Ecosystems: pypi
Packages: rpyc
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: 2 months ago
Moderate
Ecosystems: pypi
Packages: esphome
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: 2 months ago
GSA_kwCzR0hTQS05cDQzLWhqNWotOTZoNc4AA5zH
esphome vulnerable to stored Cross-site Scripting in edit configuration file APIEcosystems: pypi
Packages: esphome
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: 2 months ago
Moderate
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
GSA_kwCzR0hTQS14ZzVwLTh3ZzUtcmh4bc4AA5yI
Phone information disclosure vulnerabilityEcosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
Ecosystems: pypi
Packages: eth-abi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
GSA_kwCzR0hTQS0zcXdjLTQ3amYtNXJmN84AA5xT
eth-abi is vulnerable to recursive DoSEcosystems: pypi
Packages: eth-abi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Low
Ecosystems: pypi
Packages: langchain-core, langchain
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
GSA_kwCzR0hTQS1oNTl4LXA3MzktOTgyY84AA5ue
LangChain directory traversal vulnerabilityEcosystems: pypi
Packages: langchain-core, langchain
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
Ecosystems: pypi
Packages: esphome
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 3 months ago
GSA_kwCzR0hTQS04cDI1LTNxNDYtOHEycM4AA5sM
ESPHome vulnerable to remote code execution via arbitrary file writeEcosystems: pypi
Packages: esphome
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
GSA_kwCzR0hTQS02eHdmLXh2ZjMtdjQ1Oc4AA5rU
Apache Airflow: Incorrect Default Permissions in audit logs for Ops and Viewers usersEcosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: docassemble.webapp
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: 3 months ago
GSA_kwCzR0hTQS1wY2Z4LWcyajItZjZmNs4AA5qg
Docassemble HTML and javascript injectionEcosystems: pypi
Packages: docassemble.webapp
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: docassemble.webapp
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: 3 months ago
GSA_kwCzR0hTQS03d3hmLXIycXYtOXh3cs4AA5qf
Docassemble open redirectEcosystems: pypi
Packages: docassemble.webapp
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: 3 months ago
High
Ecosystems: pypi
Packages: docassemble.base, docassemble.webapp
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 3 months ago
GSA_kwCzR0hTQS1qcTU3LTN3N3Atdnd2ds4AA5qh
Docassemble unauthorized access through URL manipulationEcosystems: pypi
Packages: docassemble.base, docassemble.webapp
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
GSA_kwCzR0hTQS02djZ3LWg4bTYtN212Ms4AA5qK
Apache Airflow: DAG Code and Import Error Permissions IgnoredEcosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: Mezzanine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
GSA_kwCzR0hTQS1xcDU2LTgydnAteHFnds4AA5l8
Mezzanine allows attackers to bypass access control mechanismsEcosystems: pypi
Packages: Mezzanine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: Mezzanine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
GSA_kwCzR0hTQS0yMmNjLXc3eG0tcmZoeM4AA5l7
Mezzanine allows attackers to bypass access controls via manipulating the Host headerEcosystems: pypi
Packages: Mezzanine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Critical
Ecosystems: pypi
Packages: Flask-AppBuilder
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: 3 months ago
GSA_kwCzR0hTQS1qMnB3LXZwNTUtZnFxas4AA5l1
Flask-AppBuilder vulnerable to incorrect authentication when using auth type OpenIDEcosystems: pypi
Packages: Flask-AppBuilder
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: Flask-AppBuilder
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: 3 months ago
GSA_kwCzR0hTQS1mcXhqLTQ2d2ctOXY4NM4AA5l0
Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS)Ecosystems: pypi
Packages: Flask-AppBuilder
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 3 months ago
GSA_kwCzR0hTQS0zdjlyLTg4NWotNzYyZ84AA5lb
Apache Superset: Improper authorization validation on dashboards and charts importEcosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 6.7
Published: 3 months ago
GSA_kwCzR0hTQS13cjZnLTl3Y3ItY21xas4AA5le
Apache Superset: Improper data authorization when creating a new datasetEcosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 6.7
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 3 months ago
GSA_kwCzR0hTQS1tNmptLTN2MzgtNzZqNM4AA5la
Apache Superset: Improper Neutralization of custom SQL on embedded contextEcosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: 3 months ago
GSA_kwCzR0hTQS01NDc0LWY3ZzUtMjczcc4AA5ld
Apache Superset: Improper validation of SQL statements allows for unauthorized access to dataEcosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 3 months ago
GSA_kwCzR0hTQS1oN3I2LThxbW0taGo1cs4AA5lZ
Apache Superset: Improper error handling on alertsEcosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
GSA_kwCzR0hTQS12ZjdqLWNtcmotcG1tbc4AA5iJ
ZenML Server Remote Privilege Escalation VulnerabilityEcosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: diffoscope
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
GSA_kwCzR0hTQS0zM3c2LWh2bXEtZ2g0eM4AA5g-
diffoscope Path Traversal vulnerabilityEcosystems: pypi
Packages: diffoscope
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 3 months ago
GSA_kwCzR0hTQS00aHdxLTRjcG0tOHZteM4AA5gr
Vyper's `extract32` can ready dirty memoryEcosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 3 months ago
Low
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 3 months ago
GSA_kwCzR0hTQS05cDhyLTR4cDQtZ3c1d84AA5gq
Vyper's `_abi_decode` vulnerable to Memory OverflowEcosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 3 months ago
Low
Ecosystems: pypi
Packages: pypop-genomics
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
GSA_kwCzR0hTQS1wNG01LTMycHItMmhxcs4AA5gm
PyPop C extensions possible vulnerability: missing arguments and redundant null pointersEcosystems: pypi
Packages: pypop-genomics
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: langchain-experimental
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
GSA_kwCzR0hTQS12OHZqLWN2MjctaGp2OM4AA5gM
LangChain Experimental vulnerable to arbitrary code executionEcosystems: pypi
Packages: langchain-experimental
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
Ecosystems: pypi
Packages: orjson
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: 3 months ago
GSA_kwCzR0hTQS1wd3IyLTR2MzYtNnFwcs4AA5gF
orjson does not limit recursion for deeply nested JSON documentsEcosystems: pypi
Packages: orjson
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: pretix
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
GSA_kwCzR0hTQS02NzJyLTk3cjctdngycc4AA5gJ
pretix mishandles file validationEcosystems: pypi
Packages: pretix
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: 3 months ago
GSA_kwCzR0hTQS1oOWo3LTV4dmMtcWhnNc4AA5fj
langchain Server-Side Request Forgery vulnerabilityEcosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: 3 months ago
High
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 3 months ago
GSA_kwCzR0hTQS02NzQ5LW01Y3AtNmNnN84AA5e2
Cross-site Scripting in MLFlowEcosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 3 months ago
High
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 3 months ago
GSA_kwCzR0hTQS0zdjc5LXE3cGgtajc1aM4AA5e3
MLFlow Cross-site Scripting vulnerability leads to client-side Remote Code ExecutionEcosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 3 months ago
High
Ecosystems: pypi
Packages: onnx
Source: GitHub Advisory Database
Blast Radius: 29.6
Published: 3 months ago
GSA_kwCzR0hTQS13aGg4LWZqZ2MtcXA3M84AA5ep
Onnx Directory Traversal vulnerabilityEcosystems: pypi
Packages: onnx
Source: GitHub Advisory Database
Blast Radius: 29.6
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: onnx
Source: GitHub Advisory Database
Blast Radius: 17.3
Published: 3 months ago
GSA_kwCzR0hTQS1oOHd2LTloOTYtbTRocs4AA5eq
Onnx Out-of-bounds Read vulnerabilityEcosystems: pypi
Packages: onnx
Source: GitHub Advisory Database
Blast Radius: 17.3
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 24.0
Published: 3 months ago
GSA_kwCzR0hTQS1obXg2LXI3NmMtODVnOc4AA5du
Gradio apps vulnerable to timing attacks to guess passwordEcosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 24.0
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: label-studio
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 3 months ago
GSA_kwCzR0hTQS02eHY5LTk1N2otcWZoZ84AA5dt
Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling configEcosystems: pypi
Packages: label-studio
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 3 months ago
High
Ecosystems: pypi
Packages: pypqc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
GSA_kwCzR0hTQS1yYzRwLXAzajktNjU3N84AA5ds
pypqc private key retrieval vulnerabilityEcosystems: pypi
Packages: pypqc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
Ecosystems: pypi
Packages: mjml
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 3 months ago
GSA_kwCzR0hTQS01NzhwLWZ4bW0tNjIyOc4AA5dr
Potentially untrusted input is rendered as HTML in final outputEcosystems: pypi
Packages: mjml
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 3 months ago
High
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 38.4
Published: 3 months ago
GSA_kwCzR0hTQS02dnF3LTN2NWotNTR4NM4AA5bN
cryptography NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash overrideEcosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 38.4
Published: 3 months ago
Critical
Ecosystems: pypi
Packages: pymatgen
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: 3 months ago
GSA_kwCzR0hTQS12Z3Y4LTVjcGotcWoyZs4AA5bL
pymatgen vulnerable to arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_stringEcosystems: pypi
Packages: pymatgen
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: 3 months ago
High
Ecosystems: pypi
Packages: cbor2
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 3 months ago
GSA_kwCzR0hTQS0zNzVnLTM5anEtdnE3bc4AA5Zw
Potential buffer overflow in CBOR2 decoderEcosystems: pypi
Packages: cbor2
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 3 months ago
High
Ecosystems: pypi
Packages: apache-airflow-providers-mongo
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
GSA_kwCzR0hTQS14NXBtLWgzM3EtY2pyd84AA5Zl
Improper Certificate Validation in apache airflow mongo hookEcosystems: pypi
Packages: apache-airflow-providers-mongo
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
Ecosystems: pypi
Packages: pyhtml2pdf
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 3 months ago
GSA_kwCzR0hTQS1wM3J2LXFqNTYtMmZxeM4AA5YM
Cross-site Scripting in Pyhtml2pdfEcosystems: pypi
Packages: pyhtml2pdf
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 3 months ago
Low
Ecosystems: pypi
Packages: tuf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
GSA_kwCzR0hTQS03N2hoLTQzY20tdjhqNs4AA5V2
tuf's Metadata API: Targets.get_delegated_role() is missing input validationEcosystems: pypi
Packages: tuf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
Ecosystems: pypi
Packages: scrapy
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 3 months ago
GSA_kwCzR0hTQS03ajdtLXY3bTMtanFtN84AA5Vh
Scrapy decompression bomb vulnerabilityEcosystems: pypi
Packages: scrapy
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 3 months ago
High
Ecosystems: pypi
Packages: scrapy
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 3 months ago
GSA_kwCzR0hTQS1jdzlqLXEzdmYtaHJyds4AA5Ui
Scrapy authorization header leakage on cross-domain redirectEcosystems: pypi
Packages: scrapy
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 3 months ago
High
Ecosystems: pypi
Packages: scrapy
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 3 months ago
GSA_kwCzR0hTQS1jYzY1LXh4dmYtZjdyOc4AA5UB
Scrapy vulnerable to ReDoS via XMLFeedSpiderEcosystems: pypi
Packages: scrapy
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 3 months ago
High
Ecosystems: pypi
Packages: starlette, fastapi, python-multipart
Source: GitHub Advisory Database
Blast Radius: 34.8
Published: 3 months ago
GSA_kwCzR0hTQS0yanY1LTlyODgtM3czcM4AA5N5
python-multipart vulnerable to Content-Type Header ReDoSEcosystems: pypi
Packages: starlette, fastapi, python-multipart
Source: GitHub Advisory Database
Blast Radius: 34.8
Published: 3 months ago
Low
Ecosystems: pypi
Packages: vng-api-common-utrecht, vng-api-common, commonground-api-common
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
GSA_kwCzR0hTQS1jNGNtLXI5ZmgtamdqOc4AA5ML
commonground-api-common unexploitable privilege escalation in JWT authentication middlewareEcosystems: pypi
Packages: vng-api-common-utrecht, vng-api-common, commonground-api-common
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: nonebot2
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: 3 months ago
GSA_kwCzR0hTQS01OWo4LTc3NnYteHh4Z84AA5Lo
NoneBot Potential Information Leak in User-Constructed Message TemplatesEcosystems: pypi
Packages: nonebot2
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: 3 months ago
High
Ecosystems: pypi
Packages: kinto-attachment
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: 3 months ago
GSA_kwCzR0hTQS1odnA0LXZydjItOHdycc4AA5Kn
Kinto Attachment's attachments can be replaced on read-only recordsEcosystems: pypi
Packages: kinto-attachment
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: 3 months ago
Critical
Ecosystems: pypi
Packages: DIRAC
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
GSA_kwCzR0hTQS01OXFqLWpjanYtNjYyas4AA5Kb
DIRAC's TokenManager does not check permissions on cached tokensEcosystems: pypi
Packages: DIRAC
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Critical
Ecosystems: pypi
Packages: Products.SQLAlchemyDA
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
GSA_kwCzR0hTQS1yM2pjLTNxbW0tdzNwd84AA5JJ
SQLAlchemyDA unauthenticated arbitrary SQL query executionEcosystems: pypi
Packages: Products.SQLAlchemyDA
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Critical
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: 3 months ago
GSA_kwCzR0hTQS01MnhxLWo3djktdjR2Ms4AA5JI
Vyper array negative index vulnerabilityEcosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 29.9
Published: 3 months ago
GSA_kwCzR0hTQS14eGo5LWY2cnYtbTN4NM4AA5IP
Django denial-of-service attack in the intcomma template filterEcosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 29.9
Published: 3 months ago
High
Ecosystems: pypi
Packages: clearml
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 3 months ago
GSA_kwCzR0hTQS1tOTVoLXA0Z2ctd2Z3M84AA5Hc
Allegro AI ClearML path traversal vulnerabilityEcosystems: pypi
Packages: clearml
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 3 months ago
High
Ecosystems: pypi
Packages: clearml
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 3 months ago
GSA_kwCzR0hTQS1jcGN3LTloOW0td3F3Oc4AA5Hb
Allegro AI ClearML vulnerable to deserialization of untrusted dataEcosystems: pypi
Packages: clearml
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: ansible-core
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 3 months ago
GSA_kwCzR0hTQS1oMjRyLW05cWMtcHZwZ84AA5HT
Ansible-core information disclosure flawEcosystems: pypi
Packages: ansible-core
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: clearml
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: 3 months ago
GSA_kwCzR0hTQS1ndnF2LWg3aGgtNmZjY84AA5F-
Allegro AI ClearML Stores Credentials in Plaintext in MongoDB InstanceEcosystems: pypi
Packages: clearml
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: 3 months ago
High
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: 3 months ago
GSA_kwCzR0hTQS1mM2g5LThwaGMtNmd2aM4AA5F4
Gradio Path Traversal vulnerabilityEcosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
GSA_kwCzR0hTQS1nM2NtLXFnMnYtMmhqNc4AA5Ev
pyLoad open redirect vulnerability due to improper validation of the is_safe_url functionEcosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 38.4
Published: 3 months ago
GSA_kwCzR0hTQS0zd3c0LWdnNGYtanI3Zs4AA5Eq
Python Cryptography package vulnerable to Bleichenbacher timing oracle attackEcosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 38.4
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: m2crypto
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: 3 months ago
GSA_kwCzR0hTQS05NDRqLThjaDYtcmY2eM4AA5Ep
m2crypto Bleichenbacher timing attack - incomplete fix for CVE-2020-25657Ecosystems: pypi
Packages: m2crypto
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: 3 months ago
Low
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 3 months ago
GSA_kwCzR0hTQS02ODQ1LXh3MjItZmZ4ds4AA5Ef
Vyper sha3 codegen bugEcosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 3 months ago
Low
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 4 months ago
GSA_kwCzR0hTQS1ncDN3LTJ2Mm0tcDY4Ns4AA5Bo
Vyper's external calls can overflow return data to return input bufferEcosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 4 months ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 779
Ecosystems: 12
Packages: 8,381
Repositories: 779
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
tensorflow
432
tensorflow-cpu
387
tensorflow-gpu
384
django
80
apache-airflow
78
ansible
63
salt
53
Plone
52
apache-superset
49
nova
45
plone
43
rdiffweb
42
Pillow
41
vyper
38
matrix-synapse
35
moin
34
mlflow
33
Django
30
opencv-python
30
opencv-contrib-python
30
keystone
30
langchain
18
glance
18
mercurial
17
PaddlePaddle
17
cobbler
17
pillow
16
neutron
16
cryptography
15
paddlepaddle
15
gradio
15
notebook
15
modoboa
14
pyftpdlib
14
pyload-ng
14
OctoPrint
13
vantage6
12
swift
12
aiohttp
11
onionshare-cli
11
twisted
11
calibreweb
11
urllib3
11
horizon
11
wagtail
10
trytond
10
Flask-AppBuilder
10
ethyca-fides
9
zope
9
waitress
9
Zope
9
kiwitcms
9
opencv-contrib-python-headless
9
opencv-python-headless
9
ryu
9
roundup
9
nautobot
9
label-studio
8
cinder
8
trac
8
numpy
8
aubio
8
python-keystoneclient
8
scrapy
7
pgadmin4
7
jupyter-server
7
ipython
7
lief
7
matrix-sydent
7
pysaml2
7
pip
7
inventree
6
mindsdb
6
sentry
6
apache-airflow-providers-apache-hive
6
Zope2
6
tuf
6
web2py
6
lxml
6
graphite-web
6
mailman
6
Moin
6
feedparser
5
python-gnupg
5
bleach
5
Products.CMFPlone
5
saleor
5
paramiko
5
pyspark
5
Jinja2
5
requests
5
lmdb
5
whoogle-search
5
ckan
5
barbican
4
tripleo-heat-templates
4
starlette
4
Scrapy
4
jupyterhub
4
oauthenticator
4
httpie
4
keylime
4
FreeTAKServer-UI
4
PyPDF2
4
omero-web
4
transformers
4
grpcio
4
markdown2
4
qutebrowser
4
grpc
4
tornado
4
werkzeug
4
yt-dlp
4
nvflare
4
nltk
4
software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
4
datasette
4
esphome
4
Keystone
4
GitPython
4
Radicale
4
reportlab
4
aws-iot-device-sdk-v2
4
ansible-core
4
jwcrypto
4
Pygments
4
Werkzeug
4
buildbot
4
pretix
4
bottle
4
awsiotsdk
4
Flask-Security-Too
4
ecdsa
3
ujson
3
ray
3
Weblate
3
ajenti
3
asyncssh
3
pyarrow
3
Kallithea
3
sanic
3
changedetection.io
3
sosreport
3
flask
3
io.grpc:grpc-protobuf
3
onnx
3
sickrage
3
Mezzanine
3
mistune
3
openvpn-monitor
3
streamlit
3
copyparty
3
Nova
3
indy-node
3
aim
3
localstack
3
mayan-edms
3
pandasai
3
poetry
3
protobuf
3
gerapy
3
bitlyshortener
3
indico
3
jupyterlab
3
pywasm3
3
python-jose
3
keyring
3
wger
3
asyncua
3
apache-iotdb
3
Products.PluggableAuthService
3
rsa
3
fava
3
keystonemiddleware
3
pyyaml
3
apache-airflow-providers-apache-spark
3
docassemble.webapp
3
quokka
3
clearml
3
SQLAlchemy
3
dulwich
3
django-helpdesk
3
ansible-runner
3
slixmpp
3
sqlparse
3
octavia
3
homeassistant
3
torchserve
3
pycrypto
3
apache-libcloud
3
plone.supermodel
3
plone.app.dexterity
3
plone.app.event
3
zenml
3
mitmproxy
3
httplib2
3
plone.app.theming
3
django-unicorn
2
piccolo
2
cabot
2
Filter by Repository
https://github.com/tensorflow/tensorflow
432
https://github.com/django/django
94
https://github.com/apache/airflow
90
https://github.com/ansible/ansible
53
https://github.com/python-pillow/Pillow
52
https://github.com/ikus060/rdiffweb
42
https://github.com/vyperlang/vyper
38
https://github.com/plone/Products.CMFPlone
37
https://github.com/openstack/nova
36
https://github.com/matrix-org/synapse
32
https://github.com/saltstack/salt
32
https://github.com/PaddlePaddle/Paddle
31
https://github.com/opencv/opencv
28
https://github.com/openstack/keystone
27
https://github.com/mlflow/mlflow
27
https://github.com/cobbler/cobbler
14
https://github.com/langchain-ai/langchain
14
https://github.com/vantage6/vantage6
14
https://github.com/pyca/cryptography
14
https://github.com/pyload/pyload
14
https://github.com/gradio-app/gradio
14
https://github.com/modoboa/modoboa
13
https://github.com/twisted/twisted
12
https://github.com/aio-libs/aiohttp
11
https://github.com/urllib3/urllib3
11
https://github.com/onionshare/onionshare
11
https://github.com/scrapy/scrapy
11
https://github.com/janeczku/calibre-web
11
https://github.com/jupyter/notebook
10
https://github.com/openstack/glance
10
https://github.com/dpgaspar/Flask-AppBuilder
10
https://github.com/zopefoundation/Zope
10
https://github.com/wagtail/wagtail
10
https://github.com/apache/superset
9
https://github.com/nautobot/nautobot
9
https://github.com/pgadmin-org/pgadmin4
9
https://github.com/Pylons/waitress
9
https://github.com/giampaolo/pyftpdlib
9
https://github.com/faucetsdn/ryu
9
https://github.com/openstack/horizon
9
https://github.com/ethyca/fides
9
https://github.com/kiwitcms/Kiwi
8
https://github.com/ipython/ipython
8
https://github.com/numpy/numpy
8
https://github.com/octoprint/octoprint
8
https://github.com/openstack/neutron
7
https://github.com/lief-project/LIEF
7
https://sourceforge.net/projects/sourceforge.net
7
https://github.com/aubio/aubio
7
https://github.com/openstack/swift
7
https://github.com/lxml/lxml
6
https://github.com/OctoPrint/OctoPrint
6
https://github.com/jupyter-server/jupyter_server
6
https://github.com/pypa/pip
6
https://github.com/openstack/cinder
6
https://github.com/HumanSignal/label-studio
6
https://github.com/graphite-project/graphite-web
6
https://github.com/matrix-org/sydent
6
https://github.com/getsentry/sentry
6
https://github.com/mindsdb/mindsdb
6
https://github.com/pallets/werkzeug
6
https://github.com/mozilla/bleach
5
https://github.com/hwchase17/langchain
5
https://github.com/benbusby/whoogle-search
5
https://github.com/TeamSeri0us/pocs
5
https://github.com/gitpython-developers/GitPython
5
https://github.com/tryton/trytond
5
https://github.com/keylime/keylime
5
https://github.com/ckan/ckan
4
https://github.com/Flask-Middleware/flask-security
4
https://github.com/esphome/esphome
4
https://github.com/latchset/jwcrypto
4
https://github.com/FreeTAKTeam/UI
4
https://github.com/NVIDIA/NVFlare
4
https://github.com/qutebrowser/qutebrowser
4
https://github.com/py-pdf/pypdf
4
https://github.com/aws/aws-iot-device-sdk-java-v2
4
https://github.com/rohe/pysaml2
4
https://github.com/huggingface/transformers
4
https://github.com/ronf/asyncssh
4
https://github.com/simonw/datasette
4
https://github.com/grpc/grpc
4
https://github.com/bottlepy/bottle
4
https://github.com/psf/requests
4
https://github.com/saleor/saleor
4
https://github.com/jhpyle/docassemble
4
https://github.com/yt-dlp/yt-dlp
4
https://github.com/inventree/InvenTree
4
https://github.com/WeblateOrg/weblate
4
https://github.com/web2py/web2py
4
https://github.com/Kozea/Radicale
4
https://github.com/tornadoweb/tornado
4
https://github.com/pallets/jinja
4
https://github.com/jupyterhub/oauthenticator
4
https://sourceforge.net/projects/roject
3
https://github.com/gventuri/pandas-ai
3
https://gitlab.com/mayan-edms/mayan-edms
3
https://github.com/trentm/python-markdown2
3
https://github.com/pygments/pygments
3
https://github.com/MobSF/Mobile-Security-Framework-MobSF
3
https://github.com/ansible/ansible-runner
3
https://github.com/pyca/pyopenssl
3
https://github.com/home-assistant/core
3
https://github.com/ome/omero-web
3
https://github.com/djblets/djblets
3
https://github.com/pretix/pretix
3
https://github.com/indico/indico
3
https://github.com/beancount/fava
3
https://github.com/furlongm/openvpn-monitor
3
https://github.com/moinwiki/moin-1.9
3
https://github.com/github/securitylab
3
https://github.com/pytorch/serve
3
https://github.com/nltk/nltk
3
https://github.com/wasm3/wasm3
3
https://github.com/python/cpython
3
https://github.com/Cog-Creators/Red-DiscordBot
3
https://github.com/jupyterlab/jupyterlab
3
https://github.com/jupyterhub/jupyterhub
3
https://github.com/Gerapy/Gerapy
3
https://github.com/mitmproxy/mitmproxy
3
https://github.com/rochacbruno/quokka
3
https://github.com/openstack/octavia
3
https://github.com/andialbrecht/sqlparse
3
https://github.com/encode/starlette
3
https://github.com/pypa/advisory-db
3
https://github.com/run-llama/llama_index
3
https://github.com/openstack/python-keystoneclient
3
https://github.com/dlitz/pycrypto
3
https://github.com/mpdavis/python-jose
3
https://github.com/pallets/flask
3
https://github.com/lepture/mistune
3
https://github.com/sqlalchemy/sqlalchemy
3
https://github.com/hyperledger/indy-node
3
https://github.com/9001/copyparty
3
https://github.com/theupdateframework/python-tuf
3
https://github.com/yaml/pyyaml
3
https://github.com/sosreport/sos
3
https://github.com/django-helpdesk/django-helpdesk
3
https://github.com/dgtlmoon/changedetection.io
3
https://github.com/theupdateframework/tuf
3
https://github.com/onnx/onnx
3
https://github.com/impredicative/bitlyshortener
3
https://github.com/IdentityPython/pysaml2
3
https://github.com/httplib2/httplib2
3
https://github.com/poezio/slixmpp
3
https://github.com/streamlit/streamlit
3
https://github.com/paramiko/paramiko
3
https://github.com/zenml-io/zenml
3
https://github.com/ethereum/eth-abi
2
https://github.com/openstack/magnum
2
https://github.com/mirumee/saleor
2
https://github.com/petl-developers/petl
2
https://github.com/executablebooks/markdown-it-py
2
https://github.com/pytest-dev/py
2
https://github.com/piccolo-orm/piccolo
2
https://github.com/eventlet/eventlet
2
https://github.com/MirahezeBots/sopel-channelmgnt
2
https://github.com/embedchain/embedchain
2
https://github.com/python-imaging/Pillow
2
https://github.com/python-ldap/python-ldap
2
https://github.com/facebookresearch/ParlAI
2
https://github.com/python-poetry/poetry
2
https://github.com/clinical-genomics/scout
2
https://github.com/DIRACGrid/DIRAC
2
https://github.com/encode/uvicorn
2
https://github.com/pretalx/pretalx
2
https://github.com/django-wiki/django-wiki
2
https://github.com/protocolbuffers/protobuf
2
https://github.com/mongodb/mongo-python-driver
2
https://github.com/OpenZeppelin/cairo-contracts
2
https://github.com/dask/distributed
2
https://github.com/DataDog/guarddog
2
https://github.com/moggers87/django-sendfile2
2
https://github.com/openstack/tripleo-heat-templates
2
https://github.com/Netflix/lemur
2
https://github.com/cure53/DOMPurify
2
https://github.com/plone/Products.ATContentTypes
2
https://github.com/pyinstaller/pyinstaller
2
https://github.com/corydolphin/flask-cors
2
https://github.com/plone/plone.restapi
2
https://github.com/openstack/barbican
2
https://github.com/dbt-labs/dbt-core
2
https://github.com/FreeTAKTeam/FreeTakServer
2
https://github.com/geopython/OWSLib
2
https://github.com/openstack/ossa
2
https://github.com/FreeOpcUa/opcua-asyncio
2
https://github.com/nexB/scancode.io
2
https://github.com/devsnd/cherrymusic
2
https://github.com/NVIDIA/NeMo
2
https://github.com/Legrandin/pycryptodome
2
https://github.com/stchris/untangle
2
https://github.com/warner/python-ecdsa
2
https://github.com/starkbank/ecdsa-python
2
https://github.com/aws/aws-encryption-sdk-cli
2
https://github.com/snowflakedb/snowflake-connector-python
2
https://github.com/jupyterhub/jupyter-server-proxy
2
https://github.com/aws/sagemaker-python-sdk
2
https://github.com/simplegeo/python-oauth2
2
https://github.com/httpie/httpie
2