Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
pypi Security Advisories
Loading...
Moderate
Ecosystems: pypi
Packages: libosdp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
GSA_kwCzR0hTQS14aGp3LTd2aDUtcXhxbc4AA522
LibOSDP RMAC revert to the beginning of the sessionEcosystems: pypi
Packages: libosdp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
Ecosystems: pypi
Packages: libosdp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
GSA_kwCzR0hTQS03OTQ1LTVtY3YtZjJwcM4AA521
LibOSDP vulnerable to a null pointer deref in osdp_reply_nameEcosystems: pypi
Packages: libosdp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
Ecosystems: pypi
Packages: django-markdownx
Source: GitHub Advisory Database
Blast Radius: 14.9
Published: about 2 months ago
GSA_kwCzR0hTQS1mdng4LTc5aHgteDgyZs4AA520
Django MarkdownX Cross-Site Scripting (XSS) vulnerabilityEcosystems: pypi
Packages: django-markdownx
Source: GitHub Advisory Database
Blast Radius: 14.9
Published: about 2 months ago
Critical
Ecosystems: pypi
Packages: pgAdmin4
Source: GitHub Advisory Database
Blast Radius: 17.1
Published: about 2 months ago
GSA_kwCzR0hTQS1yajk4LWNyZjQtZzY5d84AA51E
pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated userEcosystems: pypi
Packages: pgAdmin4
Source: GitHub Advisory Database
Blast Radius: 17.1
Published: about 2 months ago
Critical
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 30.4
Published: about 2 months ago
GSA_kwCzR0hTQS0ycnA4LWhmZjktYzV3cs4AA50x
PaddlePaddle Path Traversal vulnerabilityEcosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 30.4
Published: about 2 months ago
Critical
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: about 2 months ago
GSA_kwCzR0hTQS1tcm1tLXFtcmoteGdwNs4AA50i
PaddlePaddle vulnerable to remote code executionEcosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: about 2 months ago
Critical
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: about 2 months ago
GSA_kwCzR0hTQS1xcXYyLTM1cTgtcDJnMs4AA50P
PaddlePaddle command injection in paddle.utils.download._wget_downloadEcosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: about 2 months ago
Critical
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: about 2 months ago
GSA_kwCzR0hTQS1maDU0LTN2aGctbXBjMs4AA5z7
PaddlePaddle command injection vulnerabilityEcosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: about 2 months ago
Moderate
Ecosystems: pypi
Packages: jwcrypto
Source: GitHub Advisory Database
Blast Radius: 22.4
Published: about 2 months ago
GSA_kwCzR0hTQS1qODU3LTdydnYtdmo5N84AA5zv
JWCrypto vulnerable to JWT bomb Attack in `deserialize` functionEcosystems: pypi
Packages: jwcrypto
Source: GitHub Advisory Database
Blast Radius: 22.4
Published: about 2 months ago
High
Ecosystems: pypi
Packages: rpyc
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: about 2 months ago
GSA_kwCzR0hTQS1oNWNnLTUzZzctZ3Fqd84AA5zS
RPyC's missing security check results in code execution when using numpy.array on the server-side.Ecosystems: pypi
Packages: rpyc
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: about 2 months ago
Moderate
Ecosystems: pypi
Packages: esphome
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: about 2 months ago
GSA_kwCzR0hTQS05cDQzLWhqNWotOTZoNc4AA5zH
esphome vulnerable to stored Cross-site Scripting in edit configuration file APIEcosystems: pypi
Packages: esphome
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: about 2 months ago
Moderate
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS14ZzVwLTh3ZzUtcmh4bc4AA5yI
Phone information disclosure vulnerabilityEcosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
Ecosystems: pypi
Packages: eth-abi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS0zcXdjLTQ3amYtNXJmN84AA5xT
eth-abi is vulnerable to recursive DoSEcosystems: pypi
Packages: eth-abi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Low
Ecosystems: pypi
Packages: langchain-core, langchain
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
GSA_kwCzR0hTQS1oNTl4LXA3MzktOTgyY84AA5ue
LangChain directory traversal vulnerabilityEcosystems: pypi
Packages: langchain-core, langchain
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
High
Ecosystems: pypi
Packages: esphome
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 2 months ago
GSA_kwCzR0hTQS04cDI1LTNxNDYtOHEycM4AA5sM
ESPHome vulnerable to remote code execution via arbitrary file writeEcosystems: pypi
Packages: esphome
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 2 months ago
Moderate
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
GSA_kwCzR0hTQS02eHdmLXh2ZjMtdjQ1Oc4AA5rU
Apache Airflow: Incorrect Default Permissions in audit logs for Ops and Viewers usersEcosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
Ecosystems: pypi
Packages: docassemble.webapp
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: 2 months ago
GSA_kwCzR0hTQS1wY2Z4LWcyajItZjZmNs4AA5qg
Docassemble HTML and javascript injectionEcosystems: pypi
Packages: docassemble.webapp
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: 2 months ago
Moderate
Ecosystems: pypi
Packages: docassemble.webapp
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: 2 months ago
GSA_kwCzR0hTQS03d3hmLXIycXYtOXh3cs4AA5qf
Docassemble open redirectEcosystems: pypi
Packages: docassemble.webapp
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: 2 months ago
High
Ecosystems: pypi
Packages: docassemble.base, docassemble.webapp
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 2 months ago
GSA_kwCzR0hTQS1qcTU3LTN3N3Atdnd2ds4AA5qh
Docassemble unauthorized access through URL manipulationEcosystems: pypi
Packages: docassemble.base, docassemble.webapp
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 2 months ago
Moderate
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
GSA_kwCzR0hTQS02djZ3LWg4bTYtN212Ms4AA5qK
Apache Airflow: DAG Code and Import Error Permissions IgnoredEcosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
Ecosystems: pypi
Packages: Mezzanine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
GSA_kwCzR0hTQS0yMmNjLXc3eG0tcmZoeM4AA5l7
Mezzanine allows attackers to bypass access controls via manipulating the Host headerEcosystems: pypi
Packages: Mezzanine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
Ecosystems: pypi
Packages: Mezzanine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
GSA_kwCzR0hTQS1xcDU2LTgydnAteHFnds4AA5l8
Mezzanine allows attackers to bypass access control mechanismsEcosystems: pypi
Packages: Mezzanine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Critical
Ecosystems: pypi
Packages: Flask-AppBuilder
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: 2 months ago
GSA_kwCzR0hTQS1qMnB3LXZwNTUtZnFxas4AA5l1
Flask-AppBuilder vulnerable to incorrect authentication when using auth type OpenIDEcosystems: pypi
Packages: Flask-AppBuilder
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: 2 months ago
Moderate
Ecosystems: pypi
Packages: Flask-AppBuilder
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: 2 months ago
GSA_kwCzR0hTQS1mcXhqLTQ2d2ctOXY4NM4AA5l0
Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS)Ecosystems: pypi
Packages: Flask-AppBuilder
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: 2 months ago
Moderate
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 2 months ago
GSA_kwCzR0hTQS0zdjlyLTg4NWotNzYyZ84AA5lb
Apache Superset: Improper authorization validation on dashboards and charts importEcosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 2 months ago
Moderate
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 6.7
Published: 2 months ago
GSA_kwCzR0hTQS13cjZnLTl3Y3ItY21xas4AA5le
Apache Superset: Improper data authorization when creating a new datasetEcosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 6.7
Published: 2 months ago
Moderate
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 2 months ago
GSA_kwCzR0hTQS1tNmptLTN2MzgtNzZqNM4AA5la
Apache Superset: Improper Neutralization of custom SQL on embedded contextEcosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 2 months ago
Moderate
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: 2 months ago
GSA_kwCzR0hTQS01NDc0LWY3ZzUtMjczcc4AA5ld
Apache Superset: Improper validation of SQL statements allows for unauthorized access to dataEcosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: 2 months ago
Moderate
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 2 months ago
GSA_kwCzR0hTQS1oN3I2LThxbW0taGo1cs4AA5lZ
Apache Superset: Improper error handling on alertsEcosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 2 months ago
Moderate
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
GSA_kwCzR0hTQS12ZjdqLWNtcmotcG1tbc4AA5iJ
ZenML Server Remote Privilege Escalation VulnerabilityEcosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
Ecosystems: pypi
Packages: diffoscope
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
GSA_kwCzR0hTQS0zM3c2LWh2bXEtZ2g0eM4AA5g-
diffoscope Path Traversal vulnerabilityEcosystems: pypi
Packages: diffoscope
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Low
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 2 months ago
GSA_kwCzR0hTQS00aHdxLTRjcG0tOHZteM4AA5gr
Vyper's `extract32` can ready dirty memoryEcosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 2 months ago
Low
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 2 months ago
GSA_kwCzR0hTQS05cDhyLTR4cDQtZ3c1d84AA5gq
Vyper's `_abi_decode` vulnerable to Memory OverflowEcosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 2 months ago
Low
Ecosystems: pypi
Packages: pypop-genomics
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
GSA_kwCzR0hTQS1wNG01LTMycHItMmhxcs4AA5gm
PyPop C extensions possible vulnerability: missing arguments and redundant null pointersEcosystems: pypi
Packages: pypop-genomics
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
Ecosystems: pypi
Packages: langchain-experimental
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
GSA_kwCzR0hTQS12OHZqLWN2MjctaGp2OM4AA5gM
LangChain Experimental vulnerable to arbitrary code executionEcosystems: pypi
Packages: langchain-experimental
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
High
Ecosystems: pypi
Packages: orjson
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: 2 months ago
GSA_kwCzR0hTQS1wd3IyLTR2MzYtNnFwcs4AA5gF
orjson does not limit recursion for deeply nested JSON documentsEcosystems: pypi
Packages: orjson
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: 2 months ago
Moderate
Ecosystems: pypi
Packages: pretix
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
GSA_kwCzR0hTQS02NzJyLTk3cjctdngycc4AA5gJ
pretix mishandles file validationEcosystems: pypi
Packages: pretix
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Low
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: 2 months ago
GSA_kwCzR0hTQS1oOWo3LTV4dmMtcWhnNc4AA5fj
langchain Server-Side Request Forgery vulnerabilityEcosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: 2 months ago
High
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 2 months ago
GSA_kwCzR0hTQS02NzQ5LW01Y3AtNmNnN84AA5e2
Cross-site Scripting in MLFlowEcosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 2 months ago
High
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 2 months ago
GSA_kwCzR0hTQS0zdjc5LXE3cGgtajc1aM4AA5e3
MLFlow Cross-site Scripting vulnerability leads to client-side Remote Code ExecutionEcosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 2 months ago
High
Ecosystems: pypi
Packages: onnx
Source: GitHub Advisory Database
Blast Radius: 29.6
Published: 2 months ago
GSA_kwCzR0hTQS13aGg4LWZqZ2MtcXA3M84AA5ep
Onnx Directory Traversal vulnerabilityEcosystems: pypi
Packages: onnx
Source: GitHub Advisory Database
Blast Radius: 29.6
Published: 2 months ago
Moderate
Ecosystems: pypi
Packages: onnx
Source: GitHub Advisory Database
Blast Radius: 17.3
Published: 2 months ago
GSA_kwCzR0hTQS1oOHd2LTloOTYtbTRocs4AA5eq
Onnx Out-of-bounds Read vulnerabilityEcosystems: pypi
Packages: onnx
Source: GitHub Advisory Database
Blast Radius: 17.3
Published: 2 months ago
Moderate
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 24.0
Published: 2 months ago
GSA_kwCzR0hTQS1obXg2LXI3NmMtODVnOc4AA5du
Gradio apps vulnerable to timing attacks to guess passwordEcosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 24.0
Published: 2 months ago
Moderate
Ecosystems: pypi
Packages: label-studio
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 2 months ago
GSA_kwCzR0hTQS02eHY5LTk1N2otcWZoZ84AA5dt
Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling configEcosystems: pypi
Packages: label-studio
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 2 months ago
High
Ecosystems: pypi
Packages: pypqc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
GSA_kwCzR0hTQS1yYzRwLXAzajktNjU3N84AA5ds
pypqc private key retrieval vulnerabilityEcosystems: pypi
Packages: pypqc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
High
Ecosystems: pypi
Packages: mjml
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 2 months ago
GSA_kwCzR0hTQS01NzhwLWZ4bW0tNjIyOc4AA5dr
Potentially untrusted input is rendered as HTML in final outputEcosystems: pypi
Packages: mjml
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 2 months ago
High
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 38.4
Published: 2 months ago
GSA_kwCzR0hTQS02dnF3LTN2NWotNTR4NM4AA5bN
cryptography NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash overrideEcosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 38.4
Published: 2 months ago
Critical
Ecosystems: pypi
Packages: pymatgen
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: 2 months ago
GSA_kwCzR0hTQS12Z3Y4LTVjcGotcWoyZs4AA5bL
pymatgen vulnerable to arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_stringEcosystems: pypi
Packages: pymatgen
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: 2 months ago
High
Ecosystems: pypi
Packages: cbor2
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 2 months ago
GSA_kwCzR0hTQS0zNzVnLTM5anEtdnE3bc4AA5Zw
Potential buffer overflow in CBOR2 decoderEcosystems: pypi
Packages: cbor2
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 2 months ago
High
Ecosystems: pypi
Packages: apache-airflow-providers-mongo
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
GSA_kwCzR0hTQS14NXBtLWgzM3EtY2pyd84AA5Zl
Improper Certificate Validation in apache airflow mongo hookEcosystems: pypi
Packages: apache-airflow-providers-mongo
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
High
Ecosystems: pypi
Packages: pyhtml2pdf
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 2 months ago
GSA_kwCzR0hTQS1wM3J2LXFqNTYtMmZxeM4AA5YM
Cross-site Scripting in Pyhtml2pdfEcosystems: pypi
Packages: pyhtml2pdf
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 2 months ago
Low
Ecosystems: pypi
Packages: tuf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
GSA_kwCzR0hTQS03N2hoLTQzY20tdjhqNs4AA5V2
tuf's Metadata API: Targets.get_delegated_role() is missing input validationEcosystems: pypi
Packages: tuf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
Ecosystems: pypi
Packages: scrapy
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 3 months ago
GSA_kwCzR0hTQS03ajdtLXY3bTMtanFtN84AA5Vh
Scrapy decompression bomb vulnerabilityEcosystems: pypi
Packages: scrapy
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 3 months ago
High
Ecosystems: pypi
Packages: scrapy
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 3 months ago
GSA_kwCzR0hTQS1jdzlqLXEzdmYtaHJyds4AA5Ui
Scrapy authorization header leakage on cross-domain redirectEcosystems: pypi
Packages: scrapy
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 3 months ago
High
Ecosystems: pypi
Packages: scrapy
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 3 months ago
GSA_kwCzR0hTQS1jYzY1LXh4dmYtZjdyOc4AA5UB
Scrapy vulnerable to ReDoS via XMLFeedSpiderEcosystems: pypi
Packages: scrapy
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 3 months ago
High
Ecosystems: pypi
Packages: starlette, fastapi, python-multipart
Source: GitHub Advisory Database
Blast Radius: 34.8
Published: 3 months ago
GSA_kwCzR0hTQS0yanY1LTlyODgtM3czcM4AA5N5
python-multipart vulnerable to Content-Type Header ReDoSEcosystems: pypi
Packages: starlette, fastapi, python-multipart
Source: GitHub Advisory Database
Blast Radius: 34.8
Published: 3 months ago
Low
Ecosystems: pypi
Packages: vng-api-common-utrecht, vng-api-common, commonground-api-common
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
GSA_kwCzR0hTQS1jNGNtLXI5ZmgtamdqOc4AA5ML
commonground-api-common unexploitable privilege escalation in JWT authentication middlewareEcosystems: pypi
Packages: vng-api-common-utrecht, vng-api-common, commonground-api-common
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: nonebot2
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: 3 months ago
GSA_kwCzR0hTQS01OWo4LTc3NnYteHh4Z84AA5Lo
NoneBot Potential Information Leak in User-Constructed Message TemplatesEcosystems: pypi
Packages: nonebot2
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: 3 months ago
High
Ecosystems: pypi
Packages: kinto-attachment
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: 3 months ago
GSA_kwCzR0hTQS1odnA0LXZydjItOHdycc4AA5Kn
Kinto Attachment's attachments can be replaced on read-only recordsEcosystems: pypi
Packages: kinto-attachment
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: 3 months ago
Critical
Ecosystems: pypi
Packages: DIRAC
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
GSA_kwCzR0hTQS01OXFqLWpjanYtNjYyas4AA5Kb
DIRAC's TokenManager does not check permissions on cached tokensEcosystems: pypi
Packages: DIRAC
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Critical
Ecosystems: pypi
Packages: Products.SQLAlchemyDA
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
GSA_kwCzR0hTQS1yM2pjLTNxbW0tdzNwd84AA5JJ
SQLAlchemyDA unauthenticated arbitrary SQL query executionEcosystems: pypi
Packages: Products.SQLAlchemyDA
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Critical
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: 3 months ago
GSA_kwCzR0hTQS01MnhxLWo3djktdjR2Ms4AA5JI
Vyper array negative index vulnerabilityEcosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 29.9
Published: 3 months ago
GSA_kwCzR0hTQS14eGo5LWY2cnYtbTN4NM4AA5IP
Django denial-of-service attack in the intcomma template filterEcosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 29.9
Published: 3 months ago
High
Ecosystems: pypi
Packages: clearml
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 3 months ago
GSA_kwCzR0hTQS1tOTVoLXA0Z2ctd2Z3M84AA5Hc
Allegro AI ClearML path traversal vulnerabilityEcosystems: pypi
Packages: clearml
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 3 months ago
High
Ecosystems: pypi
Packages: clearml
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 3 months ago
GSA_kwCzR0hTQS1jcGN3LTloOW0td3F3Oc4AA5Hb
Allegro AI ClearML vulnerable to deserialization of untrusted dataEcosystems: pypi
Packages: clearml
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: ansible-core
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 3 months ago
GSA_kwCzR0hTQS1oMjRyLW05cWMtcHZwZ84AA5HT
Ansible-core information disclosure flawEcosystems: pypi
Packages: ansible-core
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 3 months ago
High
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: 3 months ago
GSA_kwCzR0hTQS1mM2g5LThwaGMtNmd2aM4AA5F4
Gradio Path Traversal vulnerabilityEcosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: clearml
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: 3 months ago
GSA_kwCzR0hTQS1ndnF2LWg3aGgtNmZjY84AA5F-
Allegro AI ClearML Stores Credentials in Plaintext in MongoDB InstanceEcosystems: pypi
Packages: clearml
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
GSA_kwCzR0hTQS1nM2NtLXFnMnYtMmhqNc4AA5Ev
pyLoad open redirect vulnerability due to improper validation of the is_safe_url functionEcosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 38.4
Published: 3 months ago
GSA_kwCzR0hTQS0zd3c0LWdnNGYtanI3Zs4AA5Eq
Python Cryptography package vulnerable to Bleichenbacher timing oracle attackEcosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 38.4
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: m2crypto
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: 3 months ago
GSA_kwCzR0hTQS05NDRqLThjaDYtcmY2eM4AA5Ep
m2crypto Bleichenbacher timing attack - incomplete fix for CVE-2020-25657Ecosystems: pypi
Packages: m2crypto
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: 3 months ago
Low
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 3 months ago
GSA_kwCzR0hTQS02ODQ1LXh3MjItZmZ4ds4AA5Ef
Vyper sha3 codegen bugEcosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 3 months ago
Low
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 3 months ago
GSA_kwCzR0hTQS1ncDN3LTJ2Mm0tcDY4Ns4AA5Bo
Vyper's external calls can overflow return data to return input bufferEcosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 3 months ago
Moderate
Ecosystems: pypi, npm
Packages: dash-core-components, dash-html-components, dash
Source: GitHub Advisory Database
Blast Radius: 32.3
Published: 3 months ago
GSA_kwCzR0hTQS01NDd4LTc0OHYtdnA2cM4AA5A9
Dash apps vulnerable to Cross-site ScriptingEcosystems: pypi, npm
Packages: dash-core-components, dash-html-components, dash
Source: GitHub Advisory Database
Blast Radius: 32.3
Published: 3 months ago
Critical
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: 3 months ago
GSA_kwCzR0hTQS05eDdmLWd3eHEtNmYyY84AA4_y
Vyper's bounds check on built-in `slice()` function can be overflowedEcosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: glance-store
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: 3 months ago
GSA_kwCzR0hTQS13Z3BxLXAyaG0tNTZ2Oc4AA4_r
glance-store logs s3 access keysEcosystems: pypi
Packages: glance-store
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: OctoPrint
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 3 months ago
GSA_kwCzR0hTQS01NjI2LXB3OWMtaG1qcs4AA498
OctoPrint Unverified Password Change via Access Control SettingsEcosystems: pypi
Packages: OctoPrint
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: label-studio
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: 3 months ago
GSA_kwCzR0hTQS1wNTl3LTlncXctd2o4cs4AA497
Label Studio SSRF on Import Bypassing `SSRF_PROTECTION_ENABLED` ProtectionsEcosystems: pypi
Packages: label-studio
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: 3 months ago
Low
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 3 months ago
GSA_kwCzR0hTQS1yam12LTUybXAtZ2pycs4AA480
vantage6 may create unencrypted tasks in encrypted collaborationEcosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 3 months ago
Low
Ecosystems: pypi
Packages: vantage6-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
GSA_kwCzR0hTQS00NWdxLXE0eGgtY3A1M84AA48y
vantage6 vulnerable to username timing attackEcosystems: pypi
Packages: vantage6-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 3 months ago
GSA_kwCzR0hTQS0yd2djLTQ4ZzItY2o1d84AA48z
vantage6 has insecure SSH configuration for node and server containersEcosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 3 months ago
High
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: 3 months ago
GSA_kwCzR0hTQS13OWgyLXB4ODctNzR2eM4AA48x
vantage6 remote code execution vulnerabilityEcosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: 3 months ago
GSA_kwCzR0hTQS14MmMyLXEzMnctNHc2bc4AA48w
Vyper's raw_call `value=` kwargs not disabled for static and delegate callsEcosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: 3 months ago
GSA_kwCzR0hTQS01aDg2LThtdjItanE5Zs4AA47u
aiohttp is vulnerable to directory traversalEcosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: 3 months ago
GSA_kwCzR0hTQS04cXB3LXhxeGotaDRyMs4AA47q
aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separatorsEcosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: ai-flow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
GSA_kwCzR0hTQS03bWdnLTNycTItaGZmNM4AA45w
ai-flow Deserialization of Untrusted Data vulnerabilityEcosystems: pypi
Packages: ai-flow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Critical
Ecosystems: pypi
Packages: synthcity
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
GSA_kwCzR0hTQS00OTU3LTd2aHAtN3Y1Oc4AA45N
Deserialization of untrusted data in synthcityEcosystems: pypi
Packages: synthcity
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 28.2
Published: 3 months ago
GSA_kwCzR0hTQS05djloLWNnajgtaDY0cM4AA44M
Null pointer dereference in PKCS12 parsingEcosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 28.2
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: 3 months ago
GSA_kwCzR0hTQS12bTVtLXFtcngtZnc4d84AA4qc
Apache Airflow: Bypass permission verification to read code of other dagsEcosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: 3 months ago
High
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: 3 months ago
GSA_kwCzR0hTQS1jM2M2LWYyd3cteGZyMs4AA4qZ
Apache Airflow: pickle deserialization vulnerability in XComsEcosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: apache-airflow-providers-cncf-kubernetes, apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: 3 months ago
GSA_kwCzR0hTQS1tZzJ4LW1nZ2otNjk1Nc4AA4qb
Apache Airflow CNCF Kubernetes provider, Apache Airflow: Kubernetes configuration file saved without encryption in the Metadata and logged as plain text in the Triggerer serviceEcosystems: pypi
Packages: apache-airflow-providers-cncf-kubernetes, apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: label-studio
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 3 months ago
GSA_kwCzR0hTQS1mcTIzLWc1OG0tNzk5cs4AA4qW
Cross-site Scripting Vulnerability on Data ImportEcosystems: pypi
Packages: label-studio
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 3 months ago
High
Ecosystems: pypi
Packages: label-studio
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 3 months ago
GSA_kwCzR0hTQS1xNjhoLXh3cTUtbW03eM4AA4qV
Cross-site Scripting Vulnerability on Avatar UploadEcosystems: pypi
Packages: label-studio
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 3 months ago
Critical
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 3 months ago
GSA_kwCzR0hTQS1yd2hoLTZ4ODMtODR2Ns4AA4od
Cross-site Scripting in Apache supersetEcosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 3 months ago
High
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: 3 months ago
GSA_kwCzR0hTQS12NHh2LTc5NWgtcnY0aM4AA4oT
XSS potential in rendered Markdown fields (comments, description, notes, etc.)Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: 3 months ago
Low
Ecosystems: pypi
Packages: changedetection-io, changedetection.io
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
GSA_kwCzR0hTQS1oY3ZwLTJjYzctanJ3cs4AA4oO
changedetection.io API endpoint is not secured with API tokenEcosystems: pypi
Packages: changedetection-io, changedetection.io
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
Ecosystems: pypi
Packages: ecdsa
Source: GitHub Advisory Database
Blast Radius: 31.0
Published: 3 months ago
GSA_kwCzR0hTQS13ajZoLTY0ZmMtMzdtcM4AA4nW
Minerva timing attack on P-256 in python-ecdsaEcosystems: pypi
Packages: ecdsa
Source: GitHub Advisory Database
Blast Radius: 31.0
Published: 3 months ago
Moderate
Ecosystems: pypi
Packages: TuiTse-TsuSin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
GSA_kwCzR0hTQS1tNG01LWozNm0tOHg3Ms4AA4nV
html injection vulnerability in the `tuitse_html` function.Ecosystems: pypi
Packages: TuiTse-TsuSin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Critical
Ecosystems: pypi
Packages: pandasai
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: 3 months ago
GSA_kwCzR0hTQS01ZzczLTY5cDQtN2d2eM4AA4mi
Code execution in pandasaiEcosystems: pypi
Packages: pandasai
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: 3 months ago
High
Ecosystems: pypi
Packages: metagpt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
GSA_kwCzR0hTQS1nN3BoLTg0MjMtcGY0as4AA4mg
Code execution in metagptEcosystems: pypi
Packages: metagpt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Statistics
Advisories: 18,369
Packages: 8,294
Repositories: 764
Ecosystems: 12
Packages: 8,294
Repositories: 764
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
tensorflow
432
tensorflow-cpu
387
tensorflow-gpu
384
django
80
apache-airflow
78
ansible
63
salt
50
apache-superset
48
Plone
45
plone
43
rdiffweb
42
Pillow
41
vyper
38
matrix-synapse
35
mlflow
31
opencv-python
30
opencv-contrib-python
30
Django
27
moin
23
langchain
18
PaddlePaddle
17
mercurial
17
cobbler
17
pillow
16
nova
15
paddlepaddle
15
notebook
15
cryptography
15
gradio
14
modoboa
14
pyftpdlib
14
keystone
14
pyload-ng
14
neutron
13
OctoPrint
12
vantage6
12
glance
11
calibreweb
11
twisted
11
urllib3
11
aiohttp
11
onionshare-cli
11
trytond
10
wagtail
10
Flask-AppBuilder
10
zope
9
opencv-contrib-python-headless
9
opencv-python-headless
9
ethyca-fides
9
waitress
9
Zope
9
kiwitcms
9
trac
8
numpy
8
python-keystoneclient
8
aubio
8
roundup
8
nautobot
8
label-studio
8
swift
7
jupyter-server
7
pysaml2
7
pgadmin4
7
lief
7
scrapy
7
ipython
7
pip
7
matrix-sydent
7
mailman
6
apache-airflow-providers-apache-hive
6
lxml
6
Zope2
6
sentry
6
tuf
6
web2py
6
horizon
6
graphite-web
6
mindsdb
6
inventree
6
bleach
5
pyspark
5
saleor
5
lmdb
5
ckan
5
requests
5
python-gnupg
5
feedparser
5
whoogle-search
5
Products.CMFPlone
5
paramiko
5
cinder
5
jupyterhub
4
tripleo-heat-templates
4
bottle
4
Radicale
4
aws-iot-device-sdk-v2
4
Pygments
4
reportlab
4
software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
4
markdown2
4
awsiotsdk
4
nltk
4
starlette
4
nvflare
4
datasette
4
Jinja2
4
ansible-core
4
transformers
4
esphome
4
httpie
4
Flask-Security-Too
4
grpc
4
keylime
4
grpcio
4
oauthenticator
4
FreeTAKServer-UI
4
tornado
4
PyPDF2
4
buildbot
4
pretix
4
werkzeug
4
GitPython
4
omero-web
4
yt-dlp
4
jwcrypto
4
qutebrowser
4
mistune
3
Mezzanine
3
gerapy
3
SQLAlchemy
3
copyparty
3
django-helpdesk
3
Werkzeug
3
dulwich
3
pyyaml
3
sanic
3
flask
3
pandasai
3
mayan-edms
3
barbican
3
aim
3
indy-node
3
protobuf
3
ryu
3
streamlit
3
httplib2
3
sosreport
3
zenml
3
sickrage
3
rsa
3
Weblate
3
ujson
3
openvpn-monitor
3
Keystone
3
pyarrow
3
Products.PluggableAuthService
3
changedetection.io
3
ajenti
3
fava
3
Moin
3
pycrypto
3
mitmproxy
3
keyring
3
io.grpc:grpc-protobuf
3
wger
3
apache-libcloud
3
ecdsa
3
plone.app.event
3
plone.app.theming
3
plone.app.dexterity
3
plone.supermodel
3
sqlparse
3
homeassistant
3
onnx
3
asyncua
3
torchserve
3
ansible-runner
3
localstack
3
poetry
3
bitlyshortener
3
indico
3
octavia
3
slixmpp
3
jupyterlab
3
clearml
3
docassemble.webapp
3
apache-iotdb
3
asyncssh
3
quokka
3
pywasm3
3
apache-airflow-providers-apache-spark
3
ray
3
python-jose
3
pymatgen
2
pyxdg
2
openapi-python-client
2
wagtail-2fa
2
zope2
2
py
2
ctx
2
Filter by Repository
https://github.com/tensorflow/tensorflow
432
https://github.com/apache/airflow
90
https://github.com/django/django
74
https://github.com/ansible/ansible
53
https://github.com/python-pillow/Pillow
52
https://github.com/ikus060/rdiffweb
42
https://github.com/vyperlang/vyper
38
https://github.com/plone/Products.CMFPlone
37
https://github.com/matrix-org/synapse
32
https://github.com/saltstack/salt
32
https://github.com/PaddlePaddle/Paddle
31
https://github.com/opencv/opencv
28
https://github.com/mlflow/mlflow
25
https://github.com/cobbler/cobbler
14
https://github.com/pyload/pyload
14
https://github.com/vantage6/vantage6
14
https://github.com/pyca/cryptography
14
https://github.com/langchain-ai/langchain
14
https://github.com/modoboa/modoboa
13
https://github.com/gradio-app/gradio
13
https://github.com/twisted/twisted
12
https://github.com/urllib3/urllib3
11
https://github.com/aio-libs/aiohttp
11
https://github.com/openstack/keystone
11
https://github.com/onionshare/onionshare
11
https://github.com/janeczku/calibre-web
11
https://github.com/jupyter/notebook
10
https://github.com/dpgaspar/Flask-AppBuilder
10
https://github.com/zopefoundation/Zope
10
https://github.com/wagtail/wagtail
10
https://github.com/giampaolo/pyftpdlib
9
https://github.com/Pylons/waitress
9
https://github.com/apache/superset
9
https://github.com/ethyca/fides
9
https://github.com/pgadmin-org/pgadmin4
9
https://github.com/scrapy/scrapy
8
https://github.com/nautobot/nautobot
8
https://github.com/octoprint/octoprint
8
https://github.com/numpy/numpy
8
https://github.com/kiwitcms/Kiwi
8
https://github.com/ipython/ipython
8
https://github.com/aubio/aubio
7
https://github.com/lief-project/LIEF
7
https://github.com/graphite-project/graphite-web
6
https://github.com/getsentry/sentry
6
https://github.com/jupyter-server/jupyter_server
6
https://github.com/lxml/lxml
6
https://github.com/pypa/pip
6
https://github.com/mindsdb/mindsdb
6
https://github.com/HumanSignal/label-studio
6
https://github.com/matrix-org/sydent
6
https://github.com/pallets/werkzeug
5
https://sourceforge.net/projects/sourceforge.net
5
https://github.com/openstack/nova
5
https://github.com/mozilla/bleach
5
https://github.com/TeamSeri0us/pocs
5
https://github.com/gitpython-developers/GitPython
5
https://github.com/hwchase17/langchain
5
https://github.com/tryton/trytond
5
https://github.com/keylime/keylime
5
https://github.com/OctoPrint/OctoPrint
5
https://github.com/openstack/horizon
5
https://github.com/benbusby/whoogle-search
5
https://github.com/yt-dlp/yt-dlp
4
https://github.com/jhpyle/docassemble
4
https://github.com/Flask-Middleware/flask-security
4
https://github.com/esphome/esphome
4
https://github.com/openstack/neutron
4
https://github.com/ckan/ckan
4
https://github.com/jupyterhub/oauthenticator
4
https://github.com/inventree/InvenTree
4
https://github.com/web2py/web2py
4
https://github.com/latchset/jwcrypto
4
https://github.com/aws/aws-iot-device-sdk-java-v2
4
https://github.com/WeblateOrg/weblate
4
https://github.com/Kozea/Radicale
4
https://github.com/huggingface/transformers
4
https://github.com/qutebrowser/qutebrowser
4
https://github.com/NVIDIA/NVFlare
4
https://github.com/rohe/pysaml2
4
https://github.com/ronf/asyncssh
4
https://github.com/py-pdf/pypdf
4
https://github.com/bottlepy/bottle
4
https://github.com/grpc/grpc
4
https://github.com/FreeTAKTeam/UI
4
https://github.com/simonw/datasette
4
https://github.com/tornadoweb/tornado
4
https://github.com/saleor/saleor
4
https://github.com/psf/requests
4
https://github.com/openstack/cinder
3
https://github.com/beancount/fava
3
https://github.com/encode/starlette
3
https://github.com/onnx/onnx
3
https://github.com/python/cpython
3
https://github.com/ome/omero-web
3
https://github.com/Cog-Creators/Red-DiscordBot
3
https://github.com/dgtlmoon/changedetection.io
3
https://github.com/paramiko/paramiko
3
https://github.com/pallets/jinja
3
https://github.com/rochacbruno/quokka
3
https://github.com/poezio/slixmpp
3
https://github.com/pallets/flask
3
https://github.com/django-helpdesk/django-helpdesk
3
https://github.com/run-llama/llama_index
3
https://github.com/pretix/pretix
3
https://github.com/openstack/swift
3
https://github.com/pytorch/serve
3
https://github.com/djblets/djblets
3
https://github.com/dlitz/pycrypto
3
https://github.com/openstack/python-keystoneclient
3
https://github.com/pyca/pyopenssl
3
https://github.com/openstack/octavia
3
https://github.com/pygments/pygments
3
https://github.com/pypa/advisory-db
3
https://github.com/openstack/glance
3
https://github.com/mitmproxy/mitmproxy
3
https://github.com/Gerapy/Gerapy
3
https://github.com/theupdateframework/python-tuf
3
https://github.com/theupdateframework/tuf
3
https://github.com/github/securitylab
3
https://github.com/ansible/ansible-runner
3
https://github.com/trentm/python-markdown2
3
https://github.com/gventuri/pandas-ai
3
https://github.com/andialbrecht/sqlparse
3
https://github.com/home-assistant/core
3
https://github.com/lepture/mistune
3
https://github.com/httplib2/httplib2
3
https://github.com/wasm3/wasm3
3
https://github.com/hyperledger/indy-node
3
https://github.com/IdentityPython/pysaml2
3
https://github.com/impredicative/bitlyshortener
3
https://github.com/yaml/pyyaml
3
https://github.com/9001/copyparty
3
https://github.com/zenml-io/zenml
3
https://github.com/indico/indico
3
https://github.com/jupyterlab/jupyterlab
3
https://github.com/jupyterhub/jupyterhub
3
https://github.com/streamlit/streamlit
3
https://github.com/sqlalchemy/sqlalchemy
3
https://github.com/mpdavis/python-jose
3
https://github.com/nltk/nltk
3
https://github.com/faucetsdn/ryu
3
https://github.com/moinwiki/moin-1.9
3
https://github.com/sosreport/sos
3
https://github.com/MobSF/Mobile-Security-Framework-MobSF
3
https://github.com/furlongm/openvpn-monitor
3
https://gitlab.com/mayan-edms/mayan-edms
3
https://github.com/Kozea/CairoSVG
2
https://github.com/DataDog/guarddog
2
https://github.com/dask/distributed
2
https://github.com/pretalx/pretalx
2
https://github.com/nexB/scancode.io
2
https://github.com/plone/Products.ATContentTypes
2
https://github.com/protocolbuffers/protobuf
2
https://github.com/ethereum/eth-abi
2
https://github.com/plone/plone.restapi
2
https://github.com/facebookresearch/ParlAI
2
https://github.com/IncludeSecurity/safeurl-python
2
https://github.com/cure53/DOMPurify
2
https://github.com/executablebooks/markdown-it-py
2
https://github.com/NVIDIA/NeMo
2
https://github.com/corydolphin/flask-cors
2
https://github.com/pyinstaller/pyinstaller
2
https://github.com/jupyterhub/jupyter-server-proxy
2
https://github.com/eventlet/eventlet
2
https://github.com/inventree/inventree
2
https://github.com/jrspruitt/ubi_reader
2
https://github.com/jpadilla/pyjwt
2
https://github.com/jelmer/dulwich
2
https://github.com/jdennis/keycloak-httpd-client-install
2
https://github.com/jaraco/keyring
2
https://github.com/openstack/magnum
2
https://github.com/mirumee/saleor
2
https://github.com/MirahezeBots/sopel-channelmgnt
2
https://github.com/geopython/OWSLib
2
https://github.com/moggers87/django-sendfile2
2
https://github.com/materialsproject/pymatgen
2
https://github.com/openstack/tripleo-heat-templates
2
https://github.com/goToMain/libosdp
2
https://github.com/marshmallow-code/webargs
2
https://github.com/django-wiki/django-wiki
2
https://github.com/OpenZeppelin/cairo-contracts
2
https://github.com/mongodb/mongo-python-driver
2
https://github.com/FreeTAKTeam/FreeTakServer
2
https://github.com/man-group/dtale
2
https://github.com/embedchain/embedchain
2
https://github.com/heartexlabs/label-studio
2
https://github.com/encode/uvicorn
2
https://github.com/html5lib/html5lib-python
2
https://github.com/FreeOpcUa/opcua-asyncio
2
https://github.com/httpie/httpie
2
https://github.com/Legrandin/pycryptodome
2
https://github.com/DIRACGrid/DIRAC
2
https://github.com/labd/wagtail-2fa
2
https://github.com/petl-developers/petl
2
https://github.com/Netflix/lemur
2
https://github.com/piccolo-orm/piccolo
2
https://github.com/devsnd/cherrymusic
2
https://github.com/dbt-labs/dbt-core
2