Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
pypi Security Advisories
Loading...
Critical
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 5 months ago
GSA_kwCzR0hTQS01NTR3LXhoNGotOHc2NM4AA3yh
Path traversal in MLflowEcosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 5 months ago
Critical
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 39.1
Published: 5 months ago
GSA_kwCzR0hTQS1ncXZmLTNoZ3AtNWh4ds4AA3xA
Gradio Exposure of Sensitive Information to an Unauthorized Actor vulnerabilityEcosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 39.1
Published: 5 months ago
Critical
Ecosystems: pypi
Packages: h2o
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: 5 months ago
GSA_kwCzR0hTQS1ncXJxLWo2cG0tOThjMs4AA3w5
External Control of File Name or Path in h2oai/h2o-3Ecosystems: pypi
Packages: h2o
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: 5 months ago
Moderate
Ecosystems: pypi
Packages: ckan
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 5 months ago
GSA_kwCzR0hTQS03ZmdjLTg5Y3gtdzhqNc4AA3v5
Out of memory error when submitting the dataset form with a specially-crafted fieldEcosystems: pypi
Packages: ckan
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 5 months ago
Low
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 5 months ago
GSA_kwCzR0hTQS03NW1jLTNwamMtNzI3cc4AA3uo
Unauthenticated db-file-storage viewsEcosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 5 months ago
High
Ecosystems: pypi
Packages: meraki
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 5 months ago
GSA_kwCzR0hTQS02eDRoLTk2MjItZnFyNs4AA3un
Improper validation in merakiEcosystems: pypi
Packages: meraki
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 5 months ago
Critical
Ecosystems: pypi
Packages: sap-xssec
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 5 months ago
GSA_kwCzR0hTQS02bWpnLTM3Y3AtNDJ4Nc4AA3ul
Improper Privilege Management in sap-xssecEcosystems: pypi
Packages: sap-xssec
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 5 months ago
High
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 5 months ago
GSA_kwCzR0hTQS02bTk3LTc1MjctbWg3NM4AA3uZ
incorrect storage layout for contracts containing large arraysEcosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 5 months ago
Moderate
Ecosystems: pypi
Packages: ansible-core
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: 5 months ago
GSA_kwCzR0hTQS03ajY5LXFmYzMtMmZxOc4AA3tj
Ansible template injection vulnerabilityEcosystems: pypi
Packages: ansible-core
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: 5 months ago
High
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: 5 months ago
GSA_kwCzR0hTQS12OTQ1LXIzcmMtNmZqbc4AA3ti
Path traversal in MLflowEcosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: 5 months ago
Moderate
Ecosystems: pypi
Packages: mltable
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: 5 months ago
GSA_kwCzR0hTQS1tNXBjLTg2eDgtd2N4Z84AA3tX
Exposure of Sensitive Information in mltableEcosystems: pypi
Packages: mltable
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: 5 months ago
High
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: 5 months ago
GSA_kwCzR0hTQS1jeGZyLTVxM3ItMnJjMs4AA3r7
Jinja2 template injection in mlflowEcosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: 5 months ago
Critical
Ecosystems: pypi
Packages: sap-xssec
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 5 months ago
GSA_kwCzR0hTQS1wOTloLXBmZzYtcXJmZ84AA3r0
Privilege escalation in sap-xssecEcosystems: pypi
Packages: sap-xssec
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 5 months ago
Moderate
Ecosystems: pypi
Packages: mindsdb
Source: GitHub Advisory Database
Blast Radius: 9.9
Published: 5 months ago
GSA_kwCzR0hTQS1jcmhwLTdjNzQtY2c0Y84AA3q6
Improper Input Validation in mindsdbEcosystems: pypi
Packages: mindsdb
Source: GitHub Advisory Database
Blast Radius: 9.9
Published: 5 months ago
Moderate
Ecosystems: pypi
Packages: mindsdb
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: 5 months ago
GSA_kwCzR0hTQS0zNG1yLTZxOHgtZzlyNs4AA3q5
Server-Side Request Forgery in mindsdbEcosystems: pypi
Packages: mindsdb
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: 5 months ago
High
Ecosystems: pypi
Packages: pyinstaller
Source: GitHub Advisory Database
Blast Radius: 34.2
Published: 5 months ago
GSA_kwCzR0hTQS05dzJwLXJoOGMtdjlnNc4AA3pj
Local Privilege Escalation in WindowsEcosystems: pypi
Packages: pyinstaller
Source: GitHub Advisory Database
Blast Radius: 34.2
Published: 5 months ago
Low
Ecosystems: pypi
Packages: dbt-core
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 5 months ago
GSA_kwCzR0hTQS1qNGczLTNxOHgtanhxcM4AA3ow
dbt-core's secret env vars written to package-lock.json in plaintextEcosystems: pypi
Packages: dbt-core
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 5 months ago
Moderate
Ecosystems: pypi
Packages: dockerspawner
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: 5 months ago
GSA_kwCzR0hTQS1oZmdyLWgzdmMtcDZjMs4AA3og
DockerSpawner allows any image by defaultEcosystems: pypi
Packages: dockerspawner
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: 5 months ago
Moderate
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: 5 months ago
GSA_kwCzR0hTQS12d2hmLTN2Nngtd2ZmOM4AA3mS
Cross-site Scripting (XSS) in MLflowEcosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: 5 months ago
Moderate
Ecosystems: swift, pypi, pub, packagist, cargo, rubygems, nuget, go, maven, npm
Packages: github.com/pubnub/swift, pubnub, pubnub/pubnub, Pubnub, github.com/pubnub/go/v5, github.com/pubnub/go/v6, github.com/pubnub/go, github.com/pubnub/go/v7, com.pubnub:pubnub, com.pubnub:pubnub-kotlin
Source: GitHub Advisory Database
Blast Radius: 82.5
Published: 5 months ago
GSA_kwCzR0hTQS01ODQ0LXEzZmMtNTZyaM4AA3lZ
pubnub Insufficient Entropy vulnerabilityEcosystems: swift, pypi, pub, packagist, cargo, rubygems, nuget, go, maven, npm
Packages: github.com/pubnub/swift, pubnub, pubnub/pubnub, Pubnub, github.com/pubnub/go/v5, github.com/pubnub/go/v6, github.com/pubnub/go, github.com/pubnub/go/v7, com.pubnub:pubnub, com.pubnub:pubnub-kotlin
Source: GitHub Advisory Database
Blast Radius: 82.5
Published: 5 months ago
Low
Ecosystems: pypi
Packages: PyDrive2
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 5 months ago
GSA_kwCzR0hTQS12NWY2LWhqbWYtOW1jNc4AA3lG
PyDrive2's unsafe YAML deserialization in LoadSettingsFile allows arbitrary code executionEcosystems: pypi
Packages: PyDrive2
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 5 months ago
Moderate
Ecosystems: pypi
Packages: jupyter-server
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: 5 months ago
GSA_kwCzR0hTQS1oNTZnLWdxOXYtdmM4cs4AA3kx
jupyter-server errors include tracebacks with path informationEcosystems: pypi
Packages: jupyter-server
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: 5 months ago
High
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 6 months ago
GSA_kwCzR0hTQS13cXhmLTQ0N20tNmY1Zs4AA3kN
Information exposure in MLflowEcosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 6 months ago
High
Ecosystems: pypi
Packages: fastapi-proxy-lib
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
GSA_kwCzR0hTQS03dndyLWc2cG0tOWhjOM4AA3e0
Cookie leakage between different users in fastapi-proxy-libEcosystems: pypi
Packages: fastapi-proxy-lib
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Moderate
Ecosystems: pypi
Packages: Dpaste
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 6 months ago
GSA_kwCzR0hTQS1yOGo5LTVjajctY3YzOc4AA3ey
Reflected XSS Vulnerability in dpasteEcosystems: pypi
Packages: Dpaste
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 6 months ago
Moderate
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: 6 months ago
GSA_kwCzR0hTQS1qZmhtLTVnaGgtMmY5N84AA3Zw
cryptography vulnerable to NULL-dereference when loading PKCS7 certificatesEcosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: 6 months ago
High
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: 6 months ago
GSA_kwCzR0hTQS1mNjc4LWo1NzktNHhmNc4AA3Zv
Apache Superset - Elevation of PrivilegeEcosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: 6 months ago
Moderate
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 6 months ago
GSA_kwCzR0hTQS1mZ3B3LTR3NjktajI1Ns4AA3Zs
Apache Superset Exposure of Sensitive Information to an Unauthorized Actor vulnerabilityEcosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 6 months ago
Moderate
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 6 months ago
GSA_kwCzR0hTQS0zaHA3LTRxcTQtdjVjNs4AA3Zt
Apache Superset Allocation of Resources Without Limits or Throttling vulnerabilityEcosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 6 months ago
Moderate
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: 6 months ago
GSA_kwCzR0hTQS1oYzc0LTl2am0tYzl4ds4AA3Zp
Apache Superset Open Redirect vulnerabilityEcosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: 6 months ago
High
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 34.7
Published: 6 months ago
GSA_kwCzR0hTQS1xM3F4LWM2ZzItN3B3Ms4AA3Yd
aiohttp's ClientSession is vulnerable to CRLF injection via versionEcosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 34.7
Published: 6 months ago
Moderate
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 25.6
Published: 6 months ago
GSA_kwCzR0hTQS1xdnJ3LXY5cnYtNXJqeM4AA3Yc
aiohttp's ClientSession is vulnerable to CRLF injection via methodEcosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 25.6
Published: 6 months ago
Moderate
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
GSA_kwCzR0hTQS1wamp3LXFoZzgtcDJwOc4AA3Yb
aiohttp has vulnerable dependency that is vulnerable to request smugglingEcosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 6 months ago
GSA_kwCzR0hTQS13cThxLTk5cDUteGZyd84AA3Xf
Apache Superset Cross-site Scripting vulnerabilityEcosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 6 months ago
Moderate
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 6 months ago
GSA_kwCzR0hTQS12djY1LWZqZmotNDczNs4AA3Xl
Apache Superset has Incorrect Default PermissionsEcosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 6 months ago
Moderate
Ecosystems: pypi
Packages: eth-abi
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 6 months ago
GSA_kwCzR0hTQS1ycXI4LXB4aDctY3EzZ84AA3W5
Ethereum ABI decoder DoS when parsing ZSTEcosystems: pypi
Packages: eth-abi
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 6 months ago
High
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: 6 months ago
GSA_kwCzR0hTQS1jZjlmLXdtaHAtdjRwcs4AA3U3
Cross-site Scripting potential in custom links, job buttons, and computed fieldsEcosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: 6 months ago
Critical
Ecosystems: pypi
Packages: apache-submarine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
GSA_kwCzR0hTQS12NWdqLWZ4M2ctaGNwd84AA3TT
SQL injection in Apache SubmarineEcosystems: pypi
Packages: apache-submarine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
Ecosystems: pypi
Packages: nautobot-device-onboarding
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
GSA_kwCzR0hTQS1xZjNjLXJ3OWYtamg3ds4AA3S4
Clear Text Credentials Exposed via Onboarding TaskEcosystems: pypi
Packages: nautobot-device-onboarding
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
GSA_kwCzR0hTQS1oNzNtLXBjZnctMjVoMs4AA3S3
Download to arbitrary folder can lead to RCEEcosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
Ecosystems: pypi
Packages: fastbots
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 6 months ago
GSA_kwCzR0hTQS12Y2NnLWY0Z3AtNDV4Oc4AA3S2
Eval Injection in fastbotsEcosystems: pypi
Packages: fastbots
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 6 months ago
Moderate
Ecosystems: pypi
Packages: torchserve
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: 6 months ago
GSA_kwCzR0hTQS1tMm1qLXByNGYtaDlqcM4AA3R9
TorchServe ZipSlipEcosystems: pypi
Packages: torchserve
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: 6 months ago
High
Ecosystems: pypi
Packages: upydev
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
GSA_kwCzR0hTQS1xYzRqLWhyajYtY3BwZs4AA3R3
upydev has weak encryption paddingEcosystems: pypi
Packages: upydev
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
Ecosystems: pypi
Packages: apache-submarine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
GSA_kwCzR0hTQS04aGNyLTV4MmctOWY3as4AA3Qs
Deserialization of Untrusted Data in apache-submarineEcosystems: pypi
Packages: apache-submarine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
Ecosystems: pypi
Packages: ibis-framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
GSA_kwCzR0hTQS14NTYzLTZocXYtMjZtcs4AA3P0
Ibis PyArrow dependency allows arbitrary code execution when loading a malicious data fileEcosystems: pypi
Packages: ibis-framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
Ecosystems: pypi
Packages: ray
Source: GitHub Advisory Database
Blast Radius: 33.1
Published: 6 months ago
GSA_kwCzR0hTQS02Y3hyLThxM20tandycs4AA3Oe
Ray Missing Authorization vulnerabilityEcosystems: pypi
Packages: ray
Source: GitHub Advisory Database
Blast Radius: 33.1
Published: 6 months ago
Critical
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 33.7
Published: 6 months ago
GSA_kwCzR0hTQS00cXE1LW14eHgtbTZnZ84AA3Oh
MLflow authentication requirement bypass can allow a user to arbitrarily create an accountEcosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 33.7
Published: 6 months ago
High
Ecosystems: pypi
Packages: localstack
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: 6 months ago
GSA_kwCzR0hTQS04NjMzLWczcGgtOTdycM4AA3OH
Missing SSL certificate validation in localstackEcosystems: pypi
Packages: localstack
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: 6 months ago
Critical
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 6 months ago
GSA_kwCzR0hTQS1mNzk4LXFtNHItMjNyNc4AA3ON
MLflow allowed arbitrary files to be PUT onto the serverEcosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 6 months ago
High
Ecosystems: pypi
Packages: pypinksign
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 6 months ago
GSA_kwCzR0hTQS1meGZmLXd4eHYtYzJqY84AA3OX
PyPinkSign uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryptionEcosystems: pypi
Packages: pypinksign
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 6 months ago
Critical
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 6 months ago
GSA_kwCzR0hTQS01cDNoLTdmd2gtOTJyY84AA3OR
Remote Code Execution due to Full Controled File Write in mlflowEcosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 6 months ago
High
Ecosystems: pypi
Packages: prefect
Source: GitHub Advisory Database
Blast Radius: 25.4
Published: 6 months ago
GSA_kwCzR0hTQS00aGg1LTI2NzgtODNmeM4AA3N-
Cross-Site Request Forgery vulnerability in PrefectEcosystems: pypi
Packages: prefect
Source: GitHub Advisory Database
Blast Radius: 25.4
Published: 6 months ago
High
Ecosystems: pypi
Packages: httpie
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: 6 months ago
GSA_kwCzR0hTQS04cjk2LTg4ODktcWcyeM4AA3OE
HTTPie allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attackEcosystems: pypi
Packages: httpie
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: 6 months ago
Critical
Ecosystems: pypi
Packages: ray
Source: GitHub Advisory Database
Blast Radius: 34.9
Published: 6 months ago
GSA_kwCzR0hTQS1oM3hnLXd2NTgtNXA0M84AA3OI
Ray OS Command Injection vulnerabilityEcosystems: pypi
Packages: ray
Source: GitHub Advisory Database
Blast Radius: 34.9
Published: 6 months ago
Critical
Ecosystems: pypi
Packages: ray
Source: GitHub Advisory Database
Blast Radius: 33.1
Published: 6 months ago
GSA_kwCzR0hTQS0zcHd3LXF2cjgtNm1ocM4AA3N9
Ray Path Traversal vulnerabilityEcosystems: pypi
Packages: ray
Source: GitHub Advisory Database
Blast Radius: 33.1
Published: 6 months ago
High
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
GSA_kwCzR0hTQS04MnZyLTU3NjktNjM1OM4AA3Nk
Ethyca Fides Cryptographically Weak Generation of One-Time Codes for Identity VerificationEcosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Moderate
Ecosystems: pypi
Packages: yt-dlp
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: 6 months ago
GSA_kwCzR0hTQS0zY2gzLWpoYzYtNXI4eM4AA3MJ
yt-dlp Generic Extractor MITM Vulnerability via Arbitrary Proxy InjectionEcosystems: pypi
Packages: yt-dlp
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: 6 months ago
Moderate
Ecosystems: pypi
Packages: galaxy-importer
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: 6 months ago
GSA_kwCzR0hTQS01NWcyLXZtM3EtN3c1Ms4AA3Lb
Ansible galaxy-importer Path Traversal vulnerabilityEcosystems: pypi
Packages: galaxy-importer
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: 6 months ago
High
Ecosystems: pypi
Packages: vantage6-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
GSA_kwCzR0hTQS12YzN2LXBwYzctdjQ4Ns4AA3K2
vantage6-server node accepts non-whitelisted algorithms from malicious serverEcosystems: pypi
Packages: vantage6-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 25.6
Published: 6 months ago
GSA_kwCzR0hTQS1nZncyLTRqdmgtd2dmZ84AA3K1
AIOHTTP has problems in HTTP parser (the python one, not llhttp)Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 25.6
Published: 6 months ago
Low
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: 6 months ago
GSA_kwCzR0hTQS14eDlwLXh4dmgtN2c4as4AA3Hw
Aiohttp has inconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` differing in C and Python fallbacksEcosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: 6 months ago
High
Ecosystems: pypi
Packages: label-studio
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: 6 months ago
GSA_kwCzR0hTQS02aGpqLWdxNzctajRxd84AA3GL
Label Studio Object Relational Mapper Leak Vulnerability in Filtering TaskEcosystems: pypi
Packages: label-studio
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: 6 months ago
High
Ecosystems: pypi
Packages: remarshal
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: 6 months ago
GSA_kwCzR0hTQS1ndzdnLXFyOHctMzQ0OM4AA3Dw
Remarshal expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs AttackEcosystems: pypi
Packages: remarshal
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: 6 months ago
Critical
Ecosystems: pypi
Packages: piccolo
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: 6 months ago
GSA_kwCzR0hTQS14cTU5LTdqZjMtcmpjNs4AA3C2
piccolo SQL Injection via named transaction savepointsEcosystems: pypi
Packages: piccolo
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: 6 months ago
Moderate
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 6 months ago
GSA_kwCzR0hTQS1obTlyLTdmODQtMjVjOc4AA3Cv
Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notesEcosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 6 months ago
Moderate
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: 6 months ago
GSA_kwCzR0hTQS1yN3g2LXhmY20tM214ds4AA3Cw
Apache Airflow vulnerable to Exposure of Sensitive Information to an Unauthorized ActorEcosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: 6 months ago
High
Ecosystems: pypi
Packages: asyncssh
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: 6 months ago
GSA_kwCzR0hTQS1jMzVxLWZmcGYtNXFwbc4AA3BV
AsyncSSH Rogue Session AttackEcosystems: pypi
Packages: asyncssh
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: 6 months ago
High
Ecosystems: pypi
Packages: esptool
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: 6 months ago
GSA_kwCzR0hTQS0zZjM4LTk2cW0tcjNmd84AA3BJ
esptool allows attackers to view sensitive information via weak cryptographic algorithmEcosystems: pypi
Packages: esptool
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: 6 months ago
Moderate
Ecosystems: pypi
Packages: asyncssh
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: 6 months ago
GSA_kwCzR0hTQS1jZmMyLXdyMnYtZ3htNc4AA3BH
AsyncSSH Rogue Extension NegotiationEcosystems: pypi
Packages: asyncssh
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: 6 months ago
Critical
Ecosystems: pypi
Packages: label-studio
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 6 months ago
GSA_kwCzR0hTQS1mNDc1LXg4M20tcng1bc4AA3Ax
Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session TokensEcosystems: pypi
Packages: label-studio
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 6 months ago
Critical
Ecosystems: pypi
Packages: pyarrow
Source: GitHub Advisory Database
Blast Radius: 42.9
Published: 6 months ago
GSA_kwCzR0hTQS01d3ZwLTdmM2gtNndtbc4AA3Am
PyArrow: Arbitrary code execution when loading a malicious data fileEcosystems: pypi
Packages: pyarrow
Source: GitHub Advisory Database
Blast Radius: 42.9
Published: 6 months ago
Moderate
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
GSA_kwCzR0hTQS0zdnBmLW1jajctNWgzOM4AA2_U
Ethyca Fides HTML Injection Vulnerability in HTML-Formatted DSR PackagesEcosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Moderate
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 29.9
Published: 7 months ago
GSA_kwCzR0hTQS1oOGdjLXBnajItdmptM84AA25m
Django Denial-of-service in django.utils.text.TruncatorEcosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 29.9
Published: 7 months ago
High
Ecosystems: pypi
Packages: pillow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 7 months ago
GSA_kwCzR0hTQS04Z2hqLXA0dmotbXIzNc4AA250
Pillow Denial of Service vulnerabilityEcosystems: pypi
Packages: pillow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 7 months ago
Moderate
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: 7 months ago
GSA_kwCzR0hTQS03aDRwLTI3bWgtaG1yd84AA25h
Django Denial of service vulnerability in django.utils.encoding.uri_to_iriEcosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: 7 months ago
High
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: 7 months ago
GSA_kwCzR0hTQS1xbWY5LTZqcWYtajhmcc4AA23t
Django potential denial of service vulnerability in UsernameField on WindowsEcosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: 7 months ago
Critical
Ecosystems: pypi
Packages: transmute-core
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: 7 months ago
GSA_kwCzR0hTQS13OWNwLTN4NzktMnA4cM4AA23u
transmute-core unsafe YAML deserialization vulnerabilityEcosystems: pypi
Packages: transmute-core
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: 7 months ago
Moderate
Ecosystems: pypi
Packages: pypdf
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: 7 months ago
GSA_kwCzR0hTQS13amNjLWNxNzktcDYzZs4AA21E
Possible Infinite Loop when PdfWriter(clone_from) is used with a PDFEcosystems: pypi
Packages: pypdf
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: 7 months ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 7 months ago
GSA_kwCzR0hTQS1tcDkyLTNqZm0tMzU3Nc4AA206
Synapse vulnerable to leak of remote user device informationEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 7 months ago
High
Ecosystems: pypi
Packages: apache-airflow, apache-airflow-providers-celery
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: 7 months ago
GSA_kwCzR0hTQS02NjZnLXJmYzUtYzlqds4AA2wn
Apache Airflow Celery provider Insertion of Sensitive Information into Log File vulnerabilityEcosystems: pypi
Packages: apache-airflow, apache-airflow-providers-celery
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: 7 months ago
Moderate
Ecosystems: pypi
Packages: homeassistant
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 7 months ago
GSA_kwCzR0hTQS1xaGhqLTdocmMtZ3FqNc4AA2ur
Home Assistant vulnerable to account takeover via auth_callback loginEcosystems: pypi
Packages: homeassistant
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 7 months ago
Moderate
Ecosystems: pypi
Packages: twisted
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: 7 months ago
GSA_kwCzR0hTQS14Yzh4LXZwNzktcDN3bc4AA2sO
twisted.web has disordered HTTP pipeline responseEcosystems: pypi
Packages: twisted
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: 7 months ago
Moderate
Ecosystems: pypi
Packages: pip
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: 7 months ago
GSA_kwCzR0hTQS1tcTI2LWczMzktMjZ4Zs4AA2sC
Command Injection in pip when used with MercurialEcosystems: pypi
Packages: pip
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: 7 months ago
Moderate
Ecosystems: pypi
Packages: werkzeug
Source: GitHub Advisory Database
Blast Radius: 27.4
Published: 7 months ago
GSA_kwCzR0hTQS1ocmZ2LW1xcDgtcTVyd84AA2oc
Werkzeug DoS: High resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginningEcosystems: pypi
Packages: werkzeug
Source: GitHub Advisory Database
Blast Radius: 27.4
Published: 7 months ago
Moderate
Ecosystems: pypi
Packages: dtale
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 7 months ago
GSA_kwCzR0hTQS1qcTZjLXI5eGYtcXhqbc4AA2ob
dtale vulnerable to Remote Code Execution through the Custom Filter InputEcosystems: pypi
Packages: dtale
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 7 months ago
High
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 7 months ago
GSA_kwCzR0hTQS1yMmh3LTc0eHYtNGdxcM4AA2oV
Nautobot vulnerable to exposure of hashed user passwords via REST APIEcosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 7 months ago
Low
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
GSA_kwCzR0hTQS1mZ2pqLTVqbXItZ2g4M84AA2oR
Fides JavaScript Injection Vulnerability in Privacy Center URLEcosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
GSA_kwCzR0hTQS1yanhnLXJwZzMtOXI4Oc4AA2oP
Fides Information Disclosure Vulnerability in Config API EndpointEcosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
GSA_kwCzR0hTQS1qcTN3LTltZ2YtNDNtNM4AA2oO
Fides Server-Side Request Forgery Vulnerability in Custom Integration UploadEcosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 7 months ago
GSA_kwCzR0hTQS05cXFnLW1oN2MtY2hmcc4AA2oC
Apache Airflow vulnerable to Exposure of Sensitive InformationEcosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 7 months ago
Moderate
Ecosystems: pypi
Packages: django-grappelli
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: 7 months ago
GSA_kwCzR0hTQS05eDQzLTVxY3EtaDc5cc4AA2nF
Django Grappelli Open Redirect vulnerabilityEcosystems: pypi
Packages: django-grappelli
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: 7 months ago
Moderate
Ecosystems: pypi
Packages: coderedcms
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: 7 months ago
GSA_kwCzR0hTQS1oNDU0LXJxM20tODlyY84AA2nE
Wagtail CRX CodeRed Extensions vulnerable to Path TraversalEcosystems: pypi
Packages: coderedcms
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: 7 months ago
Critical
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 7 months ago
GSA_kwCzR0hTQS04aDV3LWY2cTktd2czNc4AA2mm
Langchain SQL Injection vulnerabilityEcosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 7 months ago
High
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 32.0
Published: 7 months ago
GSA_kwCzR0hTQS02aDhwLTRoeDktdzY2Y84AA2mq
Langchain Server-Side Request Forgery vulnerabilityEcosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 32.0
Published: 7 months ago
High
Ecosystems: pypi
Packages: pdm
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: 7 months ago
GSA_kwCzR0hTQS1qNDR2LW1tZjIteHZtOc4AA2mh
PDM Trojan LockfileEcosystems: pypi
Packages: pdm
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: 7 months ago
Moderate
Ecosystems: pypi
Packages: modoboa
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: 7 months ago
GSA_kwCzR0hTQS01N2NyLXJxM2YtcHBteM4AA2me
modoboa Cross-Site Request Forgery vulnerabilityEcosystems: pypi
Packages: modoboa
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: 7 months ago
High
Ecosystems: pypi
Packages: modoboa
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: 7 months ago
GSA_kwCzR0hTQS05d2ozLWNmcTgtd3B2as4AA2mc
modoboa Cross-site Scripting vulnerabilityEcosystems: pypi
Packages: modoboa
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: 7 months ago
Critical
Ecosystems: pypi
Packages: modoboa
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 7 months ago
GSA_kwCzR0hTQS1wcWdtLTlnODItd2NtN84AA2mf
modoboa Cross-site Scripting vulnerabilityEcosystems: pypi
Packages: modoboa
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 7 months ago
Moderate
Ecosystems: pypi
Packages: mycli
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
GSA_kwCzR0hTQS12OXZqLTlweHYtbXIyd84AA2kx
mycli has Inadequate Encryption StrengthEcosystems: pypi
Packages: mycli
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
Ecosystems: pypi
Packages: archivebox
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 7 months ago
GSA_kwCzR0hTQS1jcjQ1LTk4dzktZ3dxeM4AA2kE
Viewing wget extractor output while logged in as an admin allows archived JS to execute in the admins contextEcosystems: pypi
Packages: archivebox
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 7 months ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 779
Ecosystems: 12
Packages: 8,381
Repositories: 779
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
tensorflow
432
tensorflow-cpu
387
tensorflow-gpu
384
django
80
apache-airflow
78
ansible
63
salt
53
Plone
52
apache-superset
49
nova
45
plone
43
rdiffweb
42
Pillow
41
vyper
38
matrix-synapse
35
moin
34
mlflow
33
Django
30
opencv-python
30
opencv-contrib-python
30
keystone
30
langchain
18
glance
18
mercurial
17
PaddlePaddle
17
cobbler
17
pillow
16
neutron
16
cryptography
15
paddlepaddle
15
gradio
15
notebook
15
modoboa
14
pyftpdlib
14
pyload-ng
14
OctoPrint
13
vantage6
12
swift
12
aiohttp
11
onionshare-cli
11
twisted
11
calibreweb
11
urllib3
11
horizon
11
wagtail
10
trytond
10
Flask-AppBuilder
10
ethyca-fides
9
zope
9
waitress
9
Zope
9
kiwitcms
9
opencv-contrib-python-headless
9
opencv-python-headless
9
ryu
9
roundup
9
nautobot
9
label-studio
8
cinder
8
trac
8
numpy
8
aubio
8
python-keystoneclient
8
scrapy
7
pgadmin4
7
jupyter-server
7
ipython
7
lief
7
matrix-sydent
7
pysaml2
7
pip
7
inventree
6
mindsdb
6
sentry
6
apache-airflow-providers-apache-hive
6
Zope2
6
tuf
6
web2py
6
lxml
6
graphite-web
6
mailman
6
Moin
6
feedparser
5
python-gnupg
5
bleach
5
Products.CMFPlone
5
saleor
5
paramiko
5
pyspark
5
Jinja2
5
requests
5
lmdb
5
whoogle-search
5
ckan
5
barbican
4
tripleo-heat-templates
4
starlette
4
Scrapy
4
jupyterhub
4
oauthenticator
4
httpie
4
keylime
4
FreeTAKServer-UI
4
PyPDF2
4
omero-web
4
transformers
4
grpcio
4
markdown2
4
qutebrowser
4
grpc
4
tornado
4
werkzeug
4
yt-dlp
4
nvflare
4
nltk
4
software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
4
datasette
4
esphome
4
Keystone
4
GitPython
4
Radicale
4
reportlab
4
aws-iot-device-sdk-v2
4
ansible-core
4
jwcrypto
4
Pygments
4
Werkzeug
4
buildbot
4
pretix
4
bottle
4
awsiotsdk
4
Flask-Security-Too
4
ecdsa
3
ujson
3
ray
3
Weblate
3
ajenti
3
asyncssh
3
pyarrow
3
Kallithea
3
sanic
3
changedetection.io
3
sosreport
3
flask
3
io.grpc:grpc-protobuf
3
onnx
3
sickrage
3
Mezzanine
3
mistune
3
openvpn-monitor
3
streamlit
3
copyparty
3
Nova
3
indy-node
3
aim
3
localstack
3
mayan-edms
3
pandasai
3
poetry
3
protobuf
3
gerapy
3
bitlyshortener
3
indico
3
jupyterlab
3
pywasm3
3
python-jose
3
keyring
3
wger
3
asyncua
3
apache-iotdb
3
Products.PluggableAuthService
3
rsa
3
fava
3
keystonemiddleware
3
pyyaml
3
apache-airflow-providers-apache-spark
3
docassemble.webapp
3
quokka
3
clearml
3
SQLAlchemy
3
dulwich
3
django-helpdesk
3
ansible-runner
3
slixmpp
3
sqlparse
3
octavia
3
homeassistant
3
torchserve
3
pycrypto
3
apache-libcloud
3
plone.supermodel
3
plone.app.dexterity
3
plone.app.event
3
zenml
3
mitmproxy
3
httplib2
3
plone.app.theming
3
django-unicorn
2
piccolo
2
cabot
2
Filter by Repository
https://github.com/tensorflow/tensorflow
432
https://github.com/django/django
95
https://github.com/apache/airflow
90
https://github.com/ansible/ansible
53
https://github.com/python-pillow/Pillow
52
https://github.com/ikus060/rdiffweb
42
https://github.com/vyperlang/vyper
38
https://github.com/plone/Products.CMFPlone
37
https://github.com/openstack/nova
36
https://github.com/matrix-org/synapse
32
https://github.com/saltstack/salt
32
https://github.com/PaddlePaddle/Paddle
31
https://github.com/opencv/opencv
28
https://github.com/openstack/keystone
27
https://github.com/mlflow/mlflow
27
https://github.com/cobbler/cobbler
14
https://github.com/langchain-ai/langchain
14
https://github.com/vantage6/vantage6
14
https://github.com/pyca/cryptography
14
https://github.com/pyload/pyload
14
https://github.com/gradio-app/gradio
14
https://github.com/modoboa/modoboa
13
https://github.com/twisted/twisted
12
https://github.com/aio-libs/aiohttp
11
https://github.com/urllib3/urllib3
11
https://github.com/onionshare/onionshare
11
https://github.com/scrapy/scrapy
11
https://github.com/janeczku/calibre-web
11
https://github.com/jupyter/notebook
10
https://github.com/openstack/glance
10
https://github.com/dpgaspar/Flask-AppBuilder
10
https://github.com/zopefoundation/Zope
10
https://github.com/wagtail/wagtail
10
https://github.com/apache/superset
9
https://github.com/nautobot/nautobot
9
https://github.com/pgadmin-org/pgadmin4
9
https://github.com/Pylons/waitress
9
https://github.com/giampaolo/pyftpdlib
9
https://github.com/faucetsdn/ryu
9
https://github.com/openstack/horizon
9
https://github.com/ethyca/fides
9
https://github.com/kiwitcms/Kiwi
8
https://github.com/ipython/ipython
8
https://github.com/numpy/numpy
8
https://github.com/octoprint/octoprint
8
https://github.com/openstack/neutron
7
https://github.com/lief-project/LIEF
7
https://sourceforge.net/projects/sourceforge.net
7
https://github.com/aubio/aubio
7
https://github.com/openstack/swift
7
https://github.com/lxml/lxml
6
https://github.com/OctoPrint/OctoPrint
6
https://github.com/jupyter-server/jupyter_server
6
https://github.com/pypa/pip
6
https://github.com/openstack/cinder
6
https://github.com/HumanSignal/label-studio
6
https://github.com/graphite-project/graphite-web
6
https://github.com/matrix-org/sydent
6
https://github.com/getsentry/sentry
6
https://github.com/mindsdb/mindsdb
6
https://github.com/pallets/werkzeug
6
https://github.com/mozilla/bleach
5
https://github.com/hwchase17/langchain
5
https://github.com/benbusby/whoogle-search
5
https://github.com/TeamSeri0us/pocs
5
https://github.com/gitpython-developers/GitPython
5
https://github.com/tryton/trytond
5
https://github.com/keylime/keylime
5
https://github.com/ckan/ckan
4
https://github.com/Flask-Middleware/flask-security
4
https://github.com/esphome/esphome
4
https://github.com/latchset/jwcrypto
4
https://github.com/FreeTAKTeam/UI
4
https://github.com/NVIDIA/NVFlare
4
https://github.com/qutebrowser/qutebrowser
4
https://github.com/py-pdf/pypdf
4
https://github.com/aws/aws-iot-device-sdk-java-v2
4
https://github.com/rohe/pysaml2
4
https://github.com/huggingface/transformers
4
https://github.com/ronf/asyncssh
4
https://github.com/simonw/datasette
4
https://github.com/grpc/grpc
4
https://github.com/bottlepy/bottle
4
https://github.com/psf/requests
4
https://github.com/saleor/saleor
4
https://github.com/jhpyle/docassemble
4
https://github.com/yt-dlp/yt-dlp
4
https://github.com/inventree/InvenTree
4
https://github.com/WeblateOrg/weblate
4
https://github.com/web2py/web2py
4
https://github.com/Kozea/Radicale
4
https://github.com/tornadoweb/tornado
4
https://github.com/pallets/jinja
4
https://github.com/jupyterhub/oauthenticator
4
https://sourceforge.net/projects/roject
3
https://github.com/gventuri/pandas-ai
3
https://gitlab.com/mayan-edms/mayan-edms
3
https://github.com/trentm/python-markdown2
3
https://github.com/pygments/pygments
3
https://github.com/MobSF/Mobile-Security-Framework-MobSF
3
https://github.com/ansible/ansible-runner
3
https://github.com/pyca/pyopenssl
3
https://github.com/home-assistant/core
3
https://github.com/ome/omero-web
3
https://github.com/djblets/djblets
3
https://github.com/pretix/pretix
3
https://github.com/indico/indico
3
https://github.com/beancount/fava
3
https://github.com/furlongm/openvpn-monitor
3
https://github.com/moinwiki/moin-1.9
3
https://github.com/github/securitylab
3
https://github.com/pytorch/serve
3
https://github.com/nltk/nltk
3
https://github.com/wasm3/wasm3
3
https://github.com/python/cpython
3
https://github.com/Cog-Creators/Red-DiscordBot
3
https://github.com/jupyterlab/jupyterlab
3
https://github.com/jupyterhub/jupyterhub
3
https://github.com/Gerapy/Gerapy
3
https://github.com/mitmproxy/mitmproxy
3
https://github.com/rochacbruno/quokka
3
https://github.com/openstack/octavia
3
https://github.com/andialbrecht/sqlparse
3
https://github.com/encode/starlette
3
https://github.com/pypa/advisory-db
3
https://github.com/run-llama/llama_index
3
https://github.com/openstack/python-keystoneclient
3
https://github.com/dlitz/pycrypto
3
https://github.com/mpdavis/python-jose
3
https://github.com/pallets/flask
3
https://github.com/lepture/mistune
3
https://github.com/sqlalchemy/sqlalchemy
3
https://github.com/hyperledger/indy-node
3
https://github.com/9001/copyparty
3
https://github.com/theupdateframework/python-tuf
3
https://github.com/yaml/pyyaml
3
https://github.com/sosreport/sos
3
https://github.com/django-helpdesk/django-helpdesk
3
https://github.com/dgtlmoon/changedetection.io
3
https://github.com/theupdateframework/tuf
3
https://github.com/onnx/onnx
3
https://github.com/impredicative/bitlyshortener
3
https://github.com/IdentityPython/pysaml2
3
https://github.com/httplib2/httplib2
3
https://github.com/poezio/slixmpp
3
https://github.com/streamlit/streamlit
3
https://github.com/paramiko/paramiko
3
https://github.com/zenml-io/zenml
3
https://github.com/ethereum/eth-abi
2
https://github.com/openstack/magnum
2
https://github.com/mirumee/saleor
2
https://github.com/petl-developers/petl
2
https://github.com/executablebooks/markdown-it-py
2
https://github.com/pytest-dev/py
2
https://github.com/piccolo-orm/piccolo
2
https://github.com/eventlet/eventlet
2
https://github.com/MirahezeBots/sopel-channelmgnt
2
https://github.com/embedchain/embedchain
2
https://github.com/python-imaging/Pillow
2
https://github.com/python-ldap/python-ldap
2
https://github.com/facebookresearch/ParlAI
2
https://github.com/python-poetry/poetry
2
https://github.com/clinical-genomics/scout
2
https://github.com/DIRACGrid/DIRAC
2
https://github.com/encode/uvicorn
2
https://github.com/pretalx/pretalx
2
https://github.com/django-wiki/django-wiki
2
https://github.com/protocolbuffers/protobuf
2
https://github.com/mongodb/mongo-python-driver
2
https://github.com/OpenZeppelin/cairo-contracts
2
https://github.com/dask/distributed
2
https://github.com/DataDog/guarddog
2
https://github.com/moggers87/django-sendfile2
2
https://github.com/openstack/tripleo-heat-templates
2
https://github.com/Netflix/lemur
2
https://github.com/cure53/DOMPurify
2
https://github.com/plone/Products.ATContentTypes
2
https://github.com/pyinstaller/pyinstaller
2
https://github.com/corydolphin/flask-cors
2
https://github.com/plone/plone.restapi
2
https://github.com/openstack/barbican
2
https://github.com/dbt-labs/dbt-core
2
https://github.com/FreeTAKTeam/FreeTakServer
2
https://github.com/geopython/OWSLib
2
https://github.com/openstack/ossa
2
https://github.com/FreeOpcUa/opcua-asyncio
2
https://github.com/nexB/scancode.io
2
https://github.com/devsnd/cherrymusic
2
https://github.com/NVIDIA/NeMo
2
https://github.com/Legrandin/pycryptodome
2
https://github.com/stchris/untangle
2
https://github.com/warner/python-ecdsa
2
https://github.com/starkbank/ecdsa-python
2
https://github.com/aws/aws-encryption-sdk-cli
2
https://github.com/snowflakedb/snowflake-connector-python
2
https://github.com/jupyterhub/jupyter-server-proxy
2
https://github.com/aws/sagemaker-python-sdk
2
https://github.com/simplegeo/python-oauth2
2
https://github.com/httpie/httpie
2