pypi
734,614 packages · pypi.org
Security Advisories in pypi
Moderate
about 6 hours ago
SPDK is vulnerable to buffer overflow in the NVMe-oF target component
pypi
spdk
Critical
about 9 hours ago
Apache Pyfory python is vulnerable to deserialization of untrusted data
pypi
pyfury, pyfory
Moderate
2 days ago
mkdocs-include-markdown-plugin susceptible to unvalidated input colliding with substitution placeholders
pypi
mkdocs-include-markdown-plugin
Low
5 days ago
JupyterLab LaTeX typesetter links did not enforce `noopener` attribute
pypi
jupyterlab
Moderate
6 days ago
Apache Airflow: Connection sensitive details exposed to users with READ permissions
pypi
apache-airflow
Moderate
7 days ago
pip's fallback tar extraction doesn't check symbolic links point to extraction directory
pypi
pip
Moderate
8 days ago
Hugging Face Transformers vulnerable to Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer
pypi
transformers
Critical
9 days ago
H2O affected by a deserialization vulnerability
pypi, maven
h2o, ai.h2o:h2o-core
High
9 days ago
Authlib: JWS/JWT accepts unknown crit headers (RFC violation → possible authz bypass)
pypi
authlib
Critical
16 days ago
mcp-kubernetes-server has an OS Command Injection vulnerability
pypi
mcp-kubernetes-server
Moderate
16 days ago
mcp-kubernetes-server has a Command Injection vulnerability
pypi
mcp-kubernetes-server
Moderate
17 days ago
Hugging Face Transformers library has Regular Expression Denial of Service
pypi
transformers
Moderate
19 days ago
Hugging Face Transformers is vulnerable to ReDoS through its MarianTokenizer
pypi
transformers
Moderate
20 days ago
Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods
pypi
flask-appbuilder
Moderate
21 days ago
Infrahub: Deleted and expired API tokens can still authenticate
pypi
infrahub-server
Moderate
21 days ago
Indico may disclose unauthorized user details access via legacy API
pypi
indico
Critical
21 days ago
Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check
pypi
picklescan
Critical
21 days ago
Picklescan is Vulnerable to Unsafe Globals Check Bypass through Subclass Imports
pypi
picklescan
High
22 days ago
MONAI does not prevent path traversal, potentially leading to arbitrary file writes
pypi
monai
High
22 days ago
OctoPrint is Vulnerable to RCE Attacks via Unsanitized Filename in File Upload
pypi
octoprint
Moderate
22 days ago
copyparty: Sharing a single file does not fully restrict access to other files in source folder
pypi
copyparty
High
23 days ago
Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation
pypi
ethyca-fides
Moderate
23 days ago
Fides Webserver API Rate Limiting Vulnerability in Proxied Environments
pypi
ethyca-fides
Low
23 days ago
Fides has a Lack of Brute-Force Protections on Authentication Endpoints
pypi
ethyca-fides
Low
23 days ago
Fides' Admin UI User Password Change Does Not Invalidate Current Session
pypi
ethyca-fides
Critical
26 days ago
internetarchive Vulnerable to Directory Traversal in File.download()
pypi
internetarchive
High
26 days ago
pgadmin4 is affected by a Cross-Origin Opener Policy (COOP) vulnerability
pypi
pgadmin4
Critical
27 days ago
Pixar OpenUSD Sdf_PathNode Module Use-After-Free Vulnerability Leading to Potential Remote Code Execution
pypi
usd-core
High
27 days ago
Langchain Community Vulnerable to XML External Entity (XXE) Attacks
pypi
langchain-community
Critical
28 days ago
DeepDiff Class Pollution in Delta class leading to DoS, Remote Code Execution, and more
pypi
deepdiff
Low
29 days ago
MobSF Path Traversal in GET /download/<filename> using absolute filenames
pypi
mobsf
Moderate
29 days ago
MobSF Vulnerable to Arbitrary File Write (AR-Slip) via Absolute Path in .a Extraction
pypi
mobsf
High
29 days ago
ESP-IDF web_server basic auth bypass using empty or incomplete Authorization header
pypi
esphome
Moderate
29 days ago
Local Deep Research's API keys are stored in plain text
pypi
local-deep-research
Moderate
about 1 month ago
Eventlet affected by HTTP request smuggling in unparsed trailers
pypi
eventlet
Low
about 1 month ago
Exiv2 has quadratic performance in ICC profile parsing in JpegBase::readMetadata
pypi
Exiv2
Low
about 1 month ago
Exiv2 Segmentation Faults in Exiv2::EpsImage::writeMetadata() via crafted EPS file
pypi
Exiv2
Moderate
about 1 month ago
Picklescan is missing detection when calling built-in python library asyncio.unix_events._UnixSubprocessTransport._start
pypi
picklescan
Moderate
about 1 month ago
Picklescan is missing detection when calling built-in python cProfile.run
pypi
picklescan
Moderate
about 1 month ago
Picklescan is missing detection when calling built-in python cProfile.runctx
pypi
picklescan
Moderate
about 1 month ago
Picklescan is missing detection when calling built-in python doctest.debug_script
pypi
picklescan
Moderate
about 1 month ago
Picklescan is missing detection when calling built-in python idlelib.pyshell.ModifiedInterpreter.runcode
pypi
picklescan
Moderate
about 1 month ago
Picklescan is missing detection when calling built-in python idlelib.pyshell.ModifiedInterpreter.runcommand
pypi
picklescan
Moderate
about 1 month ago
Picklescan is missing detection when calling built-in python idlelib.run.Executive.runcode
pypi
picklescan
Moderate
about 1 month ago
Picklescan is missing detection when calling built-in python lib2to3.pgen2.pgen.ParserGenerator.make_label
pypi
picklescan
Moderate
about 1 month ago
Picklescan is missing detection when calling built-in python ensurepip._run_pip
pypi
picklescan
Moderate
about 1 month ago
Picklescan is missing detection when calling pytorch function torch.utils.bottleneck.__main__.run_autograd_prof
pypi
picklescan
Moderate
about 1 month ago
Picklescan has a missing detection when calling built-in python library idlelib.calltip.get_entity
pypi
picklescan
Moderate
about 1 month ago
Picklescan has a missing detection when calling built-in python idlelib.calltip.Calltip
pypi
picklescan
Moderate
about 1 month ago
Picklescan has a missing detection when calling built-in python code.InteractiveInterpreter
pypi
picklescan
Moderate
about 1 month ago
Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.fetch_completions
pypi
picklescan
Moderate
about 1 month ago
Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.get_entity
pypi
picklescan
Moderate
about 1 month ago
Picklescan has a missing detection when calling built-in python idlelib.debugobj.ObjectTreeItem
pypi
picklescan
Moderate
about 1 month ago
Picklescan has a missing detection when calling built-in python lib2to3.pgen2.grammar.Grammar.loads
pypi
picklescan
Moderate
about 1 month ago
Picklescan has a missing detection when calling built-in python profile.Profile.runctx
pypi
picklescan
Moderate
about 1 month ago
Picklescan has a missing detection when calling built-in python profile.Profile.run
pypi
picklescan
Moderate
about 1 month ago
Picklescan has a missing detection when calling built-in python trace.Trace.runctx
pypi
picklescan
Moderate
about 1 month ago
Picklescan has a missing detection when calling built-in python trace.Trace.run
pypi
picklescan
High
about 1 month ago
LlamaIndex affected by a Denial of Service (DOS) in JSONReader
pypi
llama-index-core
Moderate
about 1 month ago
mitmproxy binaries embed a vulnerable python-hyper/h2 dependency
pypi
mitmproxy
Moderate
about 1 month ago
h2 allows HTTP Request Smuggling due to illegal characters in headers
pypi
h2
High
about 1 month ago
XGrammar affected by Denial of Service by infinite recursion grammars
pypi
xgrammar
High
about 1 month ago
Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation (Post-RCE)
pypi
langflow-base, langflow
Moderate
about 1 month ago
Picklescan missing detection when calling pytorch function torch.utils._config_module.load_config
pypi
picklescan
Moderate
about 1 month ago
Picklescan missing detection when calling pytorch function torch.jit.unsupported_tensor_ops.execWrapper
pypi
picklescan
Moderate
about 1 month ago
Picklescan missing detection when calling pytorch function torch.utils.data.datapipes.utils.decoder.basichandlers
pypi
picklescan
Moderate
about 1 month ago
Picklescan missing detection when calling pytorch function torch.utils.collect_env.run
pypi
picklescan
Moderate
about 1 month ago
Picklescan missing detection when calling pytorch function torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression
pypi
picklescan
Moderate
about 1 month ago
Picklescan missing detection when calling pytorch function torch._dynamo.guards.GuardBuilder.get
pypi
picklescan
Moderate
about 1 month ago
Picklescan missing detection when calling pytorch function torch.utils.bottleneck.__main__.run_cprofile
pypi
picklescan
High
about 1 month ago
Denial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljs
pypi
pyload-ng
High
about 1 month ago
vLLM has remote code execution vulnerability in the tool call parser for Qwen3-Coder
pypi
vllm
Moderate
about 1 month ago
Copier's safe template has filesystem write access outside destination path
pypi
copier
High
about 1 month ago
Copier's safe template has arbitrary filesystem read/write access
pypi
copier
High
about 2 months ago
Python-Future Module Arbitrary Code Execution via Unintended Import of test.py
pypi
future
Moderate
about 2 months ago
Apache Superset has bypass of `DISALLOWED_SQL_FUNCTIONS` that allows execution of blocked SQL functions
pypi
apache-superset
Moderate
about 2 months ago
Apache Superset's chart visualization has a stored Cross-Site Scripting (XSS) vulnerability
pypi
apache-superset
Filter by Severity
Filter by Package
tensorflow
430
tensorflow-cpu
413
tensorflow-gpu
400
Django
106
apache-airflow
86
Plone
70
salt
65
ansible
63
apache-superset
61
mlflow
53
nova
48
vyper
44
gradio
44
rdiffweb
42
matrix-synapse
42
picklescan
39
moin
35
keystone
32
opencv-contrib-python
31
opencv-python
31
plone
28
pillow
28
Pillow
28
django
27
open-webui
25
vllm
25
pyload-ng
23
glance
21
ethyca-fides
20
aim
20
transformers
19
neutron
19
mindsdb
18
cobbler
18
langchain
18
mercurial
18
calibreweb
17
OctoPrint
17
cryptography
17
notebook
17
PaddlePaddle
16
lollms
16
paddlepaddle
16
aiohttp
15
h2o
15
mobsf
14
litellm
14
modoboa
14
urllib3
14
vantage6
14
pyftpdlib
14
zenml
13
roundup
13
sentry
12
pgadmin4
12
wagtail
12
swift
12
twisted
12
nautobot
12
waitress
11
horizon
11
ai.h2o:h2o-core
11
label-studio
11
onionshare-cli
11
trytond
10
opencv-python-headless
10
Flask-AppBuilder
10
cinder
9
agentscope
9
lief
9
kiwitcms
9
ryu
9
ckan
9
python-keystoneclient
9
zope
9
opencv-contrib-python-headless
9
changedetection.io
8
aubio
8
llama-index
8
tornado
8
Zope2
8
trac
8
Zope
8
numpy
8
ipython
8
llama-index-core
8
copyparty
8
bentoml
8
dbgpt
8
indico
8
pip
8
pysaml2
7
web2py
7
scrapy
7
requests
7
matrix-sydent
7
jupyter-server
7
codechecker
7
executorch
7
inventree
7
whoogle-search
6
dtale
6
Moin
6
torch
6
keras
6
graphite-web
6
Mezzanine
6
mage-ai
6
apache-airflow-providers-apache-hive
6
ansible-core
6
Jinja2
6
OpenEXR
6
snowflake-connector-python
6
langflow
6
tuf
6
torchserve
6
mailman
6
lxml
6
pyspark
6
omero-web
6
yt-dlp
6
ray
5
jupyterhub
5
python-gnupg
5
mayan-edms
5
keylime
5
saleor
5
oauthenticator
5
feedparser
5
jupyterlab
5
Weblate
5
bleach
5
lmdb
5
werkzeug
5
pretix
5
langchain-community
5
composio-core
5
Werkzeug
5
esphome
5
fschat
5
grpcio
5
mitmproxy
5
onnx
5
ait-core
5
grpc
5
langchain-experimental
5
nltk
5
indy-node
4
Pygments
4
weblate
4
qutebrowser
4
buildbot
4
starlette
4
InvokeAI
4
RestrictedPython
4
pywasm3
4
FreeTAKServer-UI
4
PyPDF2
4
jinja2
4
jwcrypto
4
flask-cors
4
Nova
4
tripleo-heat-templates
4
bottle
4
koji
4
MaterialX
4
GitPython
4
reportlab
4
Scrapy
4
Radicale
4
frappe
4
Flask-Security-Too
4
apache-iotdb
4
xml2rfc
4
markdown2
4
skops
4
flask-appbuilder
4
streamlit
4
pytorch-lightning
4
django-helpdesk
4
homeassistant
4
paramiko
4
setuptools
4
barbican
4
pandasai
4
nvflare
4
dbt-core
4
flask
4
httpie
4
bitlyshortener
3
micropython-io
3
sickrage
3
backend.ai
3
ms-swift
3
zope2
3
ujson
3
Products.PluggableAuthService
3
Exiv2
3
quokka
3
scikit-learn
3
Filter by Repository
https://github.com/tensorflow/tensorflow
433
https://github.com/django/django
117
https://github.com/apache/airflow
104
https://github.com/ansible/ansible
59
https://github.com/python-pillow/Pillow
52
https://github.com/vyperlang/vyper
44
https://github.com/ikus060/rdiffweb
42
https://github.com/saltstack/salt
42
https://github.com/mmaitre314/picklescan
39
https://github.com/gradio-app/gradio
38
https://github.com/openstack/nova
38
https://github.com/plone/Products.CMFPlone
37
https://github.com/mlflow/mlflow
35
https://github.com/opencv/opencv
32
https://github.com/matrix-org/synapse
32
https://github.com/PaddlePaddle/Paddle
31
https://github.com/openstack/keystone
28
https://github.com/langchain-ai/langchain
24
https://github.com/run-llama/llama_index
23
https://github.com/pyload/pyload
23
https://github.com/vllm-project/vllm
22
https://github.com/ethyca/fides
20
https://github.com/huggingface/transformers
19
https://github.com/mindsdb/mindsdb
17
https://github.com/vantage6/vantage6
17
https://github.com/pyca/cryptography
16
https://github.com/MobSF/Mobile-Security-Framework-MobSF
15
https://github.com/cobbler/cobbler
15
https://github.com/aio-libs/aiohttp
15
https://github.com/urllib3/urllib3
14
https://github.com/janeczku/calibre-web
14
https://github.com/apache/superset
14
https://github.com/twisted/twisted
14
https://github.com/dpgaspar/Flask-AppBuilder
14
https://github.com/pgadmin-org/pgadmin4
14
https://github.com/modoboa/modoboa
13
https://github.com/OctoPrint/OctoPrint
12
https://github.com/h2oai/h2o-3
12
https://github.com/getsentry/sentry
12
https://github.com/zenml-io/zenml
12
https://github.com/wagtail/wagtail
12
https://github.com/openstack/glance
12
https://github.com/nautobot/nautobot
12
https://github.com/scrapy/scrapy
11
https://github.com/onionshare/onionshare
11
https://github.com/Pylons/waitress
11
https://github.com/parisneo/lollms
11
https://github.com/HumanSignal/label-studio
10
https://github.com/jupyter/notebook
10
https://github.com/BerriAI/litellm
9
https://github.com/open-webui/open-webui
9
https://github.com/lief-project/LIEF
9
https://github.com/giampaolo/pyftpdlib
9
https://github.com/zopefoundation/Zope
9
https://github.com/aimhubio/aim
9
https://github.com/faucetsdn/ryu
9
https://github.com/openstack/horizon
9
https://github.com/WeblateOrg/weblate
9
https://github.com/numpy/numpy
8
https://github.com/openstack/neutron
8
https://github.com/element-hq/synapse
8
https://github.com/kiwitcms/Kiwi
8
https://github.com/ipython/ipython
8
https://github.com/9001/copyparty
8
https://github.com/dgtlmoon/changedetection.io
8
https://github.com/pallets/werkzeug
8
https://github.com/ckan/ckan
8
https://github.com/octoprint/octoprint
8
https://github.com/tornadoweb/tornado
8
https://github.com/openstack/swift
7
https://github.com/pytorch/executorch
7
https://github.com/Ericsson/codechecker
7
https://github.com/pypa/pip
7
https://github.com/openstack/cinder
7
https://github.com/jupyter-server/jupyter_server
7
https://github.com/aubio/aubio
7
https://github.com/indico/indico
7
https://sourceforge.net/projects/sourceforge.net
7
https://github.com/pallets/jinja
7
https://github.com/pytorch/pytorch
7
https://github.com/lxml/lxml
6
https://github.com/modelscope/agentscope
6
https://github.com/man-group/dtale
6
https://github.com/matrix-org/sydent
6
https://github.com/roundup-tracker/roundup
6
https://github.com/keras-team/keras
6
https://github.com/psf/requests
6
https://github.com/yt-dlp/yt-dlp
6
https://github.com/graphite-project/graphite-web
6
https://github.com/benbusby/whoogle-search
6
https://github.com/corydolphin/flask-cors
6
https://github.com/jupyterlab/jupyterlab
6
https://github.com/keylime/keylime
6
https://github.com/snowflakedb/snowflake-connector-python
6
https://github.com/mitmproxy/mitmproxy
5
https://github.com/pytorch/serve
5
https://github.com/inventree/InvenTree
5
https://github.com/gitpython-developers/GitPython
5
https://github.com/py-pdf/pypdf
5
https://github.com/tryton/trytond
5
https://github.com/esphome/esphome
5
https://github.com/encode/starlette
5
https://github.com/ComposioHQ/composio
5
https://github.com/onnx/onnx
5
https://github.com/bentoml/BentoML
5
https://github.com/ray-project/ray
5
https://github.com/Exiv2/exiv2
5
https://github.com/hwchase17/langchain
5
https://github.com/TeamSeri0us/pocs
5
https://github.com/mozilla/bleach
5
https://github.com/jupyterhub/oauthenticator
5
https://github.com/ome/omero-web
5
https://github.com/hyperledger/indy-node
4
https://github.com/wasm3/wasm3
4
https://github.com/pallets/flask
4
https://github.com/eosphoros-ai/DB-GPT
4
https://github.com/frappe/frappe
4
https://github.com/bottlepy/bottle
4
https://github.com/qutebrowser/qutebrowser
4
https://github.com/home-assistant/core
4
https://github.com/berriai/litellm
4
https://github.com/NVIDIA/NVFlare
4
https://github.com/mlc-ai/xgrammar
4
https://github.com/grpc/grpc
4
https://github.com/nltk/nltk
4
https://github.com/ietf-tools/xml2rfc
4
https://github.com/pypa/setuptools
4
https://github.com/AcademySoftwareFoundation/MaterialX
4
https://github.com/jupyterhub/jupyterhub
4
https://github.com/ronf/asyncssh
4
https://github.com/web2py/web2py
4
https://github.com/rohe/pysaml2
4
https://github.com/django-helpdesk/django-helpdesk
4
https://github.com/streamlit/streamlit
4
https://github.com/langflow-ai/langflow
4
https://github.com/pretix/pretix
4
https://github.com/AcademySoftwareFoundation/openexr
4
https://github.com/saleor/saleor
4
https://github.com/latchset/jwcrypto
4
https://github.com/Kozea/Radicale
4
https://github.com/FreeTAKTeam/UI
4
https://github.com/dbt-labs/dbt-core
4
https://github.com/jhpyle/docassemble
4
https://github.com/Cog-Creators/Red-DiscordBot
4
https://github.com/zopefoundation/RestrictedPython
4
https://github.com/andialbrecht/sqlparse
3
https://github.com/djblets/djblets
3
https://github.com/benoitc/gunicorn
3
https://github.com/certifi/python-certifi
3
https://github.com/furlongm/openvpn-monitor
3
https://github.com/pygments/pygments
3
https://github.com/Kludex/python-multipart
3
https://github.com/moinwiki/moin-1.9
3
https://github.com/aws/sagemaker-python-sdk
3
https://github.com/theupdateframework/tuf
3
https://github.com/skops-dev/skops
3
https://github.com/sosreport/sos
3
https://github.com/litestar-org/litestar
3
https://github.com/sqlalchemy/sqlalchemy
3
https://github.com/gventuri/pandas-ai
3
https://github.com/beancount/fava
3
https://github.com/modelscope/ms-swift
3
https://github.com/geyang/ml-logger
3
https://github.com/python/cpython
3
https://github.com/rochacbruno/quokka
3
https://github.com/dlitz/pycrypto
3
https://github.com/aws/aws-sam-cli
3
https://github.com/paramiko/paramiko
3
https://github.com/micropython/micropython
3
https://github.com/poezio/slixmpp
3
https://github.com/langroid/langroid
3
https://github.com/openstack/octavia
3
https://github.com/eventlet/eventlet
3
https://github.com/lepture/mistune
3
https://github.com/pyca/pyopenssl
3
https://github.com/Flask-Middleware/flask-security
3
https://github.com/IdentityPython/pysaml2
3
https://github.com/impredicative/bitlyshortener
3
https://github.com/pyinstaller/pyinstaller
3
https://github.com/openstack/ironic
3
https://github.com/ankitects/anki
3
https://github.com/adamghill/django-unicorn
3
https://github.com/GeoNode/geonode
3
https://github.com/jupyterhub/jupyter-server-proxy
3
https://github.com/simonw/datasette
3
https://github.com/openstack/python-keystoneclient
3
https://github.com/DavidOsipov/PostQuantum-Feldman-VSS
3
https://github.com/yaml/pyyaml
3
https://github.com/aws/aws-iot-device-sdk-java-v2
3
https://github.com/bytecodealliance/wasmtime
3
https://github.com/hiyouga/LLaMA-Factory
3
https://github.com/stephenmcd/mezzanine
3
https://github.com/NASA-AMMOS/AIT-Core
3
https://sourceforge.net/projects/roject
3
https://github.com/theupdateframework/python-tuf
3
https://github.com/invoke-ai/InvokeAI
3
https://github.com/trentm/python-markdown2
3
https://github.com/Project-MONAI/MONAI
3
https://gitlab.com/mayan-edms/mayan-edms
3