pypi
745,489 packages · pypi.org
Security Advisories in pypi
Moderate
about 7 hours ago
Apache Airflow `/api/v2/dagReports` executes DAG Python in API
pypi
apache-airflow
Moderate
about 7 hours ago
Apache Airflow has a command injection vulnerability in "example_dag_decorator"
pypi
apache-airflow
Moderate
about 7 hours ago
Apache Airflow's create action can upsert existing Pools/Connections/Variables
pypi
apache-airflow
High
about 21 hours ago
LangGraph SQLite Checkpoint Filter Key SQL Injection POC for SqliteStore
pypi
langgraph-checkpoint-sqlite
Moderate
about 22 hours ago
OpenUSD File Parsing Use-After-Free Remote Code Execution Vulnerability
pypi
usd-core
Moderate
1 day ago
FastMCP vulnerable to windows command injection in FastMCP Cursor installer via server_name
pypi
fastmcp
Moderate
1 day ago
Keras is vulnerable to arbitrary local file loading and Server-Side Request Forgery
pypi
keras
High
2 days ago
Starlette vulnerable to O(n^2) DoS via Range header merging in ``starlette.responses.FileResponse``
pypi
starlette
High
3 days ago
pg8000 SQL injection vulnerability via a specially crafted Python list input
pypi
pg8000
High
5 days ago
LangGraph's SQLite store implementation has a SQL Injection Vulnerability
pypi
langgraph-checkpoint-sqlite
Moderate
8 days ago
pypdf possibly loops infinitely when reading DCT inline images without EOF marker
pypi
pypdf
High
8 days ago
aiomysql allows arbitrary access to client files through vulnerability of a malicious MySQL server
pypi
aiomysql
Moderate
8 days ago
Scapy Session Loading Vulnerable to Arbitrary Code Execution via Untrusted Pickle Deserialization
pypi
scapy
Moderate
8 days ago
Hugging Face Smolagents XPath injection vulnerability in the search_item_ctrl_f function
pypi
smolagents
Moderate
9 days ago
Nautobot Single Source of Truth (SSoT) has an unauthenticated ServiceNow configuration URL
pypi
nautobot-ssot
Moderate
10 days ago
Taguette vulnerable to cross-site scripting via tag name, tag description, document name and document description
pypi
taguette
Critical
13 days ago
pyquokka is Vulnerable to Remote Code Execution by Pickle Deserialization via FlightServer
pypi
pyquokka
Moderate
14 days ago
Mammoth is vulnerable to Directory Traversal
nuget, pypi, maven, npm
Mammoth, mammoth, org.zwobble.mammoth:mammoth
High
16 days ago
Home Assistant has Stored XSS vulnerability in Energy dashboard from Energy Entity Name
pypi
homeassistant
Moderate
20 days ago
python-ldap is Vulnerable to Improper Encoding or Escaping of Output and Improper Null Termination
pypi
python-ldap
Moderate
20 days ago
python-ldap has sanitization bypass in ldap.filter.escape_filter_chars
pypi
python-ldap
High
20 days ago
Authlib is vulnerable to Denial of Service via Oversized JOSE Segments
pypi
authlib
Critical
21 days ago
BBOT's insufficient sanitization issues in gitdumper.py can lead to RCE
pypi
bbot
Moderate
21 days ago
BBOT's git_clone.py can expose users' GitHub API keys to an attacker-controlled webserver
pypi
bbot
Critical
21 days ago
BBOT's various issues in unarchive.py can cause arbitrary file write and RCE
pypi
bbot
Moderate
21 days ago
Python Social Auth - Django has unsafe account association
pypi
social-auth-app-django
High
21 days ago
pyLoad CNL and captcha handlers allow Code Injection via unsanitized parameters
pypi
pyload-ng
Moderate
22 days ago
Synapse's invalid device keys degrade federation functionality
pypi
matrix-synapse
High
23 days ago
vLLM is vulnerable to Server-Side Request Forgery (SSRF) through `MediaConnector` class
pypi
vllm
High
23 days ago
LLaMA Factory's Chat API Contains Critical SSRF and LFI Vulnerabilities
pypi
llamafactory
Moderate
23 days ago
vLLM: Resource-Exhaustion (DoS) through Malicious Jinja Template in OpenAI-Compatible Server
pypi
vllm
Moderate
23 days ago
python-socketio vulnerable to arbitrary Python code execution (RCE) through malicious pickle deserialization in certain multi-server deployments
pypi
python-socketio
High
24 days ago
Litestar X-Forwarded-For Header Spoofing Vulnerability Enables Rate Limit Evasion
pypi
litestar
High
24 days ago
LangChain Text Splitters is vulnerable to XML External Entity (XXE) attacks due to unsafe XSLT parsing
pypi
langchain-text-splitters
Moderate
25 days ago
clearml is vulnerable to Path Traversal through its `safe_extract` function
pypi
clearml
Moderate
25 days ago
ZenML is vulnerable to Path Traversal through its `PathMaterializer` class
pypi
zenml
Low
28 days ago
DataChain Vulnerable to Deserialization of Untrusted Data from Environment Variables
pypi
datachain
Moderate
29 days ago
SPDK is vulnerable to buffer overflow in the NVMe-oF target component
pypi
spdk
Critical
29 days ago
Apache Pyfory python is vulnerable to deserialization of untrusted data
pypi
pyfury, pyfory
Moderate
about 1 month ago
mkdocs-include-markdown-plugin susceptible to unvalidated input colliding with substitution placeholders
pypi
mkdocs-include-markdown-plugin
Low
about 1 month ago
JupyterLab LaTeX typesetter links did not enforce `noopener` attribute
pypi
jupyterlab
Moderate
about 1 month ago
Apache Airflow: Connection sensitive details exposed to users with READ permissions
pypi
apache-airflow
Moderate
about 1 month ago
Llama Stack could potentially allow for remote code execution
pypi
llama-stack
Moderate
about 1 month ago
pip's fallback tar extraction doesn't check symbolic links point to extraction directory
pypi
pip
Moderate
about 1 month ago
Hugging Face Transformers vulnerable to Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer
pypi
transformers
Critical
about 1 month ago
H2O affected by a deserialization vulnerability
pypi, maven
h2o, ai.h2o:h2o-core
High
about 1 month ago
Authlib: JWS/JWT accepts unknown crit headers (RFC violation → possible authz bypass)
pypi
authlib
Critical
about 2 months ago
mcp-kubernetes-server has an OS Command Injection vulnerability
pypi
mcp-kubernetes-server
Moderate
about 2 months ago
mcp-kubernetes-server has a Command Injection vulnerability
pypi
mcp-kubernetes-server
Moderate
about 2 months ago
Hugging Face Transformers library has Regular Expression Denial of Service
pypi
transformers
Moderate
about 2 months ago
Hugging Face Transformers is vulnerable to ReDoS through its MarianTokenizer
pypi
transformers
High
about 2 months ago
Neo4j Cypher MCP server is vulnerable to DNS rebinding
pypi
mcp-neo4j-cypher
Moderate
about 2 months ago
Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods
pypi
flask-appbuilder
Moderate
about 2 months ago
Infrahub: Deleted and expired API tokens can still authenticate
pypi
infrahub-server
High
about 2 months ago
xml2rfc is vulnerable to arbitrary file reads through prepped files
pypi
xml2rfc
Moderate
about 2 months ago
Indico vulnerable to Cross-Site Scripting via LaTeX math code
pypi
indico
Moderate
about 2 months ago
Indico may disclose unauthorized user details access via legacy API
pypi
indico
Critical
about 2 months ago
Picklescan Bypass is Possible via File Extension Mismatch
pypi
picklescan
Critical
about 2 months ago
Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check
pypi
picklescan
Critical
about 2 months ago
Picklescan is Vulnerable to Unsafe Globals Check Bypass through Subclass Imports
pypi
picklescan
Moderate
about 2 months ago
SGLang Remote Code Execution Vulnerability via Unsafe Deserialization in update_weights_from_tensor
pypi
sglang
High
about 2 months ago
MONAI does not prevent path traversal, potentially leading to arbitrary file writes
pypi
monai
High
about 2 months ago
OctoPrint is Vulnerable to RCE Attacks via Unsanitized Filename in File Upload
pypi
octoprint
Moderate
about 2 months ago
copyparty: Sharing a single file does not fully restrict access to other files in source folder
pypi
copyparty
High
about 2 months ago
Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation
pypi
ethyca-fides
Moderate
about 2 months ago
Fides Webserver API Rate Limiting Vulnerability in Proxied Environments
pypi
ethyca-fides
Low
about 2 months ago
Fides has a Lack of Brute-Force Protections on Authentication Endpoints
pypi
ethyca-fides
Low
about 2 months ago
Fides' Admin UI User Password Change Does Not Invalidate Current Session
pypi
ethyca-fides
Filter by Severity
Filter by Package
tensorflow
432
tensorflow-cpu
408
tensorflow-gpu
396
Django
103
apache-airflow
89
Plone
69
salt
65
ansible
63
apache-superset
61
mlflow
53
nova
48
vyper
44
gradio
44
matrix-synapse
43
rdiffweb
42
picklescan
39
moin
35
django
33
opencv-python
31
opencv-contrib-python
31
keystone
31
plone
28
vllm
28
Pillow
28
pillow
28
open-webui
25
pyload-ng
24
glance
21
ethyca-fides
20
aim
20
langchain
19
transformers
19
neutron
19
mindsdb
18
cobbler
18
mercurial
18
notebook
17
calibreweb
17
OctoPrint
17
cryptography
17
lollms
16
paddlepaddle
16
PaddlePaddle
16
aiohttp
15
h2o
15
zenml
14
modoboa
14
litellm
14
urllib3
14
vantage6
14
mobsf
14
pyftpdlib
14
roundup
13
sentry
12
nautobot
12
twisted
12
wagtail
12
pgadmin4
12
swift
12
horizon
11
trytond
11
waitress
11
ai.h2o:h2o-core
11
label-studio
11
onionshare-cli
11
ckan
11
Flask-AppBuilder
10
opencv-python-headless
10
agentscope
9
ryu
9
opencv-contrib-python-headless
9
cinder
9
zope
9
llama-index
9
lief
9
pyspark
9
python-keystoneclient
9
kiwitcms
9
llama-index-core
8
ipython
8
copyparty
8
Zope
8
changedetection.io
8
tornado
8
dbgpt
8
pip
8
numpy
8
aubio
8
bentoml
8
indico
8
keras
8
trac
8
pysaml2
7
jupyter-server
7
matrix-sydent
7
web2py
7
codechecker
7
inventree
7
executorch
7
requests
7
scrapy
7
omero-web
6
OpenEXR
6
mage-ai
6
snowflake-connector-python
6
dtale
6
Mezzanine
6
lxml
6
tuf
6
torchserve
6
Jinja2
6
ansible-core
6
Moin
6
apache-airflow-providers-apache-hive
6
whoogle-search
6
langflow
6
yt-dlp
6
torch
6
graphite-web
6
mailman
6
ait-core
5
jupyterhub
5
Werkzeug
5
bleach
5
langchain-experimental
5
pretix
5
grpcio
5
starlette
5
nltk
5
werkzeug
5
pypdf
5
feedparser
5
grpc
5
oauthenticator
5
composio-core
5
onnx
5
jupyterlab
5
ray
5
fschat
5
saleor
5
keylime
5
mayan-edms
5
mitmproxy
5
homeassistant
5
python-gnupg
5
lmdb
5
esphome
5
Weblate
5
llamafactory
4
langchain-community
4
weblate
4
buildbot
4
Nova
4
Scrapy
4
nvflare
4
flask
4
markdown2
4
pywasm3
4
jwcrypto
4
dbt-core
4
FreeTAKServer-UI
4
InvokeAI
4
xml2rfc
4
barbican
4
Pygments
4
flask-cors
4
MaterialX
4
Flask-Security-Too
4
frappe
4
koji
4
django-helpdesk
4
awsiotsdk
4
streamlit
4
skops
4
paramiko
4
python-ldap
4
software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
4
bbot
4
PyPDF2
4
clearml
4
tripleo-heat-templates
4
Radicale
4
pytorch-lightning
4
authlib
4
bottle
4
RestrictedPython
4
reportlab
4
litestar
4
wasmtime
4
apache-submarine
4
jinja2
4
httpie
4
aws-iot-device-sdk-v2
4
pandasai
4
Zope2
4
flask-appbuilder
4
GitPython
4
qutebrowser
4
indy-node
4
setuptools
4
Filter by Repository
https://github.com/tensorflow/tensorflow
433
https://github.com/django/django
119
https://github.com/apache/airflow
105
https://github.com/ansible/ansible
59
https://github.com/python-pillow/Pillow
52
https://github.com/vyperlang/vyper
44
https://github.com/ikus060/rdiffweb
42
https://github.com/saltstack/salt
42
https://github.com/gradio-app/gradio
39
https://github.com/mmaitre314/picklescan
39
https://github.com/openstack/nova
38
https://github.com/plone/Products.CMFPlone
37
https://github.com/mlflow/mlflow
35
https://github.com/opencv/opencv
32
https://github.com/matrix-org/synapse
32
https://github.com/PaddlePaddle/Paddle
31
https://github.com/openstack/keystone
28
https://github.com/vllm-project/vllm
25
https://github.com/langchain-ai/langchain
25
https://github.com/run-llama/llama_index
24
https://github.com/pyload/pyload
24
https://github.com/ethyca/fides
20
https://github.com/huggingface/transformers
19
https://github.com/mindsdb/mindsdb
17
https://github.com/vantage6/vantage6
17
https://github.com/pyca/cryptography
16
https://github.com/cobbler/cobbler
15
https://github.com/aio-libs/aiohttp
15
https://github.com/MobSF/Mobile-Security-Framework-MobSF
15
https://github.com/janeczku/calibre-web
14
https://github.com/twisted/twisted
14
https://github.com/pgadmin-org/pgadmin4
14
https://github.com/apache/superset
14
https://github.com/urllib3/urllib3
14
https://github.com/dpgaspar/Flask-AppBuilder
14
https://github.com/modoboa/modoboa
13
https://github.com/zenml-io/zenml
13
https://github.com/h2oai/h2o-3
13
https://github.com/openstack/glance
12
https://github.com/getsentry/sentry
12
https://github.com/nautobot/nautobot
12
https://github.com/OctoPrint/OctoPrint
12
https://github.com/wagtail/wagtail
12
https://github.com/parisneo/lollms
11
https://github.com/onionshare/onionshare
11
https://github.com/scrapy/scrapy
11
https://github.com/Pylons/waitress
11
https://github.com/HumanSignal/label-studio
10
https://github.com/jupyter/notebook
10
https://github.com/ckan/ckan
10
https://github.com/aimhubio/aim
9
https://github.com/BerriAI/litellm
9
https://github.com/giampaolo/pyftpdlib
9
https://github.com/WeblateOrg/weblate
9
https://github.com/open-webui/open-webui
9
https://github.com/faucetsdn/ryu
9
https://github.com/element-hq/synapse
9
https://github.com/zopefoundation/Zope
9
https://github.com/lief-project/LIEF
9
https://github.com/openstack/horizon
9
https://github.com/openstack/neutron
8
https://github.com/ipython/ipython
8
https://github.com/pallets/werkzeug
8
https://github.com/keras-team/keras
8
https://github.com/numpy/numpy
8
https://github.com/tornadoweb/tornado
8
https://github.com/octoprint/octoprint
8
https://github.com/9001/copyparty
8
https://github.com/dgtlmoon/changedetection.io
8
https://github.com/kiwitcms/Kiwi
8
https://github.com/jupyter-server/jupyter_server
7
https://sourceforge.net/projects/sourceforge.net
7
https://github.com/openstack/swift
7
https://github.com/openstack/cinder
7
https://github.com/aubio/aubio
7
https://github.com/Ericsson/codechecker
7
https://github.com/pallets/jinja
7
https://github.com/indico/indico
7
https://github.com/pytorch/executorch
7
https://github.com/pytorch/pytorch
7
https://github.com/py-pdf/pypdf
7
https://github.com/pypa/pip
7
https://github.com/benbusby/whoogle-search
6
https://github.com/lxml/lxml
6
https://github.com/keylime/keylime
6
https://github.com/graphite-project/graphite-web
6
https://github.com/yt-dlp/yt-dlp
6
https://github.com/modelscope/agentscope
6
https://github.com/roundup-tracker/roundup
6
https://github.com/man-group/dtale
6
https://github.com/matrix-org/sydent
6
https://github.com/psf/requests
6
https://github.com/corydolphin/flask-cors
6
https://github.com/snowflakedb/snowflake-connector-python
6
https://github.com/jupyterlab/jupyterlab
6
https://github.com/mitmproxy/mitmproxy
5
https://github.com/bentoml/BentoML
5
https://github.com/jupyterhub/oauthenticator
5
https://github.com/hwchase17/langchain
5
https://github.com/tryton/trytond
5
https://github.com/gitpython-developers/GitPython
5
https://github.com/mozilla/bleach
5
https://github.com/inventree/InvenTree
5
https://github.com/TeamSeri0us/pocs
5
https://github.com/pytorch/serve
5
https://github.com/onnx/onnx
5
https://github.com/home-assistant/core
5
https://github.com/ome/omero-web
5
https://github.com/ComposioHQ/composio
5
https://github.com/esphome/esphome
5
https://github.com/Exiv2/exiv2
5
https://github.com/encode/starlette
5
https://github.com/ray-project/ray
5
https://github.com/AcademySoftwareFoundation/openexr
4
https://github.com/zopefoundation/RestrictedPython
4
https://github.com/streamlit/streamlit
4
https://github.com/aws/aws-iot-device-sdk-java-v2
4
https://github.com/ronf/asyncssh
4
https://github.com/grpc/grpc
4
https://github.com/bytecodealliance/wasmtime
4
https://github.com/pypa/setuptools
4
https://github.com/NVIDIA/NVFlare
4
https://github.com/frappe/frappe
4
https://github.com/wasm3/wasm3
4
https://github.com/pretix/pretix
4
https://github.com/hiyouga/LLaMA-Factory
4
https://github.com/pallets/flask
4
https://github.com/saleor/saleor
4
https://github.com/langflow-ai/langflow
4
https://github.com/ietf-tools/xml2rfc
4
https://github.com/blacklanternsecurity/bbot
4
https://github.com/Kozea/Radicale
4
https://github.com/mlc-ai/xgrammar
4
https://github.com/AcademySoftwareFoundation/MaterialX
4
https://github.com/jupyterhub/jupyterhub
4
https://github.com/dbt-labs/dbt-core
4
https://github.com/jhpyle/docassemble
4
https://github.com/web2py/web2py
4
https://github.com/rohe/pysaml2
4
https://github.com/nltk/nltk
4
https://github.com/python-ldap/python-ldap
4
https://github.com/FreeTAKTeam/UI
4
https://github.com/django-helpdesk/django-helpdesk
4
https://github.com/bottlepy/bottle
4
https://github.com/eosphoros-ai/DB-GPT
4
https://github.com/latchset/jwcrypto
4
https://github.com/hyperledger/indy-node
4
https://github.com/berriai/litellm
4
https://github.com/Cog-Creators/Red-DiscordBot
4
https://github.com/qutebrowser/qutebrowser
4
https://github.com/litestar-org/litestar
4
https://github.com/mpdavis/python-jose
3
https://github.com/micropython/micropython
3
https://github.com/github/securitylab
3
https://github.com/furlongm/openvpn-monitor
3
https://github.com/astral-sh/uv
3
https://github.com/langroid/langroid
3
https://github.com/poezio/slixmpp
3
https://github.com/lepture/mistune
3
https://github.com/eventlet/eventlet
3
https://github.com/dlitz/pycrypto
3
https://github.com/Flask-Middleware/flask-security
3
https://github.com/IdentityPython/pysaml2
3
https://github.com/geyang/ml-logger
3
https://github.com/python/cpython
3
https://github.com/impredicative/bitlyshortener
3
https://github.com/pyinstaller/pyinstaller
3
https://github.com/gventuri/pandas-ai
3
https://github.com/adamghill/django-unicorn
3
https://github.com/sqlalchemy/sqlalchemy
3
https://github.com/certifi/python-certifi
3
https://github.com/pygments/pygments
3
https://github.com/moinwiki/moin-1.9
3
https://github.com/aws/sagemaker-python-sdk
3
https://github.com/skops-dev/skops
3
https://github.com/djblets/djblets
3
https://github.com/Kludex/python-multipart
3
https://github.com/jlowin/fastmcp
3
https://github.com/ankitects/anki
3
https://github.com/apache/streampipes
3
https://github.com/paramiko/paramiko
3
https://github.com/andialbrecht/sqlparse
3
https://github.com/NASA-AMMOS/AIT-Core
3
https://github.com/apache/submarine
3
https://github.com/aws/aws-sam-cli
3
https://github.com/trentm/python-markdown2
3
https://github.com/openstack/ironic
3
https://github.com/simonw/datasette
3
https://github.com/pyca/pyopenssl
3
https://sourceforge.net/projects/roject
3
https://github.com/zopefoundation/AccessControl
3
https://github.com/pypa/advisory-db
3
https://github.com/ansible/ansible-runner
3
https://github.com/httplib2/httplib2
3
https://github.com/jupyterhub/jupyter-server-proxy
3
https://github.com/GeoNode/geonode
3
https://gitlab.com/mayan-edms/mayan-edms
3
https://github.com/invoke-ai/InvokeAI
3
https://github.com/Gerapy/Gerapy
3