pypi
753,157 packages · pypi.org
Security Advisories in pypi
Critical
about 1 hour ago
joserfc has Possible Uncontrolled Resource Consumption Vulnerability Triggered by Logging Arbitrarily Large JWT Token Payloads
pypi
joserfc
High
5 days ago
AWS Advanced Python Wrapper: Privilege Escalation in Aurora PostgreSQL instance
pypi
aws_advanced_python_wrapper
Critical
5 days ago
pgAdmin4 vulnerable to Remote Code Execution (RCE) when running in server mode
pypi
pgadmin4
High
5 days ago
pgAdmin has vulnerability in LDAP authentication mechanism that allows bypassing TLS certificate verification
pypi
pgadmin4
High
6 days ago
Bugsink is vulnerable to unauthenticated remote DoS via crafted Brotli input (via CPU)
pypi
bugsink
High
6 days ago
Bugsink is vulnerable to unauthenticated remote DoS via crafted Brotli input
pypi
bugsink
High
11 days ago
Insecure Deserialization (pickle) in pdfminer.six CMap Loader — Local Privesc
pypi
pdfminer.six
Moderate
11 days ago
AstrBot has an arbitrary file read vulnerability in function _encode_image_bs64
pypi
AstrBot
High
11 days ago
Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events
pypi, npm
open-webui
High
11 days ago
Open WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCE
pypi, npm
open-webui
High
13 days ago
LangGraph Checkpoint affected by RCE in "json" mode of JsonPlusSerializer
pypi
langgraph-checkpoint
Low
13 days ago
Weblate leaks the IP of project member inviting user to be reviewer in Audit log
pypi
weblate
Critical
13 days ago
Django vulnerable to SQL injection via _connector keyword argument in QuerySet and Q objects.
pypi
django
High
13 days ago
Django has a denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows
pypi
django
Moderate
13 days ago
Apache Doris-MCP-Server: Improper Access Control results in bypassing a "read-only" mode
pypi
doris-mcp-server
Moderate
14 days ago
OctoPrint vulnerable to XSS in Action Commands Notification and Prompt
pypi
octoprint
High
14 days ago
Dosage vulnerable to a Directory Traversal through crafted HTTP responses
pypi
dosage
Moderate
18 days ago
cryptidy allows code execution via untrusted data due to pickle.loads
pypi
cryptidy
High
19 days ago
Scrapy is vulnerable to a denial of service (DoS) attack due to flaws in brotli decompression implementation
pypi
brotli
Moderate
19 days ago
Apache Airflow's create action can upsert existing Pools/Connections/Variables
pypi
apache-airflow
Moderate
19 days ago
Apache Airflow `/api/v2/dagReports` executes DAG Python in API
pypi
apache-airflow
Moderate
19 days ago
Apache Airflow has a command injection vulnerability in "example_dag_decorator"
pypi
apache-airflow
High
20 days ago
LangGraph SQLite Checkpoint Filter Key SQL Injection POC for SqliteStore
pypi
langgraph-checkpoint-sqlite
Moderate
20 days ago
OpenUSD File Parsing Use-After-Free Remote Code Execution Vulnerability
pypi
usd-core
High
20 days ago
MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability
pypi
mlflow
Moderate
20 days ago
FastMCP vulnerable to windows command injection in FastMCP Cursor installer via server_name
pypi
fastmcp
Moderate
20 days ago
Keras is vulnerable to arbitrary local file loading and Server-Side Request Forgery
pypi
keras
High
21 days ago
Starlette vulnerable to O(n^2) DoS via Range header merging in ``starlette.responses.FileResponse``
pypi
starlette
High
22 days ago
pg8000 SQL injection vulnerability via a specially crafted Python list input
pypi
pg8000
High
24 days ago
LangGraph's SQLite store implementation has a SQL Injection Vulnerability
pypi
langgraph-checkpoint-sqlite
Moderate
27 days ago
pypdf possibly loops infinitely when reading DCT inline images without EOF marker
pypi
pypdf
High
27 days ago
aiomysql allows arbitrary access to client files through vulnerability of a malicious MySQL server
pypi
aiomysql
Moderate
27 days ago
Scapy Session Loading Vulnerable to Arbitrary Code Execution via Untrusted Pickle Deserialization
pypi
scapy
Moderate
27 days ago
Hugging Face Smolagents XPath injection vulnerability in the search_item_ctrl_f function
pypi
smolagents
Moderate
28 days ago
Nautobot Single Source of Truth (SSoT) has an unauthenticated ServiceNow configuration URL
pypi
nautobot-ssot
Moderate
29 days ago
Taguette vulnerable to cross-site scripting via tag name, tag description, document name and document description
pypi
taguette
Critical
about 1 month ago
Keras framework vulnerable to deserialization of untrusted data
pypi
keras
Critical
about 1 month ago
pyquokka is Vulnerable to Remote Code Execution by Pickle Deserialization via FlightServer
pypi
pyquokka
Moderate
about 1 month ago
Mammoth is vulnerable to Directory Traversal
nuget, pypi, maven, npm
Mammoth, mammoth, org.zwobble.mammoth:mammoth
High
about 1 month ago
Home Assistant has Stored XSS vulnerability in Energy dashboard from Energy Entity Name
pypi
homeassistant
Moderate
about 1 month ago
python-ldap is Vulnerable to Improper Encoding or Escaping of Output and Improper Null Termination
pypi
python-ldap
Moderate
about 1 month ago
python-ldap has sanitization bypass in ldap.filter.escape_filter_chars
pypi
python-ldap
High
about 1 month ago
Authlib is vulnerable to Denial of Service via Oversized JOSE Segments
pypi
authlib
Critical
about 1 month ago
BBOT's insufficient sanitization issues in gitdumper.py can lead to RCE
pypi
bbot
Moderate
about 1 month ago
BBOT's git_clone.py can expose users' GitHub API keys to an attacker-controlled webserver
pypi
bbot
Critical
about 1 month ago
BBOT's various issues in unarchive.py can cause arbitrary file write and RCE
pypi
bbot
Moderate
about 1 month ago
Python Social Auth - Django has unsafe account association
pypi
social-auth-app-django
High
about 1 month ago
pyLoad CNL and captcha handlers allow Code Injection via unsanitized parameters
pypi
pyload-ng
Critical
about 1 month ago
scio is vunerable to Remote Command Execution through PyTorch
pypi
scio-pypi
Moderate
about 1 month ago
Synapse's invalid device keys degrade federation functionality
pypi
matrix-synapse
High
about 1 month ago
vLLM is vulnerable to Server-Side Request Forgery (SSRF) through `MediaConnector` class
pypi
vllm
High
about 1 month ago
LLaMA Factory's Chat API Contains Critical SSRF and LFI Vulnerabilities
pypi
llamafactory
Moderate
about 1 month ago
vLLM: Resource-Exhaustion (DoS) through Malicious Jinja Template in OpenAI-Compatible Server
pypi
vllm
Moderate
about 1 month ago
python-socketio vulnerable to arbitrary Python code execution (RCE) through malicious pickle deserialization in certain multi-server deployments
pypi
python-socketio
High
about 1 month ago
Litestar X-Forwarded-For Header Spoofing Vulnerability Enables Rate Limit Evasion
pypi
litestar
High
about 1 month ago
LangChain Text Splitters is vulnerable to XML External Entity (XXE) attacks due to unsafe XSLT parsing
pypi
langchain-text-splitters
Moderate
about 1 month ago
clearml is vulnerable to Path Traversal through its `safe_extract` function
pypi
clearml
Moderate
about 1 month ago
ZenML is vulnerable to Path Traversal through its `PathMaterializer` class
pypi
zenml
Low
about 2 months ago
DataChain Vulnerable to Deserialization of Untrusted Data from Environment Variables
pypi
datachain
Moderate
about 2 months ago
SPDK is vulnerable to buffer overflow in the NVMe-oF target component
pypi
spdk
Critical
about 2 months ago
Apache Pyfory python is vulnerable to deserialization of untrusted data
pypi
pyfury, pyfory
Moderate
about 2 months ago
mkdocs-include-markdown-plugin susceptible to unvalidated input colliding with substitution placeholders
pypi
mkdocs-include-markdown-plugin
Low
about 2 months ago
JupyterLab LaTeX typesetter links did not enforce `noopener` attribute
pypi
jupyterlab
Moderate
about 2 months ago
Apache Airflow: Connection sensitive details exposed to users with READ permissions
pypi
apache-airflow
Filter by Severity
Filter by Package
tensorflow
433
tensorflow-cpu
409
tensorflow-gpu
395
Django
89
apache-airflow
89
salt
65
ansible
64
apache-superset
61
mlflow
55
Plone
54
nova
48
django
48
gradio
44
vyper
44
matrix-synapse
43
rdiffweb
42
plone
41
picklescan
39
moin
35
keystone
32
opencv-contrib-python
31
opencv-python
31
vllm
28
pillow
28
Pillow
28
open-webui
27
pyload-ng
24
glance
21
ethyca-fides
20
aim
20
neutron
19
langchain
19
transformers
19
cobbler
18
mercurial
18
mindsdb
18
notebook
17
cryptography
17
OctoPrint
17
calibreweb
17
paddlepaddle
16
pgadmin4
16
lollms
16
PaddlePaddle
16
aiohttp
15
h2o
15
litellm
14
pyftpdlib
14
zenml
14
modoboa
14
mobsf
14
urllib3
14
vantage6
14
roundup
13
nautobot
12
wagtail
12
swift
12
twisted
12
sentry
12
onionshare-cli
11
label-studio
11
ai.h2o:h2o-core
11
ckan
11
waitress
11
horizon
11
trytond
10
opencv-python-headless
10
Flask-AppBuilder
10
cinder
9
llama-index
9
changedetection.io
9
keras
9
kiwitcms
9
lief
9
zope
9
ryu
9
agentscope
9
ipython
8
indico
8
aubio
8
Zope2
8
numpy
8
dbgpt
8
pip
8
Zope
8
trac
8
opencv-contrib-python-headless
8
bentoml
8
tornado
8
python-keystoneclient
8
llama-index-core
8
copyparty
8
jupyter-server
7
web2py
7
scrapy
7
pysaml2
7
inventree
7
codechecker
7
executorch
7
matrix-sydent
7
requests
7
torchserve
6
torch
6
whoogle-search
6
yt-dlp
6
tuf
6
snowflake-connector-python
6
mage-ai
6
ansible-core
6
langflow
6
apache-airflow-providers-apache-hive
6
Mezzanine
6
dtale
6
graphite-web
6
OpenEXR
6
Jinja2
6
mailman
6
Moin
6
lxml
6
composio-core
5
langchain-community
5
mitmproxy
5
weblate
5
jupyterlab
5
fschat
5
ray
5
starlette
5
bleach
5
Weblate
5
mayan-edms
5
Products.CMFPlone
5
werkzeug
5
pypdf
5
jupyterhub
5
omero-web
5
feedparser
5
homeassistant
5
ait-core
5
langchain-experimental
5
Werkzeug
5
nltk
5
oauthenticator
5
onnx
5
open-webui
5
keylime
5
pretix
5
grpcio
5
esphome
5
lmdb
5
python-gnupg
5
saleor
5
InvokeAI
4
pywasm3
4
xml2rfc
4
Flask-Security-Too
4
paramiko
4
grpc
4
streamlit
4
markdown2
4
MaterialX
4
skops
4
bbot
4
nvflare
4
Radicale
4
flask-appbuilder
4
Scrapy
4
django-helpdesk
4
pytorch-lightning
4
flask
4
clearml
4
litestar
4
dbt-core
4
python-ldap
4
bottle
4
datasette
4
jwcrypto
4
qutebrowser
4
reportlab
4
Nova
4
RestrictedPython
4
octoprint
4
buildbot
4
jinja2
4
setuptools
4
awsiotsdk
4
indy-node
4
motioneye
4
llamafactory
4
httpie
4
Pygments
4
FreeTAKServer-UI
4
aws-iot-device-sdk-v2
4
pandasai
4
pyspark
4
tripleo-heat-templates
4
software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
4
PyPDF2
4
authlib
4
GitPython
4
flask-cors
4
Filter by Repository
https://github.com/tensorflow/tensorflow
433
https://github.com/django/django
121
https://github.com/apache/airflow
105
https://github.com/ansible/ansible
59
https://github.com/python-pillow/Pillow
52
https://github.com/vyperlang/vyper
44
https://github.com/saltstack/salt
42
https://github.com/ikus060/rdiffweb
42
https://github.com/mmaitre314/picklescan
39
https://github.com/gradio-app/gradio
39
https://github.com/openstack/nova
38
https://github.com/plone/Products.CMFPlone
37
https://github.com/mlflow/mlflow
36
https://github.com/opencv/opencv
32
https://github.com/matrix-org/synapse
32
https://github.com/PaddlePaddle/Paddle
31
https://github.com/openstack/keystone
28
https://github.com/vllm-project/vllm
25
https://github.com/langchain-ai/langchain
25
https://github.com/run-llama/llama_index
24
https://github.com/pyload/pyload
24
https://github.com/ethyca/fides
20
https://github.com/huggingface/transformers
19
https://github.com/vantage6/vantage6
17
https://github.com/mindsdb/mindsdb
17
https://github.com/pyca/cryptography
16
https://github.com/MobSF/Mobile-Security-Framework-MobSF
15
https://github.com/aio-libs/aiohttp
15
https://github.com/cobbler/cobbler
15
https://github.com/apache/superset
14
https://github.com/urllib3/urllib3
14
https://github.com/pgadmin-org/pgadmin4
14
https://github.com/dpgaspar/Flask-AppBuilder
14
https://github.com/twisted/twisted
14
https://github.com/janeczku/calibre-web
14
https://github.com/zenml-io/zenml
13
https://github.com/modoboa/modoboa
13
https://github.com/h2oai/h2o-3
13
https://github.com/OctoPrint/OctoPrint
13
https://github.com/nautobot/nautobot
12
https://github.com/openstack/glance
12
https://github.com/getsentry/sentry
12
https://github.com/wagtail/wagtail
12
https://github.com/parisneo/lollms
11
https://github.com/open-webui/open-webui
11
https://github.com/Pylons/waitress
11
https://github.com/onionshare/onionshare
11
https://github.com/scrapy/scrapy
11
https://github.com/HumanSignal/label-studio
10
https://github.com/ckan/ckan
10
https://github.com/WeblateOrg/weblate
10
https://github.com/jupyter/notebook
10
https://github.com/lief-project/LIEF
9
https://github.com/element-hq/synapse
9
https://github.com/keras-team/keras
9
https://github.com/BerriAI/litellm
9
https://github.com/giampaolo/pyftpdlib
9
https://github.com/zopefoundation/Zope
9
https://github.com/openstack/horizon
9
https://github.com/faucetsdn/ryu
9
https://github.com/aimhubio/aim
9
https://github.com/ipython/ipython
8
https://github.com/tornadoweb/tornado
8
https://github.com/pallets/werkzeug
8
https://github.com/numpy/numpy
8
https://github.com/octoprint/octoprint
8
https://github.com/9001/copyparty
8
https://github.com/openstack/neutron
8
https://github.com/kiwitcms/Kiwi
8
https://github.com/dgtlmoon/changedetection.io
8
https://github.com/jupyter-server/jupyter_server
7
https://github.com/indico/indico
7
https://github.com/py-pdf/pypdf
7
https://github.com/pypa/pip
7
https://github.com/pytorch/executorch
7
https://github.com/aubio/aubio
7
https://github.com/Ericsson/codechecker
7
https://sourceforge.net/projects/sourceforge.net
7
https://github.com/openstack/cinder
7
https://github.com/openstack/swift
7
https://github.com/pytorch/pytorch
7
https://github.com/pallets/jinja
7
https://github.com/modelscope/agentscope
6
https://github.com/man-group/dtale
6
https://github.com/psf/requests
6
https://github.com/matrix-org/sydent
6
https://github.com/jupyterlab/jupyterlab
6
https://github.com/benbusby/whoogle-search
6
https://github.com/roundup-tracker/roundup
6
https://github.com/lxml/lxml
6
https://github.com/corydolphin/flask-cors
6
https://github.com/snowflakedb/snowflake-connector-python
6
https://github.com/graphite-project/graphite-web
6
https://github.com/keylime/keylime
6
https://github.com/yt-dlp/yt-dlp
6
https://github.com/inventree/InvenTree
5
https://github.com/tryton/trytond
5
https://github.com/onnx/onnx
5
https://github.com/jupyterhub/oauthenticator
5
https://github.com/mitmproxy/mitmproxy
5
https://github.com/esphome/esphome
5
https://github.com/bentoml/BentoML
5
https://github.com/pytorch/serve
5
https://github.com/TeamSeri0us/pocs
5
https://github.com/encode/starlette
5
https://github.com/home-assistant/core
5
https://github.com/ComposioHQ/composio
5
https://github.com/mozilla/bleach
5
https://github.com/gitpython-developers/GitPython
5
https://github.com/hwchase17/langchain
5
https://github.com/ome/omero-web
5
https://github.com/ray-project/ray
5
https://github.com/Exiv2/exiv2
5
https://github.com/django-helpdesk/django-helpdesk
4
https://github.com/python-ldap/python-ldap
4
https://github.com/Kozea/Radicale
4
https://github.com/NVIDIA/NVFlare
4
https://github.com/jupyterhub/jupyterhub
4
https://github.com/hiyouga/LLaMA-Factory
4
https://github.com/web2py/web2py
4
https://github.com/berriai/litellm
4
https://github.com/ietf-tools/xml2rfc
4
https://github.com/aws/aws-iot-device-sdk-java-v2
4
https://github.com/jhpyle/docassemble
4
https://github.com/FreeTAKTeam/UI
4
https://github.com/wasm3/wasm3
4
https://github.com/nltk/nltk
4
https://github.com/frappe/frappe
4
https://github.com/mlc-ai/xgrammar
4
https://github.com/latchset/jwcrypto
4
https://github.com/streamlit/streamlit
4
https://github.com/hyperledger/indy-node
4
https://github.com/AcademySoftwareFoundation/openexr
4
https://github.com/zopefoundation/RestrictedPython
4
https://github.com/litestar-org/litestar
4
https://github.com/pypa/setuptools
4
https://github.com/Cog-Creators/Red-DiscordBot
4
https://github.com/qutebrowser/qutebrowser
4
https://github.com/rohe/pysaml2
4
https://github.com/langflow-ai/langflow
4
https://github.com/pretix/pretix
4
https://github.com/dbt-labs/dbt-core
4
https://github.com/grpc/grpc
4
https://github.com/saleor/saleor
4
https://github.com/pallets/flask
4
https://github.com/bottlepy/bottle
4
https://github.com/simonw/datasette
4
https://github.com/ronf/asyncssh
4
https://github.com/AcademySoftwareFoundation/MaterialX
4
https://github.com/blacklanternsecurity/bbot
4
https://github.com/eosphoros-ai/DB-GPT
4
https://github.com/astral-sh/uv
3
https://github.com/ankitects/anki
3
https://github.com/openstack/python-keystoneclient
3
https://github.com/moinwiki/moin-1.9
3
https://github.com/eventlet/eventlet
3
https://github.com/aws/aws-sam-cli
3
https://github.com/gventuri/pandas-ai
3
https://github.com/jpadilla/pyjwt
3
https://github.com/benoitc/gunicorn
3
https://github.com/langchain-ai/langgraph
3
https://github.com/langroid/langroid
3
https://github.com/aws/sagemaker-python-sdk
3
https://github.com/Kludex/python-multipart
3
https://github.com/furlongm/openvpn-monitor
3
https://github.com/theupdateframework/python-tuf
3
https://github.com/djblets/djblets
3
https://github.com/mpdavis/python-jose
3
https://github.com/IdentityPython/pysaml2
3
https://github.com/andialbrecht/sqlparse
3
https://github.com/impredicative/bitlyshortener
3
https://github.com/Flask-Middleware/flask-security
3
https://github.com/pyinstaller/pyinstaller
3
https://github.com/dlitz/pycrypto
3
https://github.com/openstack/octavia
3
https://github.com/khoj-ai/khoj
3
https://github.com/openstack/ironic
3
https://github.com/chatchat-space/Langchain-Chatchat
3
https://github.com/Project-MONAI/MONAI
3
https://github.com/pyca/pyopenssl
3
https://github.com/poezio/slixmpp
3
https://github.com/adamghill/django-unicorn
3
https://github.com/ansible/ansible-runner
3
https://github.com/lepture/mistune
3
https://github.com/geyang/ml-logger
3
https://github.com/python/cpython
3
https://github.com/certifi/python-certifi
3
https://github.com/pygments/pygments
3
https://github.com/bytecodealliance/wasmtime
3
https://github.com/trentm/python-markdown2
3
https://github.com/DavidOsipov/PostQuantum-Feldman-VSS
3
https://github.com/theupdateframework/tuf
3
https://github.com/authlib/authlib
3
https://github.com/sosreport/sos
3
https://github.com/micropython/micropython
3
https://github.com/zauberzeug/nicegui
3
https://github.com/Gerapy/Gerapy
3
https://github.com/modelscope/ms-swift
3
https://github.com/yaml/pyyaml
3