pypi
774,315 packages · pypi.org
Security Advisories in pypi
Moderate
about 15 hours ago
Bokeh server applications have Incomplete Origin Validation in WebSockets
pypi
bokeh
Moderate
about 15 hours ago
MONAI has Path Traversal (Zip Slip) in NGC Private Bundle Download
pypi
monai
Low
1 day ago
AIOHTTP vulnerable to brute-force leak of internal static file path components
pypi
aiohttp
Low
1 day ago
AIOHTTP's unicode processing of header values could cause parsing discrepancies
pypi
aiohttp
Low
1 day ago
badkeys vulnerable to ASCII control character injection on console via malformed input
pypi
badkeys
High
4 days ago
Langflow Missing Authentication on Critical API Endpoints
pypi
langflow, langflow-base
Moderate
7 days ago
libsodium has Incomplete List of Disallowed Inputs
pypi, packagist
hdwallet, PyNaCl, paragonie/sodium_compat
High
8 days ago
Picklescan is vulnerable to RCE via missing detection when calling built-in python _operator.attrgetter
pypi
picklescan
High
8 days ago
Picklescan is vulnerable to RCE via missing detection when calling built-in python _operator.methodcaller
pypi
picklescan
Moderate
8 days ago
Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran._eval_length
pypi
picklescan
High
8 days ago
Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.getlincoef
pypi
picklescan
Moderate
8 days ago
Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.param_eval
pypi
picklescan
High
9 days ago
Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran.myeval
pypi
picklescan
High
9 days ago
Picklescan is vulnerable to RCE through missing detection when calling built-in python operator.methodcaller
pypi
picklescan
High
9 days ago
Picklescan missing detection when calling numpy.f2py.crackfortran.getlincoef
pypi
picklescan
High
12 days ago
lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()
pypi
lmdeploy
Critical
15 days ago
LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs
pypi
langchain-core
Moderate
15 days ago
Home Assistant Core before is vulnerable to Directory Traversal
pypi
homeassistant
Moderate
15 days ago
Local Deep Research is Vulnerable to Server-Side Request Forgery (SSRF) in Download Service
pypi
local-deep-research
Moderate
18 days ago
Cowrie has a SSRF vulnerability in wget/curl emulation enabling DDoS amplification
pypi
cowrie
Moderate
18 days ago
FastAPI Users Vulnerable to 1-click Account Takeover in Apps Using FastAPI SSO
pypi
fastapi-users
Low
19 days ago
pretix has Broken Access Control Allowing Cross-User File Access via UUID
pypi
pretix
Low
19 days ago
pretix has Broken Access Control Allowing Cross-User File Access via UUID
pypi
pretix
Moderate
19 days ago
FastAPI SSP is vulnerable to Cross-site Request Forgery (CSRF) through improper OAuth parameter validation
pypi
fastapi-sso
High
19 days ago
nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows
pypi
nbconvert
Moderate
20 days ago
Biopython is vulnerable to doctype XML external entity (XXE) injection through Bio.Entrez
pypi
biopython
Moderate
20 days ago
mcp-server-git has missing path validation when using --repository flag
pypi
mcp-server-git
Moderate
20 days ago
mcp-server-git argument injection in git_diff and git_checkout functions allows overwriting local files
pypi
mcp-server-git
Moderate
21 days ago
mcp-server-git's unrestricted git_init tool allows repository creation at arbitrary filesystem locations
pypi
mcp-server-git
Critical
21 days ago
Apache Airflow Providers Edge3 exposes internal API allowing RCE in web server context
pypi
apache-airflow-providers-edge3
Moderate
21 days ago
filelock has a TOCTOU race condition which allows symlink attacks during lock file creation
pypi
filelock
Low
21 days ago
PyMdown Extensions has a ReDOS bug in its Figure Capture extension
pypi
pymdown-extensions
Moderate
22 days ago
ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay
hex, pypi, rubygems, maven, go, packagist, npm
altcha, org.altcha:altcha, github.com/altcha-org/altcha-lib-go, altcha-org/altcha, altcha-lib
High
22 days ago
Fickling has missing detection for marshal.loads and types.FunctionType in unsafe modules list
pypi
fickling
Moderate
22 days ago
Weblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR)
pypi
Weblate
Moderate
22 days ago
Weblate's over‑permissive webhook endpoint enables mass repository updates and component enumeration
pypi
Weblate
Moderate
23 days ago
django-allauth's Okta and NetIQ implementations used a mutable identifier for authorization decisions
pypi
django-allauth
Moderate
23 days ago
django-allauth does not reject access tokens for inactive users
pypi
django-allauth
Moderate
23 days ago
Apache Airflow exposes secret values to authenticated UI users via rendered templates
pypi
apache-airflow
High
28 days ago
LangGraph's SQLite is vulnerable to SQL injection via metadata filter key in SQLite checkpointer list method
pypi
langgraph-checkpoint-sqlite
Critical
28 days ago
Cybersecurity AI (CAI) vulnerable to Command Injection in run_ssh_command_with_credentials Agent tool
pypi
cai-framework
High
29 days ago
NiceGUI has a path traversal in app.add_media_files() allows arbitrary file read
pypi
nicegui
Moderate
29 days ago
NiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content
pypi
nicegui
Moderate
29 days ago
NiceGUI Reflected XSS in ui.add_css, ui.add_scss, and ui.add_sass via Style Injection
pypi
nicegui
High
about 1 month ago
urllib3 allows an unbounded number of links in the decompression chain
pypi
urllib3
High
about 1 month ago
Open WebUI vulnerable to Server-Side Request Forgery (SSRF) via Arbitrary URL Processing in /api/v1/retrieval/process/web
pypi
open-webui
Moderate
about 1 month ago
Ansible Community General Collection is vulnerable to exposure of sensitive information
pypi
ansible
Critical
about 1 month ago
assyncmy is vulnerable to SQL injection via crafted dict keys
pypi
asyncmy
Moderate
about 1 month ago
Django is vulnerable to DoS via XML serializer text extraction
pypi
Django
Moderate
about 1 month ago
arcade-mcp-server Has Default Hardcoded Worker Secret That Allows Full Unauthorized Access to All HTTP MCP Worker Endpoints
pypi
arcade-mcp-server
High
about 1 month ago
vLLM vulnerable to remote code execution via transformers_utils/get_config
pypi
vllm
High
about 1 month ago
Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default
pypi
mcp
Low
about 1 month ago
Calibre-Web Has a Stored Cross-Site Scripting (XSS) Vulnerability via the 'username' Field During User Creation
pypi
calibreweb
Moderate
about 1 month ago
fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib
pypi
fonttools
Moderate
about 1 month ago
trytond allows remote attackers to obtain sensitive trace-back (server setup) information
pypi
trytond
High
about 1 month ago
trytond does not enforce access rights for the route of the HTML editor.
pypi
trytond
Moderate
about 1 month ago
Peppol-py is vulnerable to XXE attacks due to Saxon configuration
pypi
peppol_py
Low
about 1 month ago
Overhang Tutor Discloses Sensitive Information due to Improper Cache-Control
pypi
tutor
Moderate
about 1 month ago
OpenStack's Mistral Client has a local file inclusion vulnerability
pypi
python-mistralclient
Critical
about 1 month ago
Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack
pypi
ray
High
about 1 month ago
Fugue is Vulnerable to Remote Code Execution by Pickle Deserialization via FlaskRPCServer
pypi
fugue
Low
about 1 month ago
OMERO.web uses jquery-form library, which may be vulnerable to XSS attack
pypi
omero-web
Filter by Severity
Filter by Package
tensorflow
433
tensorflow-cpu
410
tensorflow-gpu
396
Django
91
apache-airflow
90
ansible
65
salt
65
apache-superset
61
mlflow
55
Plone
54
picklescan
52
nova
48
django
48
vyper
44
gradio
44
matrix-synapse
43
rdiffweb
42
plone
41
moin
35
vllm
32
keystone
32
opencv-contrib-python
31
opencv-python
31
open-webui
29
pillow
28
Pillow
28
pyload-ng
24
aiohttp
23
glance
21
ethyca-fides
20
aim
20
langchain
19
neutron
19
transformers
19
mercurial
18
mindsdb
18
calibreweb
18
cobbler
18
cryptography
17
notebook
17
pgadmin4
17
OctoPrint
17
urllib3
16
PaddlePaddle
16
lollms
16
paddlepaddle
16
h2o
15
vantage6
14
modoboa
14
litellm
14
pyftpdlib
14
zenml
14
mobsf
14
roundup
13
trytond
13
sentry
12
wagtail
12
swift
12
nautobot
12
twisted
12
waitress
11
horizon
11
ckan
11
onionshare-cli
11
ai.h2o:h2o-core
11
label-studio
11
Weblate
10
opencv-python-headless
10
Flask-AppBuilder
10
agentscope
9
opencv-contrib-python-headless
9
ryu
9
zope
9
keras
9
llama-index
9
kiwitcms
9
langflow
9
lief
9
cinder
9
changedetection.io
9
numpy
8
Zope2
8
ipython
8
Zope
8
tornado
8
python-keystoneclient
8
aubio
8
bentoml
8
copyparty
8
indico
8
trac
8
pip
8
dbgpt
8
llama-index-core
8
requests
7
jupyter-server
7
executorch
7
codechecker
7
ray
7
matrix-sydent
7
scrapy
7
mayan-edms
7
inventree
7
pysaml2
7
web2py
7
pretix
7
OpenEXR
6
apache-airflow-providers-apache-hive
6
mage-ai
6
tuf
6
torch
6
Moin
6
homeassistant
6
snowflake-connector-python
6
lxml
6
whoogle-search
6
dtale
6
mailman
6
graphite-web
6
Mezzanine
6
werkzeug
6
torchserve
6
pypdf
6
keylime
6
omero-web
6
Jinja2
6
nicegui
6
ansible-core
6
yt-dlp
6
open-webui
5
jupyterhub
5
feedparser
5
grpc
5
Products.CMFPlone
5
saleor
5
onnx
5
nltk
5
ait-core
5
grpcio
5
mitmproxy
5
weblate
5
starlette
5
Werkzeug
5
python-gnupg
5
bleach
5
jupyterlab
5
langchain-experimental
5
oauthenticator
5
langchain-community
5
langchain-core
5
pyspark
5
esphome
5
composio-core
5
lmdb
5
fschat
5
flask
4
datasette
4
httpie
4
RestrictedPython
4
flask-appbuilder
4
frappe
4
motioneye
4
qutebrowser
4
monai
4
flask-cors
4
koji
4
streamlit
4
pytorch-lightning
4
jinja2
4
fastmcp
4
aws-iot-device-sdk-v2
4
barbican
4
InvokeAI
4
xml2rfc
4
GitPython
4
markdown2
4
Flask-Security-Too
4
MaterialX
4
awsiotsdk
4
authlib
4
Scrapy
4
indy-node
4
jwcrypto
4
pywasm3
4
reportlab
4
dbt-core
4
octoprint
4
buildbot
4
nvflare
4
Nova
4
pandasai
4
tripleo-heat-templates
4
Keystone
4
setuptools
4
llamafactory
4
paramiko
4
Pygments
4
bbot
4
FreeTAKServer-UI
4
Radicale
4
Filter by Repository
https://github.com/tensorflow/tensorflow
433
https://github.com/django/django
121
https://github.com/apache/airflow
105
https://github.com/ansible/ansible
59
https://github.com/python-pillow/Pillow
52
https://github.com/vyperlang/vyper
44
https://github.com/saltstack/salt
42
https://github.com/ikus060/rdiffweb
42
https://github.com/gradio-app/gradio
39
https://github.com/mmaitre314/picklescan
39
https://github.com/openstack/nova
38
https://github.com/plone/Products.CMFPlone
37
https://github.com/mlflow/mlflow
36
https://github.com/matrix-org/synapse
32
https://github.com/opencv/opencv
32
https://github.com/PaddlePaddle/Paddle
31
https://github.com/openstack/keystone
28
https://github.com/vllm-project/vllm
25
https://github.com/langchain-ai/langchain
25
https://github.com/pyload/pyload
24
https://github.com/run-llama/llama_index
24
https://github.com/ethyca/fides
20
https://github.com/huggingface/transformers
19
https://github.com/vantage6/vantage6
17
https://github.com/mindsdb/mindsdb
17
https://github.com/pyca/cryptography
16
https://github.com/cobbler/cobbler
15
https://github.com/MobSF/Mobile-Security-Framework-MobSF
15
https://github.com/aio-libs/aiohttp
15
https://github.com/urllib3/urllib3
14
https://github.com/twisted/twisted
14
https://github.com/dpgaspar/Flask-AppBuilder
14
https://github.com/apache/superset
14
https://github.com/pgadmin-org/pgadmin4
14
https://github.com/janeczku/calibre-web
14
https://github.com/h2oai/h2o-3
13
https://github.com/zenml-io/zenml
13
https://github.com/OctoPrint/OctoPrint
13
https://github.com/modoboa/modoboa
13
https://github.com/wagtail/wagtail
12
https://github.com/openstack/glance
12
https://github.com/getsentry/sentry
12
https://github.com/nautobot/nautobot
12
https://github.com/onionshare/onionshare
11
https://github.com/parisneo/lollms
11
https://github.com/scrapy/scrapy
11
https://github.com/open-webui/open-webui
11
https://github.com/Pylons/waitress
11
https://github.com/HumanSignal/label-studio
10
https://github.com/WeblateOrg/weblate
10
https://github.com/ckan/ckan
10
https://github.com/jupyter/notebook
10
https://github.com/zopefoundation/Zope
9
https://github.com/aimhubio/aim
9
https://github.com/BerriAI/litellm
9
https://github.com/openstack/horizon
9
https://github.com/element-hq/synapse
9
https://github.com/giampaolo/pyftpdlib
9
https://github.com/faucetsdn/ryu
9
https://github.com/lief-project/LIEF
9
https://github.com/ipython/ipython
8
https://github.com/tornadoweb/tornado
8
https://github.com/numpy/numpy
8
https://github.com/keras-team/keras
8
https://github.com/dgtlmoon/changedetection.io
8
https://github.com/pallets/werkzeug
8
https://github.com/kiwitcms/Kiwi
8
https://github.com/openstack/neutron
8
https://github.com/octoprint/octoprint
8
https://github.com/9001/copyparty
8
https://github.com/Ericsson/codechecker
7
https://github.com/pypa/pip
7
https://github.com/openstack/swift
7
https://github.com/jupyter-server/jupyter_server
7
https://github.com/py-pdf/pypdf
7
https://github.com/openstack/cinder
7
https://github.com/indico/indico
7
https://github.com/aubio/aubio
7
https://github.com/pytorch/executorch
7
https://github.com/pytorch/pytorch
7
https://github.com/pallets/jinja
7
https://sourceforge.net/projects/sourceforge.net
7
https://github.com/benbusby/whoogle-search
6
https://github.com/corydolphin/flask-cors
6
https://github.com/snowflakedb/snowflake-connector-python
6
https://github.com/man-group/dtale
6
https://github.com/graphite-project/graphite-web
6
https://github.com/keylime/keylime
6
https://github.com/matrix-org/sydent
6
https://github.com/roundup-tracker/roundup
6
https://github.com/yt-dlp/yt-dlp
6
https://github.com/modelscope/agentscope
6
https://github.com/jupyterlab/jupyterlab
6
https://github.com/lxml/lxml
6
https://github.com/psf/requests
6
https://github.com/mitmproxy/mitmproxy
5
https://github.com/onnx/onnx
5
https://github.com/TeamSeri0us/pocs
5
https://github.com/ComposioHQ/composio
5
https://github.com/tryton/trytond
5
https://github.com/esphome/esphome
5
https://github.com/pytorch/serve
5
https://github.com/bentoml/BentoML
5
https://github.com/encode/starlette
5
https://github.com/gitpython-developers/GitPython
5
https://github.com/Exiv2/exiv2
5
https://github.com/jupyterhub/oauthenticator
5
https://github.com/mozilla/bleach
5
https://github.com/ray-project/ray
5
https://github.com/home-assistant/core
5
https://github.com/ome/omero-web
5
https://github.com/inventree/InvenTree
5
https://github.com/hwchase17/langchain
5
https://github.com/NVIDIA/NVFlare
4
https://github.com/FreeTAKTeam/UI
4
https://github.com/zopefoundation/RestrictedPython
4
https://github.com/eosphoros-ai/DB-GPT
4
https://github.com/blacklanternsecurity/bbot
4
https://github.com/django-helpdesk/django-helpdesk
4
https://github.com/hiyouga/LLaMA-Factory
4
https://github.com/grpc/grpc
4
https://github.com/berriai/litellm
4
https://github.com/jhpyle/docassemble
4
https://github.com/ietf-tools/xml2rfc
4
https://github.com/Kozea/Radicale
4
https://github.com/dbt-labs/dbt-core
4
https://github.com/web2py/web2py
4
https://github.com/frappe/frappe
4
https://github.com/bottlepy/bottle
4
https://github.com/latchset/jwcrypto
4
https://github.com/hyperledger/indy-node
4
https://github.com/Cog-Creators/Red-DiscordBot
4
https://github.com/AcademySoftwareFoundation/openexr
4
https://github.com/aws/aws-iot-device-sdk-java-v2
4
https://github.com/qutebrowser/qutebrowser
4
https://github.com/saleor/saleor
4
https://github.com/langflow-ai/langflow
4
https://github.com/AcademySoftwareFoundation/MaterialX
4
https://github.com/pretix/pretix
4
https://github.com/litestar-org/litestar
4
https://github.com/mlc-ai/xgrammar
4
https://github.com/wasm3/wasm3
4
https://github.com/rohe/pysaml2
4
https://github.com/simonw/datasette
4
https://github.com/pallets/flask
4
https://github.com/ronf/asyncssh
4
https://github.com/jupyterhub/jupyterhub
4
https://github.com/streamlit/streamlit
4
https://github.com/nltk/nltk
4
https://github.com/python-ldap/python-ldap
4
https://github.com/pypa/setuptools
4
https://github.com/pyinstaller/pyinstaller
3
https://github.com/impredicative/bitlyshortener
3
https://github.com/IdentityPython/pysaml2
3
https://github.com/zauberzeug/nicegui
3
https://github.com/theupdateframework/tuf
3
https://github.com/Flask-Middleware/flask-security
3
https://github.com/adamghill/django-unicorn
3
https://github.com/NASA-AMMOS/AIT-Core
3
https://github.com/sqlalchemy/sqlalchemy
3
https://github.com/certifi/python-certifi
3
https://github.com/pygments/pygments
3
https://github.com/bytecodealliance/wasmtime
3
https://github.com/micropython/micropython
3
https://github.com/moinwiki/moin-1.9
3
https://github.com/stephenmcd/mezzanine
3
https://github.com/skops-dev/skops
3
https://github.com/aws/sagemaker-python-sdk
3
https://github.com/Gerapy/Gerapy
3
https://github.com/paramiko/paramiko
3
https://github.com/aws/aws-sam-cli
3
https://github.com/dlitz/pycrypto
3
https://github.com/pyca/pyopenssl
3
https://github.com/openstack/octavia
3
https://github.com/rochacbruno/quokka
3
https://github.com/poezio/slixmpp
3
https://github.com/openstack/ironic
3
https://github.com/chatchat-space/Langchain-Chatchat
3
https://github.com/modelscope/ms-swift
3
https://github.com/astral-sh/uv
3
https://github.com/beancount/fava
3
https://github.com/ankitects/anki
3
https://github.com/sosreport/sos
3
https://github.com/geyang/ml-logger
3
https://github.com/benoitc/gunicorn
3
https://github.com/langroid/langroid
3
https://github.com/andialbrecht/sqlparse
3
https://github.com/eventlet/eventlet
3
https://github.com/python/cpython
3
https://github.com/lepture/mistune
3
https://github.com/khoj-ai/khoj
3
https://github.com/Project-MONAI/MONAI
3
https://github.com/ansible/ansible-runner
3
https://github.com/gventuri/pandas-ai
3
https://github.com/jlowin/fastmcp
3
https://github.com/github/securitylab
3
https://github.com/invoke-ai/InvokeAI
3
https://github.com/langchain-ai/langgraph
3
https://github.com/jpadilla/pyjwt
3