pypi
761,655 packages · pypi.org
Security Advisories in pypi
High
3 days ago
Open WebUI vulnerable to Server-Side Request Forgery (SSRF) via Arbitrary URL Processing in /api/v1/retrieval/process/web
pypi
open-webui
Moderate
3 days ago
Ansible Community General Collection is vulnerable to exposure of sensitive information
pypi
ansible
Moderate
5 days ago
arcade-mcp-server Has Default Hardcoded Worker Secret That Allows Full Unauthorized Access to All HTTP MCP Worker Endpoints
pypi
arcade-mcp-server
High
5 days ago
vLLM vulnerable to remote code execution via transformers_utils/get_config
pypi
vllm
High
5 days ago
Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default
pypi
mcp
Low
5 days ago
Calibre-Web Has a Stored Cross-Site Scripting (XSS) Vulnerability via the 'username' Field During User Creation
pypi
calibreweb
Moderate
6 days ago
fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib
pypi
fonttools
High
7 days ago
trytond does not enforce access rights for the route of the HTML editor.
pypi
trytond
Moderate
7 days ago
trytond allows remote attackers to obtain sensitive trace-back (server setup) information
pypi
trytond
Moderate
9 days ago
Peppol-py is vulnerable to XXE attacks due to Saxon configuration
pypi
peppol_py
Low
11 days ago
Overhang Tutor Discloses Sensitive Information due to Improper Cache-Control
pypi
tutor
Moderate
11 days ago
OpenStack's Mistral Client has a local file inclusion vulnerability
pypi
python-mistralclient
Critical
11 days ago
Ray is vulnerable to Critical RCE via Safari & Firefox Browsers through DNS Rebinding Attack
pypi
ray
High
12 days ago
Fugue is Vulnerable to Remote Code Execution by Pickle Deserialization via FlaskRPCServer
pypi
fugue
Low
13 days ago
OMERO.web uses jquery-form library, which may be vulnerable to XSS attack
pypi
omero-web
High
13 days ago
Keylime allows users to register new agents by recycling existing UUIDs when using different TPM devices
pypi
keylime
Moderate
17 days ago
vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs`
pypi
vllm
High
17 days ago
vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs
pypi
vllm
High
17 days ago
LangChain Vulnerable to Template Injection via Attribute Access in Prompt Templates
pypi
langchain-core
Critical
19 days ago
joserfc has Possible Uncontrolled Resource Consumption Vulnerability Triggered by Logging Arbitrarily Large JWT Token Payloads
pypi
joserfc
High
20 days ago
OpenStack Keystone allows /v3/ec2tokens or /v3/s3tokens request with valid AWS Signature to provide Keystone authorization.
pypi
keystone
High
24 days ago
AWS Advanced Python Wrapper: Privilege Escalation in Aurora PostgreSQL instance
pypi
aws_advanced_python_wrapper
Critical
24 days ago
pgAdmin4 vulnerable to Remote Code Execution (RCE) when running in server mode
pypi
pgadmin4
High
24 days ago
pgAdmin has vulnerability in LDAP authentication mechanism that allows bypassing TLS certificate verification
pypi
pgadmin4
High
25 days ago
Bugsink is vulnerable to unauthenticated remote DoS via crafted Brotli input (via CPU)
pypi
bugsink
High
25 days ago
Bugsink is vulnerable to unauthenticated remote DoS via crafted Brotli input
pypi
bugsink
High
30 days ago
Insecure Deserialization (pickle) in pdfminer.six CMap Loader — Local Privesc
pypi
pdfminer.six
Moderate
30 days ago
AstrBot has an arbitrary file read vulnerability in function _encode_image_bs64
pypi
AstrBot
High
30 days ago
Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events
pypi, npm
open-webui
High
30 days ago
Open WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCE
pypi, npm
open-webui
High
about 1 month ago
LangGraph Checkpoint affected by RCE in "json" mode of JsonPlusSerializer
pypi
langgraph-checkpoint
Low
about 1 month ago
Weblate leaks the IP of project member inviting user to be reviewer in Audit log
pypi
weblate
Critical
about 1 month ago
Django vulnerable to SQL injection via _connector keyword argument in QuerySet and Q objects.
pypi
django
High
about 1 month ago
Django has a denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect on Windows
pypi
django
Moderate
about 1 month ago
Apache Doris-MCP-Server: Improper Access Control results in bypassing a "read-only" mode
pypi
doris-mcp-server
Moderate
about 1 month ago
OctoPrint vulnerable to XSS in Action Commands Notification and Prompt
pypi
octoprint
High
about 1 month ago
Dosage vulnerable to a Directory Traversal through crafted HTTP responses
pypi
dosage
High
about 1 month ago
motionEye vulnerable to RCE via unsanitized motion config parameter
pypi
motioneye
Moderate
about 1 month ago
cryptidy allows code execution via untrusted data due to pickle.loads
pypi
cryptidy
High
about 1 month ago
Scrapy is vulnerable to a denial of service (DoS) attack due to flaws in brotli decompression implementation
pypi
brotli
Moderate
about 1 month ago
Apache Airflow `/api/v2/dagReports` executes DAG Python in API
pypi
apache-airflow
Moderate
about 1 month ago
Apache Airflow has a command injection vulnerability in "example_dag_decorator"
pypi
apache-airflow
Moderate
about 1 month ago
Apache Airflow's create action can upsert existing Pools/Connections/Variables
pypi
apache-airflow
High
about 1 month ago
LangGraph SQLite Checkpoint Filter Key SQL Injection POC for SqliteStore
pypi
langgraph-checkpoint-sqlite
Moderate
about 1 month ago
OpenUSD File Parsing Use-After-Free Remote Code Execution Vulnerability
pypi
usd-core
High
about 1 month ago
MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability
pypi
mlflow
High
about 1 month ago
MLflow Weak Password Requirements Authentication Bypass Vulnerability
pypi
mlflow
Moderate
about 1 month ago
FastMCP vulnerable to windows command injection in FastMCP Cursor installer via server_name
pypi
fastmcp
Moderate
about 1 month ago
FastMCP vulnerable to reflected XSS in client's callback page
pypi
fastmcp
High
about 1 month ago
FastMCP Auth Integration Allows for Confused Deputy Account Takeover
pypi
fastmcp
Moderate
about 1 month ago
Keras is vulnerable to arbitrary local file loading and Server-Side Request Forgery
pypi
keras
High
about 1 month ago
Starlette vulnerable to O(n^2) DoS via Range header merging in ``starlette.responses.FileResponse``
pypi
starlette
High
about 1 month ago
pg8000 SQL injection vulnerability via a specially crafted Python list input
pypi
pg8000
High
about 1 month ago
LangGraph's SQLite store implementation has a SQL Injection Vulnerability
pypi
langgraph-checkpoint-sqlite
Moderate
about 2 months ago
pypdf possibly loops infinitely when reading DCT inline images without EOF marker
pypi
pypdf
High
about 2 months ago
aiomysql allows arbitrary access to client files through vulnerability of a malicious MySQL server
pypi
aiomysql
Moderate
about 2 months ago
Scapy Session Loading Vulnerable to Arbitrary Code Execution via Untrusted Pickle Deserialization
pypi
scapy
Moderate
about 2 months ago
Hugging Face Smolagents XPath injection vulnerability in the search_item_ctrl_f function
pypi
smolagents
Moderate
about 2 months ago
Nautobot Single Source of Truth (SSoT) has an unauthenticated ServiceNow configuration URL
pypi
nautobot-ssot
Moderate
about 2 months ago
Taguette vulnerable to cross-site scripting via tag name, tag description, document name and document description
pypi
taguette
Critical
about 2 months ago
Keras framework vulnerable to deserialization of untrusted data
pypi
keras
Critical
about 2 months ago
pyquokka is Vulnerable to Remote Code Execution by Pickle Deserialization via FlightServer
pypi
pyquokka
Moderate
about 2 months ago
Mammoth is vulnerable to Directory Traversal
nuget, pypi, maven, npm
Mammoth, mammoth, org.zwobble.mammoth:mammoth
High
about 2 months ago
Home Assistant has Stored XSS vulnerability in Energy dashboard from Energy Entity Name
pypi
homeassistant
Filter by Severity
Filter by Package
tensorflow
433
tensorflow-cpu
404
tensorflow-gpu
392
Django
91
apache-airflow
89
salt
65
ansible
65
apache-superset
61
mlflow
55
Plone
54
nova
48
django
48
vyper
44
gradio
44
matrix-synapse
43
rdiffweb
42
plone
41
picklescan
39
moin
35
vllm
32
keystone
32
opencv-python
31
opencv-contrib-python
30
open-webui
29
pillow
28
Pillow
28
pyload-ng
24
glance
21
ethyca-fides
20
aim
20
neutron
19
transformers
19
langchain
19
calibreweb
18
mindsdb
18
mercurial
18
cobbler
18
notebook
17
cryptography
17
OctoPrint
17
pgadmin4
16
lollms
16
PaddlePaddle
16
paddlepaddle
16
urllib3
16
h2o
15
aiohttp
15
vantage6
14
pyftpdlib
14
litellm
14
zenml
14
modoboa
14
mobsf
14
roundup
13
trytond
13
twisted
12
sentry
12
wagtail
12
nautobot
12
swift
12
onionshare-cli
11
horizon
11
ai.h2o:h2o-core
11
ckan
11
label-studio
11
waitress
11
opencv-python-headless
10
Flask-AppBuilder
10
llama-index
9
cinder
9
ryu
9
keras
9
zope
9
changedetection.io
9
lief
9
kiwitcms
9
agentscope
9
opencv-contrib-python-headless
9
Zope
8
copyparty
8
llama-index-core
8
aubio
8
numpy
8
tornado
8
bentoml
8
ipython
8
dbgpt
8
indico
8
python-keystoneclient
8
trac
8
pip
8
Zope2
8
jupyter-server
7
codechecker
7
requests
7
web2py
7
matrix-sydent
7
inventree
7
scrapy
7
executorch
7
pysaml2
7
ray
7
mage-ai
6
keylime
6
graphite-web
6
torchserve
6
whoogle-search
6
pypdf
6
Mezzanine
6
torch
6
langflow
6
omero-web
6
Jinja2
6
lxml
6
snowflake-connector-python
6
apache-airflow-providers-apache-hive
6
OpenEXR
6
tuf
6
Moin
6
mailman
6
dtale
6
werkzeug
6
yt-dlp
6
ansible-core
6
ait-core
5
saleor
5
lmdb
5
jupyterhub
5
composio-core
5
fschat
5
grpcio
5
open-webui
5
pretix
5
jupyterlab
5
esphome
5
starlette
5
Weblate
5
langchain-experimental
5
mayan-edms
5
feedparser
5
oauthenticator
5
langchain-community
5
bleach
5
Werkzeug
5
grpc
5
nltk
5
homeassistant
5
python-gnupg
5
mitmproxy
5
onnx
5
Products.CMFPlone
5
weblate
5
jinja2
4
tripleo-heat-templates
4
litestar
4
authlib
4
PyPDF2
4
software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
4
langchain-core
4
Pygments
4
pyspark
4
FreeTAKServer-UI
4
jwcrypto
4
llamafactory
4
setuptools
4
buildbot
4
octoprint
4
pywasm3
4
flask
4
dbt-core
4
nvflare
4
Scrapy
4
MaterialX
4
Flask-Security-Too
4
markdown2
4
barbican
4
xml2rfc
4
koji
4
flask-appbuilder
4
python-ldap
4
flask-cors
4
streamlit
4
frappe
4
django-helpdesk
4
paramiko
4
bbot
4
Radicale
4
skops
4
pytorch-lightning
4
Keystone
4
clearml
4
bottle
4
aws-iot-device-sdk-v2
4
indy-node
4
motioneye
4
datasette
4
reportlab
4
RestrictedPython
4
pandasai
4
InvokeAI
4
Filter by Repository
https://github.com/tensorflow/tensorflow
433
https://github.com/django/django
121
https://github.com/apache/airflow
105
https://github.com/ansible/ansible
59
https://github.com/python-pillow/Pillow
52
https://github.com/vyperlang/vyper
44
https://github.com/saltstack/salt
42
https://github.com/ikus060/rdiffweb
42
https://github.com/mmaitre314/picklescan
39
https://github.com/gradio-app/gradio
39
https://github.com/openstack/nova
38
https://github.com/plone/Products.CMFPlone
37
https://github.com/mlflow/mlflow
36
https://github.com/opencv/opencv
32
https://github.com/matrix-org/synapse
32
https://github.com/PaddlePaddle/Paddle
31
https://github.com/openstack/keystone
28
https://github.com/vllm-project/vllm
25
https://github.com/langchain-ai/langchain
25
https://github.com/run-llama/llama_index
24
https://github.com/pyload/pyload
24
https://github.com/ethyca/fides
20
https://github.com/huggingface/transformers
19
https://github.com/vantage6/vantage6
17
https://github.com/mindsdb/mindsdb
17
https://github.com/pyca/cryptography
16
https://github.com/MobSF/Mobile-Security-Framework-MobSF
15
https://github.com/aio-libs/aiohttp
15
https://github.com/cobbler/cobbler
15
https://github.com/apache/superset
14
https://github.com/urllib3/urllib3
14
https://github.com/pgadmin-org/pgadmin4
14
https://github.com/dpgaspar/Flask-AppBuilder
14
https://github.com/twisted/twisted
14
https://github.com/janeczku/calibre-web
14
https://github.com/zenml-io/zenml
13
https://github.com/modoboa/modoboa
13
https://github.com/h2oai/h2o-3
13
https://github.com/OctoPrint/OctoPrint
13
https://github.com/nautobot/nautobot
12
https://github.com/openstack/glance
12
https://github.com/getsentry/sentry
12
https://github.com/wagtail/wagtail
12
https://github.com/parisneo/lollms
11
https://github.com/open-webui/open-webui
11
https://github.com/Pylons/waitress
11
https://github.com/onionshare/onionshare
11
https://github.com/scrapy/scrapy
11
https://github.com/HumanSignal/label-studio
10
https://github.com/ckan/ckan
10
https://github.com/WeblateOrg/weblate
10
https://github.com/jupyter/notebook
10
https://github.com/lief-project/LIEF
9
https://github.com/element-hq/synapse
9
https://github.com/BerriAI/litellm
9
https://github.com/giampaolo/pyftpdlib
9
https://github.com/zopefoundation/Zope
9
https://github.com/faucetsdn/ryu
9
https://github.com/openstack/horizon
9
https://github.com/aimhubio/aim
9
https://github.com/ipython/ipython
8
https://github.com/tornadoweb/tornado
8
https://github.com/pallets/werkzeug
8
https://github.com/numpy/numpy
8
https://github.com/octoprint/octoprint
8
https://github.com/keras-team/keras
8
https://github.com/9001/copyparty
8
https://github.com/openstack/neutron
8
https://github.com/kiwitcms/Kiwi
8
https://github.com/dgtlmoon/changedetection.io
8
https://github.com/indico/indico
7
https://github.com/jupyter-server/jupyter_server
7
https://github.com/py-pdf/pypdf
7
https://github.com/pypa/pip
7
https://github.com/pytorch/executorch
7
https://github.com/aubio/aubio
7
https://sourceforge.net/projects/sourceforge.net
7
https://github.com/openstack/cinder
7
https://github.com/Ericsson/codechecker
7
https://github.com/openstack/swift
7
https://github.com/pytorch/pytorch
7
https://github.com/pallets/jinja
7
https://github.com/lxml/lxml
6
https://github.com/keylime/keylime
6
https://github.com/roundup-tracker/roundup
6
https://github.com/yt-dlp/yt-dlp
6
https://github.com/graphite-project/graphite-web
6
https://github.com/modelscope/agentscope
6
https://github.com/matrix-org/sydent
6
https://github.com/psf/requests
6
https://github.com/benbusby/whoogle-search
6
https://github.com/corydolphin/flask-cors
6
https://github.com/jupyterlab/jupyterlab
6
https://github.com/snowflakedb/snowflake-connector-python
6
https://github.com/man-group/dtale
6
https://github.com/mozilla/bleach
5
https://github.com/mitmproxy/mitmproxy
5
https://github.com/ome/omero-web
5
https://github.com/home-assistant/core
5
https://github.com/hwchase17/langchain
5
https://github.com/gitpython-developers/GitPython
5
https://github.com/ComposioHQ/composio
5
https://github.com/encode/starlette
5
https://github.com/TeamSeri0us/pocs
5
https://github.com/pytorch/serve
5
https://github.com/tryton/trytond
5
https://github.com/bentoml/BentoML
5
https://github.com/esphome/esphome
5
https://github.com/onnx/onnx
5
https://github.com/jupyterhub/oauthenticator
5
https://github.com/ray-project/ray
5
https://github.com/inventree/InvenTree
5
https://github.com/Exiv2/exiv2
5
https://github.com/latchset/jwcrypto
4
https://github.com/nltk/nltk
4
https://github.com/mlc-ai/xgrammar
4
https://github.com/NVIDIA/NVFlare
4
https://github.com/litestar-org/litestar
4
https://github.com/hiyouga/LLaMA-Factory
4
https://github.com/wasm3/wasm3
4
https://github.com/hyperledger/indy-node
4
https://github.com/ietf-tools/xml2rfc
4
https://github.com/berriai/litellm
4
https://github.com/jhpyle/docassemble
4
https://github.com/jupyterhub/jupyterhub
4
https://github.com/python-ldap/python-ldap
4
https://github.com/django-helpdesk/django-helpdesk
4
https://github.com/ronf/asyncssh
4
https://github.com/blacklanternsecurity/bbot
4
https://github.com/frappe/frappe
4
https://github.com/Cog-Creators/Red-DiscordBot
4
https://github.com/aws/aws-iot-device-sdk-java-v2
4
https://github.com/eosphoros-ai/DB-GPT
4
https://github.com/pypa/setuptools
4
https://github.com/AcademySoftwareFoundation/openexr
4
https://github.com/dbt-labs/dbt-core
4
https://github.com/saleor/saleor
4
https://github.com/langflow-ai/langflow
4
https://github.com/bottlepy/bottle
4
https://github.com/qutebrowser/qutebrowser
4
https://github.com/grpc/grpc
4
https://github.com/web2py/web2py
4
https://github.com/AcademySoftwareFoundation/MaterialX
4
https://github.com/rohe/pysaml2
4
https://github.com/zopefoundation/RestrictedPython
4
https://github.com/streamlit/streamlit
4
https://github.com/FreeTAKTeam/UI
4
https://github.com/pallets/flask
4
https://github.com/pretix/pretix
4
https://github.com/Kozea/Radicale
4
https://github.com/simonw/datasette
4
https://github.com/Gerapy/Gerapy
3
https://github.com/theupdateframework/python-tuf
3
https://github.com/lepture/mistune
3
https://github.com/benoitc/gunicorn
3
https://github.com/stephenmcd/mezzanine
3
https://github.com/bytecodealliance/wasmtime
3
https://github.com/eventlet/eventlet
3
https://github.com/langchain-ai/langgraph
3
https://github.com/pyca/pyopenssl
3
https://github.com/Flask-Middleware/flask-security
3
https://github.com/IdentityPython/pysaml2
3
https://github.com/openstack/octavia
3
https://github.com/impredicative/bitlyshortener
3
https://github.com/pyinstaller/pyinstaller
3
https://github.com/adamghill/django-unicorn
3
https://github.com/certifi/python-certifi
3
https://github.com/ankitects/anki
3
https://github.com/openstack/ironic
3
https://github.com/pygments/pygments
3
https://github.com/moinwiki/moin-1.9
3
https://github.com/jpadilla/pyjwt
3
https://github.com/ansible/ansible-runner
3
https://github.com/Project-MONAI/MONAI
3
https://github.com/skops-dev/skops
3
https://github.com/micropython/micropython
3
https://github.com/sqlalchemy/sqlalchemy
3
https://github.com/gventuri/pandas-ai
3
https://github.com/theupdateframework/tuf
3
https://github.com/python/cpython
3
https://github.com/zauberzeug/nicegui
3
https://github.com/geyang/ml-logger
3
https://github.com/khoj-ai/khoj
3
https://github.com/jlowin/fastmcp
3
https://github.com/chatchat-space/Langchain-Chatchat
3
https://github.com/sosreport/sos
3
https://github.com/beancount/fava
3
https://github.com/dlitz/pycrypto
3
https://github.com/rochacbruno/quokka
3
https://github.com/modelscope/ms-swift
3
https://github.com/poezio/slixmpp
3
https://github.com/astral-sh/uv
3
https://github.com/andialbrecht/sqlparse
3
https://github.com/paramiko/paramiko
3
https://github.com/NASA-AMMOS/AIT-Core
3
https://github.com/aws/aws-sam-cli
3
https://github.com/langroid/langroid
3
https://github.com/aws/sagemaker-python-sdk
3
https://github.com/trentm/python-markdown2
3