pypi
758,503 packages · pypi.org
Moderate Security Advisories in pypi Clear Filters
Moderate
4 days ago
OpenStack's Mistral Client has a local file inclusion vulnerability
pypi
python-mistralclient
Moderate
10 days ago
vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs`
pypi
vllm
Moderate
23 days ago
AstrBot has an arbitrary file read vulnerability in function _encode_image_bs64
pypi
AstrBot
Moderate
25 days ago
Apache Doris-MCP-Server: Improper Access Control results in bypassing a "read-only" mode
pypi
doris-mcp-server
Moderate
26 days ago
OctoPrint vulnerable to XSS in Action Commands Notification and Prompt
pypi
octoprint
Moderate
about 1 month ago
cryptidy allows code execution via untrusted data due to pickle.loads
pypi
cryptidy
Moderate
about 1 month ago
Apache Airflow's create action can upsert existing Pools/Connections/Variables
pypi
apache-airflow
Moderate
about 1 month ago
Apache Airflow `/api/v2/dagReports` executes DAG Python in API
pypi
apache-airflow
Moderate
about 1 month ago
Apache Airflow has a command injection vulnerability in "example_dag_decorator"
pypi
apache-airflow
Moderate
about 1 month ago
OpenUSD File Parsing Use-After-Free Remote Code Execution Vulnerability
pypi
usd-core
Moderate
about 1 month ago
FastMCP vulnerable to windows command injection in FastMCP Cursor installer via server_name
pypi
fastmcp
Moderate
about 1 month ago
FastMCP vulnerable to reflected XSS in client's callback page
pypi
fastmcp
Moderate
about 1 month ago
Keras is vulnerable to arbitrary local file loading and Server-Side Request Forgery
pypi
keras
Moderate
about 1 month ago
pypdf possibly loops infinitely when reading DCT inline images without EOF marker
pypi
pypdf
Moderate
about 1 month ago
Scapy Session Loading Vulnerable to Arbitrary Code Execution via Untrusted Pickle Deserialization
pypi
scapy
Moderate
about 1 month ago
Hugging Face Smolagents XPath injection vulnerability in the search_item_ctrl_f function
pypi
smolagents
Moderate
about 1 month ago
Nautobot Single Source of Truth (SSoT) has an unauthenticated ServiceNow configuration URL
pypi
nautobot-ssot
Moderate
about 1 month ago
Taguette vulnerable to cross-site scripting via tag name, tag description, document name and document description
pypi
taguette
Moderate
about 1 month ago
Mammoth is vulnerable to Directory Traversal
nuget, pypi, maven, npm
Mammoth, mammoth, org.zwobble.mammoth:mammoth
Moderate
about 2 months ago
python-ldap is Vulnerable to Improper Encoding or Escaping of Output and Improper Null Termination
pypi
python-ldap
Moderate
about 2 months ago
python-ldap has sanitization bypass in ldap.filter.escape_filter_chars
pypi
python-ldap
Moderate
about 2 months ago
BBOT's git_clone.py can expose users' GitHub API keys to an attacker-controlled webserver
pypi
bbot
Moderate
about 2 months ago
Python Social Auth - Django has unsafe account association
pypi
social-auth-app-django
Moderate
about 2 months ago
Synapse's invalid device keys degrade federation functionality
pypi
matrix-synapse
Moderate
about 2 months ago
vLLM: Resource-Exhaustion (DoS) through Malicious Jinja Template in OpenAI-Compatible Server
pypi
vllm
Moderate
about 2 months ago
python-socketio vulnerable to arbitrary Python code execution (RCE) through malicious pickle deserialization in certain multi-server deployments
pypi
python-socketio
Moderate
about 2 months ago
clearml is vulnerable to Path Traversal through its `safe_extract` function
pypi
clearml
Moderate
about 2 months ago
ZenML is vulnerable to Path Traversal through its `PathMaterializer` class
pypi
zenml
Moderate
2 months ago
SPDK is vulnerable to buffer overflow in the NVMe-oF target component
pypi
spdk
Moderate
2 months ago
mkdocs-include-markdown-plugin susceptible to unvalidated input colliding with substitution placeholders
pypi
mkdocs-include-markdown-plugin
Moderate
2 months ago
Apache Airflow: Connection sensitive details exposed to users with READ permissions
pypi
apache-airflow
Moderate
2 months ago
Llama Stack could potentially allow for remote code execution
pypi
llama-stack
Moderate
2 months ago
pip's fallback tar extraction doesn't check symbolic links point to extraction directory
pypi
pip
Moderate
2 months ago
Hugging Face Transformers vulnerable to Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer
pypi
transformers
Moderate
3 months ago
mcp-kubernetes-server has a Command Injection vulnerability
pypi
mcp-kubernetes-server
Moderate
3 months ago
Hugging Face Transformers library has Regular Expression Denial of Service
pypi
transformers
Moderate
3 months ago
Hugging Face Transformers is vulnerable to ReDoS through its MarianTokenizer
pypi
transformers
Moderate
3 months ago
Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods
pypi
flask-appbuilder
Moderate
3 months ago
Infrahub: Deleted and expired API tokens can still authenticate
pypi
infrahub-server
Moderate
3 months ago
Indico may disclose unauthorized user details access via legacy API
pypi
indico
Moderate
3 months ago
SGLang Remote Code Execution Vulnerability via Unsafe Deserialization in update_weights_from_tensor
pypi
sglang
Moderate
3 months ago
copyparty: Sharing a single file does not fully restrict access to other files in source folder
pypi
copyparty
Moderate
3 months ago
Fides Webserver API Rate Limiting Vulnerability in Proxied Environments
pypi
ethyca-fides
Moderate
3 months ago
MobSF Vulnerable to Arbitrary File Write (AR-Slip) via Absolute Path in .a Extraction
pypi
mobsf
Moderate
3 months ago
Local Deep Research's API keys are stored in plain text
pypi
local-deep-research
Moderate
3 months ago
Eventlet affected by HTTP request smuggling in unparsed trailers
pypi
eventlet
Moderate
3 months ago
Picklescan is missing detection when calling built-in python library asyncio.unix_events._UnixSubprocessTransport._start
pypi
picklescan
Moderate
3 months ago
Picklescan is missing detection when calling built-in python cProfile.run
pypi
picklescan
Moderate
3 months ago
Picklescan is missing detection when calling built-in python cProfile.runctx
pypi
picklescan
Moderate
3 months ago
Picklescan is missing detection when calling built-in python doctest.debug_script
pypi
picklescan
Moderate
3 months ago
Picklescan is missing detection when calling built-in python idlelib.pyshell.ModifiedInterpreter.runcode
pypi
picklescan
Moderate
3 months ago
Picklescan is missing detection when calling built-in python idlelib.pyshell.ModifiedInterpreter.runcommand
pypi
picklescan
Moderate
3 months ago
Picklescan is missing detection when calling built-in python idlelib.run.Executive.runcode
pypi
picklescan
Moderate
3 months ago
Picklescan is missing detection when calling built-in python lib2to3.pgen2.pgen.ParserGenerator.make_label
pypi
picklescan
Moderate
3 months ago
Picklescan is missing detection when calling built-in python ensurepip._run_pip
pypi
picklescan
Moderate
3 months ago
Picklescan is missing detection when calling pytorch function torch.utils.bottleneck.__main__.run_autograd_prof
pypi
picklescan
Moderate
3 months ago
Picklescan has a missing detection when calling built-in python library idlelib.calltip.get_entity
pypi
picklescan
Moderate
3 months ago
Picklescan has a missing detection when calling built-in python idlelib.calltip.Calltip
pypi
picklescan
Moderate
3 months ago
Picklescan has a missing detection when calling built-in python code.InteractiveInterpreter
pypi
picklescan
Moderate
3 months ago
Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.fetch_completions
pypi
picklescan
Moderate
3 months ago
Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.get_entity
pypi
picklescan
Moderate
3 months ago
Picklescan has a missing detection when calling built-in python idlelib.debugobj.ObjectTreeItem
pypi
picklescan
Moderate
3 months ago
Picklescan has a missing detection when calling built-in python lib2to3.pgen2.grammar.Grammar.loads
pypi
picklescan
Moderate
3 months ago
Picklescan has a missing detection when calling built-in python profile.Profile.runctx
pypi
picklescan
Moderate
3 months ago
Picklescan has a missing detection when calling built-in python profile.Profile.run
pypi
picklescan
Moderate
3 months ago
Picklescan has a missing detection when calling built-in python trace.Trace.runctx
pypi
picklescan
Moderate
3 months ago
Picklescan has a missing detection when calling built-in python trace.Trace.run
pypi
picklescan
Moderate
3 months ago
mitmproxy binaries embed a vulnerable python-hyper/h2 dependency
pypi
mitmproxy
Moderate
3 months ago
Picklescan missing detection when calling pytorch function torch.utils._config_module.load_config
pypi
picklescan
Moderate
3 months ago
Picklescan missing detection when calling pytorch function torch.jit.unsupported_tensor_ops.execWrapper
pypi
picklescan
Moderate
3 months ago
Picklescan missing detection when calling pytorch function torch.utils.data.datapipes.utils.decoder.basichandlers
pypi
picklescan
Moderate
3 months ago
Picklescan missing detection when calling pytorch function torch.utils.collect_env.run
pypi
picklescan
Moderate
3 months ago
Picklescan missing detection when calling pytorch function torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression
pypi
picklescan
Moderate
3 months ago
Picklescan missing detection when calling pytorch function torch._dynamo.guards.GuardBuilder.get
pypi
picklescan
Moderate
3 months ago
Picklescan missing detection when calling pytorch function torch.utils.bottleneck.__main__.run_cprofile
pypi
picklescan
Moderate
3 months ago
Copier's safe template has filesystem write access outside destination path
pypi
copier
Moderate
4 months ago
Apache Superset allows authenticated users to discover metadata about datasources they don't have permission to access
pypi
apache-superset
Moderate
4 months ago
Apache Superset has bypass of `DISALLOWED_SQL_FUNCTIONS` that allows execution of blocked SQL functions
pypi
apache-superset
Moderate
4 months ago
Apache Superset's chart visualization has a stored Cross-Site Scripting (XSS) vulnerability
pypi
apache-superset
Moderate
4 months ago
Apache Superset data query improperly discloses database schema information to low-privileged guest user
pypi
apache-superset
Filter by Severity
Filter by Package
tensorflow
200
tensorflow-cpu
193
tensorflow-gpu
185
apache-airflow
47
apache-superset
45
Django
39
picklescan
34
nova
29
plone
29
moin
27
ansible
26
Plone
23
django
20
matrix-synapse
20
gradio
20
salt
17
rdiffweb
16
vyper
15
glance
14
keystone
13
roundup
12
vllm
12
transformers
12
PaddlePaddle
10
notebook
10
OctoPrint
10
aiohttp
10
urllib3
9
pyftpdlib
9
calibreweb
9
horizon
9
open-webui
9
onionshare-cli
8
mlflow
8
neutron
8
modoboa
8
pyload-ng
8
ckan
8
opencv-contrib-python
8
opencv-python
8
zenml
7
mobsf
7
twisted
7
wagtail
6
vantage6
6
pgadmin4
6
swift
6
Flask-AppBuilder
6
requests
6
indico
6
Mezzanine
6
pypdf
6
aim
6
cinder
6
lxml
6
copyparty
5
Pillow
5
trytond
5
trac
5
mindsdb
5
mayan-edms
5
cobbler
5
mage-ai
5
jupyter-server
5
cryptography
5
ethyca-fides
5
web2py
5
jwcrypto
4
pip
4
matrix-sydent
4
snowflake-connector-python
4
mailman
4
ansible-core
4
omero-web
4
flask-cors
4
Scrapy
4
python-ldap
4
sentry
4
dtale
4
codechecker
4
jinja2
4
composio-core
4
waitress
4
label-studio
4
tornado
4
Products.CMFPlone
4
zope
4
paddlepaddle
4
pillow
4
lollms
4
lief
4
PyPDF2
4
OpenEXR
4
aws-sam-cli
3
flask-appbuilder
3
changedetection.io
3
saleor
3
markdown2
3
eventlet
3
AccessControl
3
graphite-web
3
Jinja2
3
wasmtime
3
werkzeug
3
opencv-contrib-python-headless
3
bleach
3
frappe
3
inventree
3
pysaml2
3
nautobot
3
whoogle-search
3
Moin
3
jupyterhub
3
ipython
3
mercurial
3
ajenti
3
scrapy
3
litellm
3
FreeTAKServer-UI
3
Keystone
3
barbican
3
micropython-copy
3
streamlit
3
feedparser
3
fava
3
micropython-io
3
buildbot
3
numpy
3
opencv-python-headless
3
tuf
3
datasette
3
wasmtime
3
asyncssh
2
eth-abi
2
wagtail-2fa
2
Zope2
2
PostQuantum-Feldman-VSS
2
mlx
2
SOAPpy
2
exiv2
2
octoprint
2
MaterialX
2
llama-index
2
langflow
2
dagster
2
django-cms
2
httplib2
2
python-keystoneclient
2
pycares
2
xml2rfc
2
CherryMusic
2
wasm3
2
ipsilon
2
sosreport
2
aiosmtpd
2
ubi-reader
2
Zope
2
python-cjson
2
html5lib
2
Red-DiscordBot
2
archivy
2
xgrammar
2
ms-swift
2
zope2
2
social-auth-app-django
2
invenio-communities
2
jupyterlab
2
ujson
2
langchain-community
2
Products.PluggableAuthService
2
h2o
2
homeassistant
2
signxml
2
tripleo-ansible
2
clearml
2
django-unicorn
2
keylime
2
libosdp
2
fastapi-admin
2
ryu
2
llama-index-core
2
ansible-runner
2
Werkzeug
2
pywasm3
2
sickrage
2
docassemble.webapp
2
dompurify
2
lmdeploy
2
pydantic
2
khoj
2
starlette
2
pymongo
2
fastmcp
2
mistune
2
kiwitcms
2
pretix
2
openzeppelin-cairo-contracts
2
yt-dlp
2
bbot
2
in-toto
2
Filter by Repository
https://github.com/tensorflow/tensorflow
200
https://github.com/django/django
50
https://github.com/apache/airflow
44
https://github.com/mmaitre314/picklescan
34
https://github.com/ansible/ansible
26
https://github.com/plone/Products.CMFPlone
20
https://github.com/openstack/nova
18
https://github.com/matrix-org/synapse
16
https://github.com/ikus060/rdiffweb
16
https://github.com/gradio-app/gradio
16
https://github.com/vyperlang/vyper
15
https://github.com/PaddlePaddle/Paddle
14
https://github.com/saltstack/salt
14
https://github.com/huggingface/transformers
12
https://github.com/openstack/keystone
11
https://github.com/aio-libs/aiohttp
10
https://github.com/vllm-project/vllm
10
https://github.com/dpgaspar/Flask-AppBuilder
9
https://github.com/OctoPrint/OctoPrint
9
https://github.com/urllib3/urllib3
9
https://github.com/ckan/ckan
8
https://github.com/pyload/pyload
8
https://github.com/apache/superset
8
https://github.com/onionshare/onionshare
8
https://github.com/modoboa/modoboa
8
https://github.com/openstack/glance
8
https://github.com/python-pillow/Pillow
7
https://github.com/zenml-io/zenml
7
https://github.com/py-pdf/pypdf
7
https://github.com/janeczku/calibre-web
7
https://github.com/opencv/opencv
7
https://github.com/openstack/horizon
7
https://github.com/jupyter/notebook
7
https://github.com/scrapy/scrapy
7
https://github.com/MobSF/Mobile-Security-Framework-MobSF
7
https://github.com/lxml/lxml
6
https://github.com/psf/requests
6
https://github.com/run-llama/llama_index
6
https://github.com/roundup-tracker/roundup
6
https://github.com/wagtail/wagtail
6
https://github.com/pallets/jinja
6
https://github.com/giampaolo/pyftpdlib
6
https://github.com/vantage6/vantage6
6
https://github.com/twisted/twisted
6
https://github.com/9001/copyparty
5
https://github.com/mlflow/mlflow
5
https://github.com/ethyca/fides
5
https://github.com/indico/indico
5
https://github.com/pgadmin-org/pgadmin4
5
https://github.com/langchain-ai/langchain
5
https://github.com/Ericsson/codechecker
4
https://github.com/matrix-org/sydent
4
https://github.com/Pylons/waitress
4
https://github.com/HumanSignal/label-studio
4
https://github.com/snowflakedb/snowflake-connector-python
4
https://github.com/corydolphin/flask-cors
4
https://github.com/pyca/cryptography
4
https://github.com/jupyter-server/jupyter_server
4
https://github.com/python-ldap/python-ldap
4
https://github.com/tornadoweb/tornado
4
https://github.com/openstack/cinder
4
https://github.com/cobbler/cobbler
4
https://github.com/ComposioHQ/composio
4
https://github.com/element-hq/synapse
4
https://github.com/pypa/pip
4
https://github.com/getsentry/sentry
4
https://github.com/man-group/dtale
4
https://github.com/pallets/werkzeug
4
https://github.com/lief-project/LIEF
4
https://github.com/latchset/jwcrypto
4
https://github.com/dgtlmoon/changedetection.io
3
https://github.com/khoj-ai/khoj
3
https://github.com/saleor/saleor
3
https://github.com/streamlit/streamlit
3
https://github.com/AcademySoftwareFoundation/openexr
3
https://github.com/beancount/fava
3
https://github.com/jupyterlab/jupyterlab
3
https://github.com/frappe/frappe
3
https://github.com/mozilla/bleach
3
https://github.com/octoprint/octoprint
3
https://github.com/aimhubio/aim
3
https://gitlab.com/mayan-edms/mayan-edms
3
https://github.com/zopefoundation/AccessControl
3
https://github.com/FreeTAKTeam/UI
3
https://github.com/mindsdb/mindsdb
3
https://github.com/graphite-project/graphite-web
3
https://github.com/micropython/micropython
3
https://github.com/simonw/datasette
3
https://github.com/stephenmcd/mezzanine
3
https://github.com/benbusby/whoogle-search
3
https://github.com/Cog-Creators/Red-DiscordBot
3
https://github.com/WeblateOrg/weblate
3
https://github.com/Exiv2/exiv2
3
https://sourceforge.net/projects/sourceforge.net
3
https://github.com/nautobot/nautobot
3
https://github.com/BerriAI/litellm
3
https://github.com/ome/omero-web
3
https://github.com/bytecodealliance/wasmtime
3
https://github.com/aws/aws-sam-cli
3
https://github.com/mlc-ai/xgrammar
3
https://github.com/openstack/swift
3
https://github.com/eventlet/eventlet
3
https://github.com/numpy/numpy
3
https://github.com/ipython/ipython
3
https://github.com/web2py/web2py
2
https://github.com/zopefoundation/Zope
2
https://github.com/wasm3/wasm3
2
https://github.com/geyang/ml-logger
2
https://github.com/encode/starlette
2
https://github.com/IdentityPython/pysaml2
2
https://github.com/sosreport/sos
2
https://github.com/ietf-tools/xml2rfc
2
https://github.com/ansible/ansible-runner
2
https://github.com/ethereum/eth-abi
2
https://github.com/openstack/neutron
2
https://github.com/djblets/djblets
2
https://github.com/python-social-auth/social-app-django
2
https://github.com/yt-dlp/yt-dlp
2
https://github.com/html5lib/html5lib-python
2
https://github.com/dagster-io/dagster
2
https://github.com/tryton/trytond
2
https://github.com/facebookresearch/ParlAI
2
https://github.com/moinwiki/moin-1.9
2
https://github.com/pretix/pretix
2
https://github.com/saghul/pycares
2
https://github.com/modelscope/ms-swift
2
https://github.com/mongodb/mongo-python-driver
2
https://github.com/open-webui/open-webui
2
https://github.com/XML-Security/signxml
2
https://github.com/archivy/archivy
2
https://github.com/OpenZeppelin/cairo-contracts
2
https://github.com/keylime/keylime
2
https://github.com/faucetsdn/ryu
2
https://github.com/adamghill/django-unicorn
2
https://github.com/AcademySoftwareFoundation/MaterialX
2
https://github.com/httplib2/httplib2
2
https://github.com/trentm/python-markdown2
2
https://github.com/plone/Products.ATContentTypes
2
https://github.com/aio-libs/aiosmtpd
2
https://github.com/blacklanternsecurity/bbot
2
https://github.com/erdogant/pypickle
2
https://github.com/devsnd/cherrymusic
2
https://github.com/httpie/httpie
2
https://github.com/jlowin/fastmcp
2
https://github.com/bbangert/beaker
2
https://github.com/jhpyle/docassemble
2
https://github.com/astral-sh/uv
2
https://github.com/DavidOsipov/PostQuantum-Feldman-VSS
2
https://github.com/SiCKRAGE/SiCKRAGE
2
https://github.com/labd/wagtail-2fa
2
https://github.com/ronf/asyncssh
2
https://github.com/lepture/mistune
2
https://github.com/keras-team/keras
2
https://github.com/inventree/InvenTree
2
https://github.com/home-assistant/core
2
https://github.com/theupdateframework/tuf
2
https://github.com/parisneo/lollms
2
https://github.com/InternLM/lmdeploy
2
https://github.com/inveniosoftware/invenio-communities
2
https://github.com/goToMain/libosdp
2
https://github.com/nexB/scancode.io
2
https://github.com/jrspruitt/ubi_reader
2
https://github.com/jupyterhub/jupyterhub
2
https://github.com/cure53/DOMPurify
2
https://github.com/fastapi-admin/fastapi-admin
2
https://github.com/inventree/inventree
1
https://github.com/google-deepmind/reverb
1
https://github.com/ansible/ansible-modules-core
1
https://github.com/python-hyper/h2
1
https://github.com/edx/RecommenderXBlock
1
https://github.com/Netflix/security_monkey
1
https://github.com/zopefoundation/Products.GenericSetup
1
https://github.com/redis/redis-py
1
https://github.com/aws/aws-encryption-sdk-python
1
https://github.com/aws/sagemaker-training-toolkit
1
https://github.com/Unstructured-IO/unstructured
1
https://github.com/modelscope/agentscope
1
https://github.com/mozilla/PollBot
1
https://github.com/contentful/the-example-app.py
1
https://github.com/zhmcclient/python-zhmcclient
1
https://github.com/nitely/spirit
1
https://github.com/CybercentreCanada/assemblyline
1
https://github.com/jupyter/jupyter_server
1
https://github.com/sqlfluff/sqlfluff
1
https://github.com/sehmaschine/django-grappelli
1
https://github.com/bayuncao/vul-cve-20
1
https://github.com/Flask-Middleware/flask-security
1
https://github.com/huggingface/smolagents
1
https://github.com/openexr/openexr
1
https://github.com/collective/collective.task
1
https://github.com/opsmill/infrahub
1
https://github.com/openstack/python-openstackclient
1
https://github.com/aquynh/capstone
1
https://github.com/cyface/django-termsandconditions
1
https://github.com/shenhav12/CVE-2024-25169-Mezzanine-v6.0.0
1
https://github.com/calix2/pyVulApp
1
https://github.com/themanojdesai/python-a2a
1
https://github.com/hanwentao/html2csv
1
https://github.com/nonebot/nonebot2
1