pypi
755,850 packages · pypi.org
Security Advisories in pypi
High
over 1 year ago
Arbitrary HTML present after sanitization because of unicode normalization
pypi
html-sanitizer
High
over 1 year ago
Werkzeug debugger vulnerable to remote execution when interacting with attacker controlled domain
pypi
Werkzeug
Moderate
over 1 year ago
Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter
pypi
Jinja2
Moderate
over 1 year ago
Gradio's Component Server does not properly consider` _is_server_fn` for functions
pypi
gradio
High
over 1 year ago
sagemaker-python-sdk vulnerable to Deserialization of Untrusted Data
pypi
sagemaker
Moderate
over 1 year ago
changedetection.io Cross-site Scripting vulnerability
pypi
changedetection.io
High
over 1 year ago
aiohttp vulnerable to Denial of Service when trying to parse malformed POST requests
pypi
aiohttp
High
over 1 year ago
pgAdmin Cross-site Scripting vulnerability in /settings/store API response json payload
pypi
pgAdmin4
Moderate
over 1 year ago
pgAdmin is affected by a multi-factor authentication bypass vulnerability
pypi
pgadmin4
High
over 1 year ago
nautobot has reflected Cross-site Scripting potential in all object list views
pypi
nautobot
Moderate
over 1 year ago
dcnnt-py is vulnerable to command injection via Notification Handler
pypi
dcnnt
Moderate
over 1 year ago
vyper performs double eval of the slice start/length args in certain cases
pypi
vyper
Moderate
over 1 year ago
social-auth-app-django affected by Improper Handling of Case Sensitivity
pypi
social-auth-app-django
Moderate
over 1 year ago
Synapse V2 state resolution weakness allows Denial of Service (DoS)
pypi
matrix-synapse
Low
over 1 year ago
Improper Certificate Validation vulnerability in Apache Airflow FTP Provider
pypi
apache-airflow-providers-ftp
Moderate
over 1 year ago
flask-cors vulnerable to log injection when the log level is set to debug
pypi
flask-cors
Moderate
over 1 year ago
aiohttp Cross-site Scripting vulnerability on index pages for static file handling
pypi
aiohttp
Moderate
over 1 year ago
Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used
pypi
apache-airflow
High
over 1 year ago
Request smuggling leading to endpoint restriction bypass in Gunicorn
pypi
gunicorn
Moderate
over 1 year ago
OpenStack magnum vulnerable to time-of-check to time-of-use (TOCTOU) attack
pypi
magnum
Moderate
over 1 year ago
Internationalized Domain Names in Applications (IDNA) vulnerable to denial of service from specially crafted inputs to idna.encode
pypi
idna
Moderate
over 1 year ago
Potential DoS via the Tudoor mechanism in eventlet and dnspython
pypi
dnspython, eventlet
High
over 1 year ago
Aim Cross-Site Request Forgery vulnerability allows user to delete runs and perform other operations
pypi
aim
Critical
over 1 year ago
llama-index-core Prompt Injection vulnerability leading to Arbitrary Code Execution
pypi
llama-index-core
Critical
over 1 year ago
LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint
pypi
litellm
High
over 1 year ago
yt-dlp: `--exec` command injection when using `%q` in yt-dlp on Windows (Bypass of CVE-2023-40581)
pypi
yt-dlp
Moderate
over 1 year ago
Mobile Security Framework (MobSF) vulnerable to SSRF in firebase database check
pypi
mobsf
High
over 1 year ago
Piccolo Admin's raw SVG loading may lead to complete data compromise from admin page
pypi
piccolo-admin
High
over 1 year ago
aliyundrive-webdav vulnerable to Command Injection
pypi, cargo
aliyundrive-webdav
Moderate
over 1 year ago
Saleor: Customers' addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method
pypi
saleor
High
over 1 year ago
Cross site scripting (XSS) in JupyterHub via Self-XSS leveraged by Cookie Tossing
pypi
jupyterhub
Moderate
over 1 year ago
Apache Airflow Improper Preservation of Permissions vulnerability
pypi
apache-airflow
Moderate
over 1 year ago
LangChain's XMLOutputParser vulnerable to XML Entity Expansion
pypi
langchain-core
High
over 1 year ago
ansys-geometry-core OS Command Injection vulnerability
pypi
ansys-geometry-core
High
over 1 year ago
PaddlePaddle allows arbitrary file read via paddle.vision.ops.read_file
pypi
paddlepaddle
High
over 1 year ago
ESPHome vulnerable to Authentication bypass via Cross site request forgery
pypi
esphome
High
over 1 year ago
GoogleOAuthenticator.hosted_domain incorrectly verifies membership of an Google organization/workspace
pypi
oauthenticator
Moderate
over 1 year ago
`qiskit_ibm_runtime.RuntimeDecoder` can execute arbitrary code
pypi
qiskit-ibm-runtime
Filter by Severity
Filter by Package
tensorflow
433
tensorflow-cpu
409
tensorflow-gpu
394
apache-airflow
89
Django
89
salt
65
ansible
64
apache-superset
61
mlflow
55
Plone
54
django
48
nova
48
vyper
44
gradio
44
matrix-synapse
43
rdiffweb
42
plone
41
picklescan
39
moin
35
keystone
32
vllm
31
opencv-python
31
opencv-contrib-python
31
Pillow
28
pillow
28
open-webui
27
pyload-ng
24
glance
21
ethyca-fides
20
aim
20
neutron
19
langchain
19
transformers
19
cobbler
18
mindsdb
18
mercurial
18
calibreweb
17
notebook
17
cryptography
17
OctoPrint
17
paddlepaddle
16
pgadmin4
16
lollms
16
PaddlePaddle
16
h2o
15
aiohttp
15
urllib3
14
modoboa
14
zenml
14
litellm
14
pyftpdlib
14
mobsf
14
vantage6
14
roundup
13
twisted
12
sentry
12
wagtail
12
swift
12
nautobot
12
horizon
11
onionshare-cli
11
waitress
11
label-studio
11
ckan
11
ai.h2o:h2o-core
11
trytond
10
opencv-python-headless
10
Flask-AppBuilder
10
kiwitcms
9
changedetection.io
9
keras
9
opencv-contrib-python-headless
9
cinder
9
ryu
9
zope
9
agentscope
9
lief
9
llama-index
9
dbgpt
8
aubio
8
ipython
8
llama-index-core
8
trac
8
Zope
8
pip
8
copyparty
8
indico
8
tornado
8
bentoml
8
python-keystoneclient
8
numpy
8
Zope2
8
requests
7
scrapy
7
jupyter-server
7
codechecker
7
executorch
7
inventree
7
matrix-sydent
7
web2py
7
pysaml2
7
yt-dlp
6
mailman
6
lxml
6
torchserve
6
OpenEXR
6
tuf
6
mage-ai
6
Moin
6
dtale
6
graphite-web
6
ansible-core
6
snowflake-connector-python
6
apache-airflow-providers-apache-hive
6
Jinja2
6
Mezzanine
6
langflow
6
torch
6
whoogle-search
6
Weblate
5
pypdf
5
nltk
5
langchain-community
5
oauthenticator
5
grpcio
5
onnx
5
open-webui
5
keylime
5
bleach
5
grpc
5
pretix
5
python-gnupg
5
mitmproxy
5
lmdb
5
esphome
5
saleor
5
jupyterlab
5
werkzeug
5
composio-core
5
fschat
5
omero-web
5
jupyterhub
5
ray
5
starlette
5
feedparser
5
mayan-edms
5
Products.CMFPlone
5
homeassistant
5
ait-core
5
langchain-experimental
5
weblate
5
Werkzeug
5
jwcrypto
4
bottle
4
llamafactory
4
flask-cors
4
Flask-Security-Too
4
flask
4
Pygments
4
software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
4
litestar
4
motioneye
4
FreeTAKServer-UI
4
paramiko
4
setuptools
4
PyPDF2
4
streamlit
4
aws-iot-device-sdk-v2
4
bbot
4
pyspark
4
xml2rfc
4
tripleo-heat-templates
4
skops
4
buildbot
4
Keystone
4
nvflare
4
octoprint
4
langchain-core
4
barbican
4
datasette
4
Radicale
4
jinja2
4
authlib
4
Scrapy
4
RestrictedPython
4
InvokeAI
4
reportlab
4
flask-appbuilder
4
qutebrowser
4
python-ldap
4
pywasm3
4
indy-node
4
dbt-core
4
GitPython
4
httpie
4
awsiotsdk
4
koji
4
pytorch-lightning
4
pandasai
4
Nova
4
Filter by Repository
https://github.com/tensorflow/tensorflow
433
https://github.com/django/django
121
https://github.com/apache/airflow
105
https://github.com/ansible/ansible
59
https://github.com/python-pillow/Pillow
52
https://github.com/vyperlang/vyper
44
https://github.com/saltstack/salt
42
https://github.com/ikus060/rdiffweb
42
https://github.com/mmaitre314/picklescan
39
https://github.com/gradio-app/gradio
39
https://github.com/openstack/nova
38
https://github.com/plone/Products.CMFPlone
37
https://github.com/mlflow/mlflow
36
https://github.com/opencv/opencv
32
https://github.com/matrix-org/synapse
32
https://github.com/PaddlePaddle/Paddle
31
https://github.com/openstack/keystone
28
https://github.com/vllm-project/vllm
25
https://github.com/langchain-ai/langchain
25
https://github.com/run-llama/llama_index
24
https://github.com/pyload/pyload
24
https://github.com/ethyca/fides
20
https://github.com/huggingface/transformers
19
https://github.com/vantage6/vantage6
17
https://github.com/mindsdb/mindsdb
17
https://github.com/pyca/cryptography
16
https://github.com/MobSF/Mobile-Security-Framework-MobSF
15
https://github.com/aio-libs/aiohttp
15
https://github.com/cobbler/cobbler
15
https://github.com/apache/superset
14
https://github.com/urllib3/urllib3
14
https://github.com/pgadmin-org/pgadmin4
14
https://github.com/dpgaspar/Flask-AppBuilder
14
https://github.com/twisted/twisted
14
https://github.com/janeczku/calibre-web
14
https://github.com/zenml-io/zenml
13
https://github.com/modoboa/modoboa
13
https://github.com/h2oai/h2o-3
13
https://github.com/OctoPrint/OctoPrint
13
https://github.com/nautobot/nautobot
12
https://github.com/openstack/glance
12
https://github.com/getsentry/sentry
12
https://github.com/wagtail/wagtail
12
https://github.com/parisneo/lollms
11
https://github.com/open-webui/open-webui
11
https://github.com/Pylons/waitress
11
https://github.com/onionshare/onionshare
11
https://github.com/scrapy/scrapy
11
https://github.com/HumanSignal/label-studio
10
https://github.com/ckan/ckan
10
https://github.com/WeblateOrg/weblate
10
https://github.com/jupyter/notebook
10
https://github.com/lief-project/LIEF
9
https://github.com/element-hq/synapse
9
https://github.com/keras-team/keras
9
https://github.com/BerriAI/litellm
9
https://github.com/giampaolo/pyftpdlib
9
https://github.com/zopefoundation/Zope
9
https://github.com/openstack/horizon
9
https://github.com/faucetsdn/ryu
9
https://github.com/aimhubio/aim
9
https://github.com/ipython/ipython
8
https://github.com/tornadoweb/tornado
8
https://github.com/pallets/werkzeug
8
https://github.com/numpy/numpy
8
https://github.com/octoprint/octoprint
8
https://github.com/9001/copyparty
8
https://github.com/openstack/neutron
8
https://github.com/kiwitcms/Kiwi
8
https://github.com/dgtlmoon/changedetection.io
8
https://github.com/jupyter-server/jupyter_server
7
https://github.com/indico/indico
7
https://github.com/py-pdf/pypdf
7
https://github.com/pypa/pip
7
https://github.com/pytorch/executorch
7
https://github.com/aubio/aubio
7
https://github.com/Ericsson/codechecker
7
https://sourceforge.net/projects/sourceforge.net
7
https://github.com/openstack/cinder
7
https://github.com/openstack/swift
7
https://github.com/pytorch/pytorch
7
https://github.com/pallets/jinja
7
https://github.com/modelscope/agentscope
6
https://github.com/man-group/dtale
6
https://github.com/psf/requests
6
https://github.com/matrix-org/sydent
6
https://github.com/jupyterlab/jupyterlab
6
https://github.com/benbusby/whoogle-search
6
https://github.com/roundup-tracker/roundup
6
https://github.com/lxml/lxml
6
https://github.com/corydolphin/flask-cors
6
https://github.com/snowflakedb/snowflake-connector-python
6
https://github.com/graphite-project/graphite-web
6
https://github.com/keylime/keylime
6
https://github.com/yt-dlp/yt-dlp
6
https://github.com/inventree/InvenTree
5
https://github.com/tryton/trytond
5
https://github.com/onnx/onnx
5
https://github.com/jupyterhub/oauthenticator
5
https://github.com/mitmproxy/mitmproxy
5
https://github.com/esphome/esphome
5
https://github.com/bentoml/BentoML
5
https://github.com/pytorch/serve
5
https://github.com/TeamSeri0us/pocs
5
https://github.com/encode/starlette
5
https://github.com/home-assistant/core
5
https://github.com/ComposioHQ/composio
5
https://github.com/mozilla/bleach
5
https://github.com/gitpython-developers/GitPython
5
https://github.com/hwchase17/langchain
5
https://github.com/ome/omero-web
5
https://github.com/ray-project/ray
5
https://github.com/Exiv2/exiv2
5
https://github.com/django-helpdesk/django-helpdesk
4
https://github.com/Kozea/Radicale
4
https://github.com/python-ldap/python-ldap
4
https://github.com/NVIDIA/NVFlare
4
https://github.com/jupyterhub/jupyterhub
4
https://github.com/hiyouga/LLaMA-Factory
4
https://github.com/web2py/web2py
4
https://github.com/berriai/litellm
4
https://github.com/ietf-tools/xml2rfc
4
https://github.com/aws/aws-iot-device-sdk-java-v2
4
https://github.com/jhpyle/docassemble
4
https://github.com/FreeTAKTeam/UI
4
https://github.com/wasm3/wasm3
4
https://github.com/nltk/nltk
4
https://github.com/frappe/frappe
4
https://github.com/mlc-ai/xgrammar
4
https://github.com/latchset/jwcrypto
4
https://github.com/streamlit/streamlit
4
https://github.com/hyperledger/indy-node
4
https://github.com/zopefoundation/RestrictedPython
4
https://github.com/AcademySoftwareFoundation/openexr
4
https://github.com/litestar-org/litestar
4
https://github.com/pypa/setuptools
4
https://github.com/Cog-Creators/Red-DiscordBot
4
https://github.com/qutebrowser/qutebrowser
4
https://github.com/eosphoros-ai/DB-GPT
4
https://github.com/blacklanternsecurity/bbot
4
https://github.com/rohe/pysaml2
4
https://github.com/bottlepy/bottle
4
https://github.com/AcademySoftwareFoundation/MaterialX
4
https://github.com/ronf/asyncssh
4
https://github.com/langflow-ai/langflow
4
https://github.com/simonw/datasette
4
https://github.com/pallets/flask
4
https://github.com/saleor/saleor
4
https://github.com/pretix/pretix
4
https://github.com/grpc/grpc
4
https://github.com/dbt-labs/dbt-core
4
https://github.com/jpadilla/pyjwt
3
https://github.com/openstack/python-keystoneclient
3
https://github.com/eventlet/eventlet
3
https://github.com/moinwiki/moin-1.9
3
https://github.com/ankitects/anki
3
https://github.com/gventuri/pandas-ai
3
https://github.com/astral-sh/uv
3
https://github.com/theupdateframework/python-tuf
3
https://github.com/benoitc/gunicorn
3
https://github.com/aws/sagemaker-python-sdk
3
https://github.com/langchain-ai/langgraph
3
https://github.com/Kludex/python-multipart
3
https://github.com/aws/aws-sam-cli
3
https://github.com/furlongm/openvpn-monitor
3
https://github.com/langroid/langroid
3
https://github.com/djblets/djblets
3
https://github.com/mpdavis/python-jose
3
https://github.com/IdentityPython/pysaml2
3
https://github.com/impredicative/bitlyshortener
3
https://github.com/andialbrecht/sqlparse
3
https://github.com/Flask-Middleware/flask-security
3
https://github.com/pyinstaller/pyinstaller
3
https://github.com/dlitz/pycrypto
3
https://github.com/openstack/octavia
3
https://github.com/khoj-ai/khoj
3
https://github.com/openstack/ironic
3
https://github.com/chatchat-space/Langchain-Chatchat
3
https://github.com/Project-MONAI/MONAI
3
https://github.com/adamghill/django-unicorn
3
https://github.com/poezio/slixmpp
3
https://github.com/pyca/pyopenssl
3
https://github.com/ansible/ansible-runner
3
https://github.com/lepture/mistune
3
https://github.com/geyang/ml-logger
3
https://github.com/certifi/python-certifi
3
https://github.com/python/cpython
3
https://github.com/pygments/pygments
3
https://github.com/theupdateframework/tuf
3
https://github.com/sosreport/sos
3
https://github.com/Gerapy/Gerapy
3
https://github.com/micropython/micropython
3
https://github.com/zauberzeug/nicegui
3
https://github.com/trentm/python-markdown2
3
https://github.com/authlib/authlib
3
https://github.com/yaml/pyyaml
3
https://github.com/stephenmcd/mezzanine
3
https://github.com/DavidOsipov/PostQuantum-Feldman-VSS
3
https://github.com/GeoNode/geonode
3