pypi
755,850 packages · pypi.org
Security Advisories in pypi
Critical
over 1 year ago
Jupyter Server Proxy's Websocket Proxying does not require authentication
pypi
jupyter-server-proxy
Moderate
over 1 year ago
Black vulnerable to Regular Expression Denial of Service (ReDoS)
pypi
black
Moderate
over 1 year ago
XSS via the "Snapshot Test" feature in Classic Webcam plugin settings
pypi
OctoPrint
Low
over 1 year ago
Improper Privilege Management in djangorestframework-simplejwt
pypi
djangorestframework-simplejwt
Moderate
over 1 year ago
vantage6 vulnerable to a username timing attack on recover password/MFA token
pypi
vantage6
Critical
over 1 year ago
Whoogle Search Server-Side Request Forgery vulnerability
pypi
whoogle-search
High
over 1 year ago
Remote Code Execution Vulnerability in Microsoft Django Backend for SQL Server
pypi
mssql-django
High
over 1 year ago
WeasyPrint allows the attachment of arbitrary files and URLs to a PDF
pypi
weasyprint
Moderate
over 1 year ago
Django MarkdownX Cross-Site Scripting (XSS) vulnerability
pypi
django-markdownx
Critical
over 1 year ago
pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated user
pypi
pgAdmin4
High
over 1 year ago
PaddlePaddle command injection in paddle.utils.download._wget_download
pypi
paddlepaddle
Moderate
over 1 year ago
JWCrypto vulnerable to JWT bomb Attack in `deserialize` function
pypi
jwcrypto
High
over 1 year ago
RPyC's missing security check results in code execution when using numpy.array on the server-side.
pypi
rpyc
Moderate
over 1 year ago
esphome vulnerable to stored Cross-site Scripting in edit configuration file API
pypi
esphome
High
over 1 year ago
ESPHome vulnerable to remote code execution via arbitrary file write
pypi
esphome
Moderate
over 1 year ago
Apache Airflow: Incorrect Default Permissions in audit logs for Ops and Viewers users
pypi
apache-airflow
High
over 1 year ago
Docassemble unauthorized access through URL manipulation
pypi
docassemble.base, docassemble.webapp
Moderate
over 1 year ago
Apache Airflow: DAG Code and Import Error Permissions Ignored
pypi
apache-airflow
Moderate
over 1 year ago
Mezzanine allows attackers to bypass access control mechanisms
pypi
Mezzanine
Moderate
over 1 year ago
Mezzanine allows attackers to bypass access controls via manipulating the Host header
pypi
Mezzanine
Critical
over 1 year ago
Flask-AppBuilder vulnerable to incorrect authentication when using auth type OpenID
pypi
Flask-AppBuilder
Moderate
over 1 year ago
Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS)
pypi
Flask-AppBuilder
Moderate
over 1 year ago
Apache Superset: Improper data authorization when creating a new dataset
pypi
apache-superset
Moderate
over 1 year ago
Apache Superset: Improper authorization validation on dashboards and charts import
pypi
apache-superset
Moderate
over 1 year ago
Apache Superset: Improper Neutralization of custom SQL on embedded context
pypi
apache-superset
Moderate
over 1 year ago
Apache Superset: Improper validation of SQL statements allows for unauthorized access to data
pypi
apache-superset
Low
over 1 year ago
PyPop C extensions possible vulnerability: missing arguments and redundant null pointers
pypi
pypop-genomics
Critical
over 1 year ago
LangChain Experimental vulnerable to arbitrary code execution
pypi
langchain-experimental
Critical
over 1 year ago
MLFlow Cross-site Scripting vulnerability leads to client-side Remote Code Execution
pypi
mlflow
Moderate
almost 2 years ago
Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config
pypi
label-studio
High
almost 2 years ago
cryptography NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override
pypi
cryptography
Critical
almost 2 years ago
pymatgen vulnerable to arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string
pypi
pymatgen
Critical
almost 2 years ago
Improper Certificate Validation in apache airflow mongo hook
pypi
apache-airflow-providers-mongo
Low
almost 2 years ago
tuf's Metadata API: Targets.get_delegated_role() is missing input validation
pypi
tuf
High
almost 2 years ago
python-multipart vulnerable to Content-Type Header ReDoS
pypi
python-multipart
Low
almost 2 years ago
commonground-api-common unexploitable privilege escalation in JWT authentication middleware
pypi
vng-api-common-utrecht, vng-api-common, commonground-api-common
Moderate
almost 2 years ago
NoneBot Potential Information Leak in User-Constructed Message Templates
pypi
nonebot2
High
almost 2 years ago
Kinto Attachment's attachments can be replaced on read-only records
pypi
kinto-attachment
Critical
almost 2 years ago
DIRAC's TokenManager does not check permissions on cached tokens
pypi
DIRAC
Critical
almost 2 years ago
SQLAlchemyDA unauthenticated arbitrary SQL query execution
pypi
Products.SQLAlchemyDA
High
almost 2 years ago
Allegro AI ClearML vulnerable to deserialization of untrusted data
pypi
clearml
Moderate
almost 2 years ago
Allegro AI ClearML Stores Credentials in Plaintext in MongoDB Instance
pypi
clearml
Moderate
almost 2 years ago
pyLoad open redirect vulnerability due to improper validation of the is_safe_url function
pypi
pyload-ng
Moderate
almost 2 years ago
m2crypto Bleichenbacher timing attack - incomplete fix for CVE-2020-25657
pypi
m2crypto
High
almost 2 years ago
Python Cryptography package vulnerable to Bleichenbacher timing oracle attack
pypi
cryptography
Low
almost 2 years ago
Vyper's external calls can overflow return data to return input buffer
pypi
vyper
Moderate
almost 2 years ago
Dash apps vulnerable to Cross-site Scripting
npm, pypi
dash-html-components, dash, dash-core-components
Critical
almost 2 years ago
Vyper's bounds check on built-in `slice()` function can be overflowed
pypi
vyper
Moderate
almost 2 years ago
OctoPrint Unverified Password Change via Access Control Settings
pypi
OctoPrint
Moderate
almost 2 years ago
Label Studio SSRF on Import Bypassing `SSRF_PROTECTION_ENABLED` Protections
pypi
label-studio
Low
almost 2 years ago
vantage6 may create unencrypted tasks in encrypted collaboration
pypi
vantage6
Filter by Severity
Filter by Package
tensorflow
433
tensorflow-cpu
409
tensorflow-gpu
394
apache-airflow
89
Django
89
salt
65
ansible
64
apache-superset
61
mlflow
55
Plone
54
django
48
nova
48
vyper
44
gradio
44
matrix-synapse
43
rdiffweb
42
plone
41
picklescan
39
moin
35
keystone
32
vllm
31
opencv-python
31
opencv-contrib-python
31
Pillow
28
pillow
28
open-webui
27
pyload-ng
24
glance
21
ethyca-fides
20
aim
20
neutron
19
langchain
19
transformers
19
cobbler
18
mindsdb
18
mercurial
18
calibreweb
17
notebook
17
cryptography
17
OctoPrint
17
paddlepaddle
16
pgadmin4
16
lollms
16
PaddlePaddle
16
h2o
15
aiohttp
15
urllib3
14
modoboa
14
zenml
14
litellm
14
pyftpdlib
14
mobsf
14
vantage6
14
roundup
13
twisted
12
sentry
12
wagtail
12
swift
12
nautobot
12
horizon
11
onionshare-cli
11
waitress
11
label-studio
11
ckan
11
ai.h2o:h2o-core
11
trytond
10
opencv-python-headless
10
Flask-AppBuilder
10
kiwitcms
9
changedetection.io
9
keras
9
opencv-contrib-python-headless
9
cinder
9
ryu
9
zope
9
agentscope
9
lief
9
llama-index
9
dbgpt
8
aubio
8
ipython
8
llama-index-core
8
trac
8
Zope
8
pip
8
copyparty
8
indico
8
tornado
8
bentoml
8
python-keystoneclient
8
numpy
8
Zope2
8
requests
7
scrapy
7
jupyter-server
7
codechecker
7
executorch
7
inventree
7
matrix-sydent
7
web2py
7
pysaml2
7
yt-dlp
6
mailman
6
lxml
6
torchserve
6
OpenEXR
6
tuf
6
mage-ai
6
Moin
6
dtale
6
graphite-web
6
ansible-core
6
snowflake-connector-python
6
apache-airflow-providers-apache-hive
6
Jinja2
6
Mezzanine
6
langflow
6
torch
6
whoogle-search
6
Weblate
5
pypdf
5
nltk
5
langchain-community
5
oauthenticator
5
grpcio
5
onnx
5
open-webui
5
keylime
5
bleach
5
grpc
5
pretix
5
python-gnupg
5
mitmproxy
5
lmdb
5
esphome
5
saleor
5
jupyterlab
5
werkzeug
5
composio-core
5
fschat
5
omero-web
5
jupyterhub
5
ray
5
starlette
5
feedparser
5
mayan-edms
5
Products.CMFPlone
5
homeassistant
5
ait-core
5
langchain-experimental
5
weblate
5
Werkzeug
5
jwcrypto
4
bottle
4
llamafactory
4
flask-cors
4
Flask-Security-Too
4
flask
4
Pygments
4
software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
4
litestar
4
motioneye
4
FreeTAKServer-UI
4
paramiko
4
setuptools
4
PyPDF2
4
streamlit
4
aws-iot-device-sdk-v2
4
bbot
4
pyspark
4
xml2rfc
4
tripleo-heat-templates
4
skops
4
buildbot
4
Keystone
4
nvflare
4
octoprint
4
langchain-core
4
barbican
4
datasette
4
Radicale
4
jinja2
4
authlib
4
Scrapy
4
RestrictedPython
4
InvokeAI
4
reportlab
4
flask-appbuilder
4
qutebrowser
4
python-ldap
4
pywasm3
4
indy-node
4
dbt-core
4
GitPython
4
httpie
4
awsiotsdk
4
koji
4
pytorch-lightning
4
pandasai
4
Nova
4
Filter by Repository
https://github.com/tensorflow/tensorflow
433
https://github.com/django/django
121
https://github.com/apache/airflow
105
https://github.com/ansible/ansible
59
https://github.com/python-pillow/Pillow
52
https://github.com/vyperlang/vyper
44
https://github.com/saltstack/salt
42
https://github.com/ikus060/rdiffweb
42
https://github.com/mmaitre314/picklescan
39
https://github.com/gradio-app/gradio
39
https://github.com/openstack/nova
38
https://github.com/plone/Products.CMFPlone
37
https://github.com/mlflow/mlflow
36
https://github.com/opencv/opencv
32
https://github.com/matrix-org/synapse
32
https://github.com/PaddlePaddle/Paddle
31
https://github.com/openstack/keystone
28
https://github.com/vllm-project/vllm
25
https://github.com/langchain-ai/langchain
25
https://github.com/run-llama/llama_index
24
https://github.com/pyload/pyload
24
https://github.com/ethyca/fides
20
https://github.com/huggingface/transformers
19
https://github.com/vantage6/vantage6
17
https://github.com/mindsdb/mindsdb
17
https://github.com/pyca/cryptography
16
https://github.com/MobSF/Mobile-Security-Framework-MobSF
15
https://github.com/aio-libs/aiohttp
15
https://github.com/cobbler/cobbler
15
https://github.com/apache/superset
14
https://github.com/urllib3/urllib3
14
https://github.com/pgadmin-org/pgadmin4
14
https://github.com/dpgaspar/Flask-AppBuilder
14
https://github.com/twisted/twisted
14
https://github.com/janeczku/calibre-web
14
https://github.com/zenml-io/zenml
13
https://github.com/modoboa/modoboa
13
https://github.com/h2oai/h2o-3
13
https://github.com/OctoPrint/OctoPrint
13
https://github.com/nautobot/nautobot
12
https://github.com/openstack/glance
12
https://github.com/getsentry/sentry
12
https://github.com/wagtail/wagtail
12
https://github.com/parisneo/lollms
11
https://github.com/open-webui/open-webui
11
https://github.com/Pylons/waitress
11
https://github.com/onionshare/onionshare
11
https://github.com/scrapy/scrapy
11
https://github.com/HumanSignal/label-studio
10
https://github.com/ckan/ckan
10
https://github.com/WeblateOrg/weblate
10
https://github.com/jupyter/notebook
10
https://github.com/lief-project/LIEF
9
https://github.com/element-hq/synapse
9
https://github.com/keras-team/keras
9
https://github.com/BerriAI/litellm
9
https://github.com/giampaolo/pyftpdlib
9
https://github.com/zopefoundation/Zope
9
https://github.com/openstack/horizon
9
https://github.com/faucetsdn/ryu
9
https://github.com/aimhubio/aim
9
https://github.com/ipython/ipython
8
https://github.com/tornadoweb/tornado
8
https://github.com/pallets/werkzeug
8
https://github.com/numpy/numpy
8
https://github.com/octoprint/octoprint
8
https://github.com/9001/copyparty
8
https://github.com/openstack/neutron
8
https://github.com/kiwitcms/Kiwi
8
https://github.com/dgtlmoon/changedetection.io
8
https://github.com/jupyter-server/jupyter_server
7
https://github.com/indico/indico
7
https://github.com/py-pdf/pypdf
7
https://github.com/pypa/pip
7
https://github.com/pytorch/executorch
7
https://github.com/aubio/aubio
7
https://github.com/Ericsson/codechecker
7
https://sourceforge.net/projects/sourceforge.net
7
https://github.com/openstack/cinder
7
https://github.com/openstack/swift
7
https://github.com/pytorch/pytorch
7
https://github.com/pallets/jinja
7
https://github.com/modelscope/agentscope
6
https://github.com/man-group/dtale
6
https://github.com/psf/requests
6
https://github.com/matrix-org/sydent
6
https://github.com/jupyterlab/jupyterlab
6
https://github.com/benbusby/whoogle-search
6
https://github.com/roundup-tracker/roundup
6
https://github.com/lxml/lxml
6
https://github.com/corydolphin/flask-cors
6
https://github.com/snowflakedb/snowflake-connector-python
6
https://github.com/graphite-project/graphite-web
6
https://github.com/keylime/keylime
6
https://github.com/yt-dlp/yt-dlp
6
https://github.com/inventree/InvenTree
5
https://github.com/tryton/trytond
5
https://github.com/onnx/onnx
5
https://github.com/jupyterhub/oauthenticator
5
https://github.com/mitmproxy/mitmproxy
5
https://github.com/esphome/esphome
5
https://github.com/bentoml/BentoML
5
https://github.com/pytorch/serve
5
https://github.com/TeamSeri0us/pocs
5
https://github.com/encode/starlette
5
https://github.com/home-assistant/core
5
https://github.com/ComposioHQ/composio
5
https://github.com/mozilla/bleach
5
https://github.com/gitpython-developers/GitPython
5
https://github.com/hwchase17/langchain
5
https://github.com/ome/omero-web
5
https://github.com/ray-project/ray
5
https://github.com/Exiv2/exiv2
5
https://github.com/django-helpdesk/django-helpdesk
4
https://github.com/Kozea/Radicale
4
https://github.com/python-ldap/python-ldap
4
https://github.com/NVIDIA/NVFlare
4
https://github.com/jupyterhub/jupyterhub
4
https://github.com/hiyouga/LLaMA-Factory
4
https://github.com/web2py/web2py
4
https://github.com/berriai/litellm
4
https://github.com/ietf-tools/xml2rfc
4
https://github.com/aws/aws-iot-device-sdk-java-v2
4
https://github.com/jhpyle/docassemble
4
https://github.com/FreeTAKTeam/UI
4
https://github.com/wasm3/wasm3
4
https://github.com/nltk/nltk
4
https://github.com/frappe/frappe
4
https://github.com/mlc-ai/xgrammar
4
https://github.com/latchset/jwcrypto
4
https://github.com/streamlit/streamlit
4
https://github.com/hyperledger/indy-node
4
https://github.com/zopefoundation/RestrictedPython
4
https://github.com/AcademySoftwareFoundation/openexr
4
https://github.com/litestar-org/litestar
4
https://github.com/pypa/setuptools
4
https://github.com/Cog-Creators/Red-DiscordBot
4
https://github.com/qutebrowser/qutebrowser
4
https://github.com/eosphoros-ai/DB-GPT
4
https://github.com/blacklanternsecurity/bbot
4
https://github.com/rohe/pysaml2
4
https://github.com/bottlepy/bottle
4
https://github.com/AcademySoftwareFoundation/MaterialX
4
https://github.com/ronf/asyncssh
4
https://github.com/langflow-ai/langflow
4
https://github.com/simonw/datasette
4
https://github.com/pallets/flask
4
https://github.com/saleor/saleor
4
https://github.com/pretix/pretix
4
https://github.com/grpc/grpc
4
https://github.com/dbt-labs/dbt-core
4
https://github.com/jpadilla/pyjwt
3
https://github.com/openstack/python-keystoneclient
3
https://github.com/eventlet/eventlet
3
https://github.com/moinwiki/moin-1.9
3
https://github.com/ankitects/anki
3
https://github.com/gventuri/pandas-ai
3
https://github.com/astral-sh/uv
3
https://github.com/theupdateframework/python-tuf
3
https://github.com/benoitc/gunicorn
3
https://github.com/aws/sagemaker-python-sdk
3
https://github.com/langchain-ai/langgraph
3
https://github.com/Kludex/python-multipart
3
https://github.com/aws/aws-sam-cli
3
https://github.com/furlongm/openvpn-monitor
3
https://github.com/langroid/langroid
3
https://github.com/djblets/djblets
3
https://github.com/mpdavis/python-jose
3
https://github.com/IdentityPython/pysaml2
3
https://github.com/impredicative/bitlyshortener
3
https://github.com/andialbrecht/sqlparse
3
https://github.com/Flask-Middleware/flask-security
3
https://github.com/pyinstaller/pyinstaller
3
https://github.com/dlitz/pycrypto
3
https://github.com/openstack/octavia
3
https://github.com/khoj-ai/khoj
3
https://github.com/openstack/ironic
3
https://github.com/chatchat-space/Langchain-Chatchat
3
https://github.com/Project-MONAI/MONAI
3
https://github.com/adamghill/django-unicorn
3
https://github.com/poezio/slixmpp
3
https://github.com/pyca/pyopenssl
3
https://github.com/ansible/ansible-runner
3
https://github.com/lepture/mistune
3
https://github.com/geyang/ml-logger
3
https://github.com/certifi/python-certifi
3
https://github.com/python/cpython
3
https://github.com/pygments/pygments
3
https://github.com/theupdateframework/tuf
3
https://github.com/sosreport/sos
3
https://github.com/Gerapy/Gerapy
3
https://github.com/micropython/micropython
3
https://github.com/zauberzeug/nicegui
3
https://github.com/trentm/python-markdown2
3
https://github.com/authlib/authlib
3
https://github.com/yaml/pyyaml
3
https://github.com/stephenmcd/mezzanine
3
https://github.com/DavidOsipov/PostQuantum-Feldman-VSS
3
https://github.com/GeoNode/geonode
3