pypi
754,222 packages · pypi.org
Security Advisories in pypi
Moderate
about 2 months ago
Llama Stack could potentially allow for remote code execution
pypi
llama-stack
Moderate
about 2 months ago
pip's fallback tar extraction doesn't check symbolic links point to extraction directory
pypi
pip
Moderate
about 2 months ago
Hugging Face Transformers vulnerable to Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer
pypi
transformers
Critical
about 2 months ago
H2O affected by a deserialization vulnerability
pypi, maven
h2o, ai.h2o:h2o-core
High
about 2 months ago
Authlib: JWS/JWT accepts unknown crit headers (RFC violation → possible authz bypass)
pypi
authlib
Critical
2 months ago
mcp-kubernetes-server has an OS Command Injection vulnerability
pypi
mcp-kubernetes-server
Moderate
2 months ago
mcp-kubernetes-server has a Command Injection vulnerability
pypi
mcp-kubernetes-server
Moderate
2 months ago
Hugging Face Transformers library has Regular Expression Denial of Service
pypi
transformers
Moderate
2 months ago
Hugging Face Transformers is vulnerable to ReDoS through its MarianTokenizer
pypi
transformers
Moderate
2 months ago
Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods
pypi
flask-appbuilder
Moderate
2 months ago
Infrahub: Deleted and expired API tokens can still authenticate
pypi
infrahub-server
Moderate
2 months ago
Indico may disclose unauthorized user details access via legacy API
pypi
indico
Critical
2 months ago
Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check
pypi
picklescan
Critical
2 months ago
Picklescan is Vulnerable to Unsafe Globals Check Bypass through Subclass Imports
pypi
picklescan
Moderate
2 months ago
SGLang Remote Code Execution Vulnerability via Unsafe Deserialization in update_weights_from_tensor
pypi
sglang
High
2 months ago
MONAI does not prevent path traversal, potentially leading to arbitrary file writes
pypi
monai
High
2 months ago
OctoPrint is Vulnerable to RCE Attacks via Unsanitized Filename in File Upload
pypi
octoprint
Moderate
2 months ago
copyparty: Sharing a single file does not fully restrict access to other files in source folder
pypi
copyparty
High
2 months ago
Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation
pypi
ethyca-fides
Moderate
2 months ago
Fides Webserver API Rate Limiting Vulnerability in Proxied Environments
pypi
ethyca-fides
Low
2 months ago
Fides has a Lack of Brute-Force Protections on Authentication Endpoints
pypi
ethyca-fides
Low
2 months ago
Fides' Admin UI User Password Change Does Not Invalidate Current Session
pypi
ethyca-fides
Critical
3 months ago
internetarchive Vulnerable to Directory Traversal in File.download()
pypi
internetarchive
High
3 months ago
pgadmin4 is affected by a Cross-Origin Opener Policy (COOP) vulnerability
pypi
pgadmin4
Critical
3 months ago
Pixar OpenUSD Sdf_PathNode Module Use-After-Free Vulnerability Leading to Potential Remote Code Execution
pypi
usd-core
High
3 months ago
Langchain Community Vulnerable to XML External Entity (XXE) Attacks
pypi
langchain-community
Critical
3 months ago
DeepDiff Class Pollution in Delta class leading to DoS, Remote Code Execution, and more
pypi
deepdiff
Low
3 months ago
MobSF Path Traversal in GET /download/<filename> using absolute filenames
pypi
mobsf
Moderate
3 months ago
MobSF Vulnerable to Arbitrary File Write (AR-Slip) via Absolute Path in .a Extraction
pypi
mobsf
High
3 months ago
ESP-IDF web_server basic auth bypass using empty or incomplete Authorization header
pypi
esphome
Moderate
3 months ago
Local Deep Research's API keys are stored in plain text
pypi
local-deep-research
Moderate
3 months ago
Eventlet affected by HTTP request smuggling in unparsed trailers
pypi
eventlet
Low
3 months ago
Exiv2 has quadratic performance in ICC profile parsing in JpegBase::readMetadata
pypi
Exiv2
Low
3 months ago
Exiv2 Segmentation Faults in Exiv2::EpsImage::writeMetadata() via crafted EPS file
pypi
Exiv2
Moderate
3 months ago
Picklescan is missing detection when calling built-in python library asyncio.unix_events._UnixSubprocessTransport._start
pypi
picklescan
Moderate
3 months ago
Picklescan is missing detection when calling built-in python cProfile.run
pypi
picklescan
Moderate
3 months ago
Picklescan is missing detection when calling built-in python cProfile.runctx
pypi
picklescan
Moderate
3 months ago
Picklescan is missing detection when calling built-in python doctest.debug_script
pypi
picklescan
Moderate
3 months ago
Picklescan is missing detection when calling built-in python idlelib.pyshell.ModifiedInterpreter.runcode
pypi
picklescan
Moderate
3 months ago
Picklescan is missing detection when calling built-in python idlelib.pyshell.ModifiedInterpreter.runcommand
pypi
picklescan
Moderate
3 months ago
Picklescan is missing detection when calling built-in python idlelib.run.Executive.runcode
pypi
picklescan
Moderate
3 months ago
Picklescan is missing detection when calling built-in python lib2to3.pgen2.pgen.ParserGenerator.make_label
pypi
picklescan
Moderate
3 months ago
Picklescan is missing detection when calling built-in python ensurepip._run_pip
pypi
picklescan
Moderate
3 months ago
Picklescan is missing detection when calling pytorch function torch.utils.bottleneck.__main__.run_autograd_prof
pypi
picklescan
Moderate
3 months ago
Picklescan has a missing detection when calling built-in python library idlelib.calltip.get_entity
pypi
picklescan
Moderate
3 months ago
Picklescan has a missing detection when calling built-in python idlelib.calltip.Calltip
pypi
picklescan
Moderate
3 months ago
Picklescan has a missing detection when calling built-in python code.InteractiveInterpreter
pypi
picklescan
Moderate
3 months ago
Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.fetch_completions
pypi
picklescan
Moderate
3 months ago
Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.get_entity
pypi
picklescan
Moderate
3 months ago
Picklescan has a missing detection when calling built-in python idlelib.debugobj.ObjectTreeItem
pypi
picklescan
Moderate
3 months ago
Picklescan has a missing detection when calling built-in python lib2to3.pgen2.grammar.Grammar.loads
pypi
picklescan
Moderate
3 months ago
Picklescan has a missing detection when calling built-in python profile.Profile.runctx
pypi
picklescan
Moderate
3 months ago
Picklescan has a missing detection when calling built-in python profile.Profile.run
pypi
picklescan
Moderate
3 months ago
Picklescan has a missing detection when calling built-in python trace.Trace.runctx
pypi
picklescan
Moderate
3 months ago
Picklescan has a missing detection when calling built-in python trace.Trace.run
pypi
picklescan
High
3 months ago
LlamaIndex affected by a Denial of Service (DOS) in JSONReader
pypi
llama-index-core
Moderate
3 months ago
mitmproxy binaries embed a vulnerable python-hyper/h2 dependency
pypi
mitmproxy
High
3 months ago
XGrammar affected by Denial of Service by infinite recursion grammars
pypi
xgrammar
High
3 months ago
Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation (Post-RCE)
pypi
langflow-base, langflow
Moderate
3 months ago
Picklescan missing detection when calling pytorch function torch.utils._config_module.load_config
pypi
picklescan
Moderate
3 months ago
Picklescan missing detection when calling pytorch function torch.jit.unsupported_tensor_ops.execWrapper
pypi
picklescan
Moderate
3 months ago
Picklescan missing detection when calling pytorch function torch.utils.data.datapipes.utils.decoder.basichandlers
pypi
picklescan
Moderate
3 months ago
Picklescan missing detection when calling pytorch function torch.utils.collect_env.run
pypi
picklescan
Moderate
3 months ago
Picklescan missing detection when calling pytorch function torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression
pypi
picklescan
Moderate
3 months ago
Picklescan missing detection when calling pytorch function torch._dynamo.guards.GuardBuilder.get
pypi
picklescan
Moderate
3 months ago
Picklescan missing detection when calling pytorch function torch.utils.bottleneck.__main__.run_cprofile
pypi
picklescan
High
3 months ago
Denial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljs
pypi
pyload-ng
High
3 months ago
vLLM has remote code execution vulnerability in the tool call parser for Qwen3-Coder
pypi
vllm
Moderate
3 months ago
Copier's safe template has filesystem write access outside destination path
pypi
copier
Moderate
3 months ago
Apache Superset has bypass of `DISALLOWED_SQL_FUNCTIONS` that allows execution of blocked SQL functions
pypi
apache-superset
Moderate
3 months ago
Apache Superset data query improperly discloses database schema information to low-privileged guest user
pypi
apache-superset
Moderate
3 months ago
Apache Superset's chart visualization has a stored Cross-Site Scripting (XSS) vulnerability
pypi
apache-superset
Moderate
3 months ago
Apache Superset allows authenticated users to discover metadata about datasources they don't have permission to access
pypi
apache-superset
Moderate
3 months ago
OMERO.web displays unecessary user information when requesting password reset
pypi
omero-web
High
3 months ago
Keras vulnerable to CVE-2025-1550 bypass via reuse of internal functionality
pypi
keras
High
3 months ago
Picklescan has pickle parsing logic flaw that leads to malicious pickle file bypass
pypi
picklescan
High
3 months ago
PyLoad vulnerable to SQL Injection via API /json/add_package in add_links parameter
pypi
pyload-ng
Filter by Severity
Filter by Package
tensorflow
433
tensorflow-cpu
409
tensorflow-gpu
394
Django
89
apache-airflow
89
salt
65
ansible
64
apache-superset
61
mlflow
55
Plone
54
django
48
nova
48
gradio
44
vyper
44
matrix-synapse
43
rdiffweb
42
plone
41
picklescan
39
moin
35
keystone
32
opencv-python
31
opencv-contrib-python
30
vllm
28
Pillow
28
pillow
28
open-webui
27
pyload-ng
24
glance
21
ethyca-fides
20
aim
20
neutron
19
langchain
19
transformers
19
mindsdb
18
cobbler
18
mercurial
18
calibreweb
17
notebook
17
OctoPrint
17
cryptography
17
PaddlePaddle
16
paddlepaddle
16
pgadmin4
16
lollms
16
h2o
15
aiohttp
15
pyftpdlib
14
mobsf
14
urllib3
14
modoboa
14
zenml
14
vantage6
14
litellm
14
roundup
13
nautobot
12
twisted
12
sentry
12
swift
12
wagtail
12
waitress
11
ckan
11
ai.h2o:h2o-core
11
onionshare-cli
11
label-studio
11
horizon
11
opencv-python-headless
10
Flask-AppBuilder
10
trytond
10
agentscope
9
kiwitcms
9
zope
9
changedetection.io
9
ryu
9
cinder
9
llama-index
9
keras
9
opencv-contrib-python-headless
9
lief
9
bentoml
8
trac
8
ipython
8
tornado
8
llama-index-core
8
copyparty
8
pip
8
python-keystoneclient
8
Zope
8
numpy
8
aubio
8
Zope2
8
dbgpt
8
indico
8
codechecker
7
executorch
7
scrapy
7
requests
7
web2py
7
inventree
7
matrix-sydent
7
jupyter-server
7
pysaml2
7
apache-airflow-providers-apache-hive
6
torch
6
tuf
6
graphite-web
6
OpenEXR
6
yt-dlp
6
dtale
6
mailman
6
mage-ai
6
ansible-core
6
whoogle-search
6
langflow
6
torchserve
6
Mezzanine
6
Jinja2
6
snowflake-connector-python
6
lxml
6
Moin
6
nltk
5
langchain-experimental
5
python-gnupg
5
onnx
5
ray
5
mitmproxy
5
jupyterhub
5
weblate
5
keylime
5
Products.CMFPlone
5
langchain-community
5
feedparser
5
Werkzeug
5
mayan-edms
5
werkzeug
5
pretix
5
saleor
5
starlette
5
open-webui
5
grpc
5
omero-web
5
homeassistant
5
bleach
5
lmdb
5
Weblate
5
oauthenticator
5
esphome
5
jupyterlab
5
composio-core
5
pypdf
5
fschat
5
grpcio
5
ait-core
5
setuptools
4
pandasai
4
flask-appbuilder
4
Nova
4
tripleo-heat-templates
4
Pygments
4
koji
4
streamlit
4
pytorch-lightning
4
jinja2
4
aws-iot-device-sdk-v2
4
indy-node
4
GitPython
4
awsiotsdk
4
authlib
4
jwcrypto
4
dbt-core
4
InvokeAI
4
nvflare
4
Keystone
4
bbot
4
Radicale
4
clearml
4
python-ldap
4
bottle
4
reportlab
4
datasette
4
RestrictedPython
4
motioneye
4
qutebrowser
4
httpie
4
litestar
4
PyPDF2
4
software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
4
pyspark
4
FreeTAKServer-UI
4
llamafactory
4
buildbot
4
octoprint
4
flask
4
Scrapy
4
MaterialX
4
Flask-Security-Too
4
markdown2
4
barbican
4
pywasm3
4
flask-cors
4
frappe
4
Filter by Repository
https://github.com/tensorflow/tensorflow
433
https://github.com/django/django
121
https://github.com/apache/airflow
105
https://github.com/ansible/ansible
59
https://github.com/python-pillow/Pillow
52
https://github.com/vyperlang/vyper
44
https://github.com/saltstack/salt
42
https://github.com/ikus060/rdiffweb
42
https://github.com/mmaitre314/picklescan
39
https://github.com/gradio-app/gradio
39
https://github.com/openstack/nova
38
https://github.com/plone/Products.CMFPlone
37
https://github.com/mlflow/mlflow
36
https://github.com/opencv/opencv
32
https://github.com/matrix-org/synapse
32
https://github.com/PaddlePaddle/Paddle
31
https://github.com/openstack/keystone
28
https://github.com/vllm-project/vllm
25
https://github.com/langchain-ai/langchain
25
https://github.com/run-llama/llama_index
24
https://github.com/pyload/pyload
24
https://github.com/ethyca/fides
20
https://github.com/huggingface/transformers
19
https://github.com/vantage6/vantage6
17
https://github.com/mindsdb/mindsdb
17
https://github.com/pyca/cryptography
16
https://github.com/MobSF/Mobile-Security-Framework-MobSF
15
https://github.com/aio-libs/aiohttp
15
https://github.com/cobbler/cobbler
15
https://github.com/apache/superset
14
https://github.com/urllib3/urllib3
14
https://github.com/pgadmin-org/pgadmin4
14
https://github.com/dpgaspar/Flask-AppBuilder
14
https://github.com/twisted/twisted
14
https://github.com/janeczku/calibre-web
14
https://github.com/zenml-io/zenml
13
https://github.com/modoboa/modoboa
13
https://github.com/h2oai/h2o-3
13
https://github.com/OctoPrint/OctoPrint
13
https://github.com/nautobot/nautobot
12
https://github.com/openstack/glance
12
https://github.com/getsentry/sentry
12
https://github.com/wagtail/wagtail
12
https://github.com/parisneo/lollms
11
https://github.com/open-webui/open-webui
11
https://github.com/Pylons/waitress
11
https://github.com/onionshare/onionshare
11
https://github.com/scrapy/scrapy
11
https://github.com/HumanSignal/label-studio
10
https://github.com/ckan/ckan
10
https://github.com/WeblateOrg/weblate
10
https://github.com/jupyter/notebook
10
https://github.com/lief-project/LIEF
9
https://github.com/element-hq/synapse
9
https://github.com/keras-team/keras
9
https://github.com/BerriAI/litellm
9
https://github.com/giampaolo/pyftpdlib
9
https://github.com/zopefoundation/Zope
9
https://github.com/openstack/horizon
9
https://github.com/faucetsdn/ryu
9
https://github.com/aimhubio/aim
9
https://github.com/ipython/ipython
8
https://github.com/tornadoweb/tornado
8
https://github.com/pallets/werkzeug
8
https://github.com/numpy/numpy
8
https://github.com/octoprint/octoprint
8
https://github.com/9001/copyparty
8
https://github.com/openstack/neutron
8
https://github.com/kiwitcms/Kiwi
8
https://github.com/dgtlmoon/changedetection.io
8
https://github.com/jupyter-server/jupyter_server
7
https://github.com/indico/indico
7
https://github.com/py-pdf/pypdf
7
https://github.com/pypa/pip
7
https://github.com/pytorch/executorch
7
https://github.com/aubio/aubio
7
https://github.com/Ericsson/codechecker
7
https://sourceforge.net/projects/sourceforge.net
7
https://github.com/openstack/cinder
7
https://github.com/openstack/swift
7
https://github.com/pallets/jinja
7
https://github.com/pytorch/pytorch
7
https://github.com/lxml/lxml
6
https://github.com/modelscope/agentscope
6
https://github.com/yt-dlp/yt-dlp
6
https://github.com/jupyterlab/jupyterlab
6
https://github.com/man-group/dtale
6
https://github.com/graphite-project/graphite-web
6
https://github.com/psf/requests
6
https://github.com/roundup-tracker/roundup
6
https://github.com/keylime/keylime
6
https://github.com/corydolphin/flask-cors
6
https://github.com/benbusby/whoogle-search
6
https://github.com/snowflakedb/snowflake-connector-python
6
https://github.com/matrix-org/sydent
6
https://github.com/mozilla/bleach
5
https://github.com/esphome/esphome
5
https://github.com/home-assistant/core
5
https://github.com/mitmproxy/mitmproxy
5
https://github.com/bentoml/BentoML
5
https://github.com/tryton/trytond
5
https://github.com/ome/omero-web
5
https://github.com/hwchase17/langchain
5
https://github.com/gitpython-developers/GitPython
5
https://github.com/ComposioHQ/composio
5
https://github.com/pytorch/serve
5
https://github.com/encode/starlette
5
https://github.com/TeamSeri0us/pocs
5
https://github.com/jupyterhub/oauthenticator
5
https://github.com/onnx/onnx
5
https://github.com/Exiv2/exiv2
5
https://github.com/ray-project/ray
5
https://github.com/inventree/InvenTree
5
https://github.com/AcademySoftwareFoundation/openexr
4
https://github.com/latchset/jwcrypto
4
https://github.com/pretix/pretix
4
https://github.com/hyperledger/indy-node
4
https://github.com/Cog-Creators/Red-DiscordBot
4
https://github.com/jhpyle/docassemble
4
https://github.com/aws/aws-iot-device-sdk-java-v2
4
https://github.com/berriai/litellm
4
https://github.com/nltk/nltk
4
https://github.com/mlc-ai/xgrammar
4
https://github.com/NVIDIA/NVFlare
4
https://github.com/ietf-tools/xml2rfc
4
https://github.com/litestar-org/litestar
4
https://github.com/langflow-ai/langflow
4
https://github.com/hiyouga/LLaMA-Factory
4
https://github.com/eosphoros-ai/DB-GPT
4
https://github.com/wasm3/wasm3
4
https://github.com/grpc/grpc
4
https://github.com/qutebrowser/qutebrowser
4
https://github.com/blacklanternsecurity/bbot
4
https://github.com/frappe/frappe
4
https://github.com/AcademySoftwareFoundation/MaterialX
4
https://github.com/FreeTAKTeam/UI
4
https://github.com/django-helpdesk/django-helpdesk
4
https://github.com/python-ldap/python-ldap
4
https://github.com/rohe/pysaml2
4
https://github.com/bottlepy/bottle
4
https://github.com/zopefoundation/RestrictedPython
4
https://github.com/Kozea/Radicale
4
https://github.com/pypa/setuptools
4
https://github.com/simonw/datasette
4
https://github.com/streamlit/streamlit
4
https://github.com/web2py/web2py
4
https://github.com/ronf/asyncssh
4
https://github.com/dbt-labs/dbt-core
4
https://github.com/jupyterhub/jupyterhub
4
https://github.com/pallets/flask
4
https://github.com/saleor/saleor
4
https://github.com/aws/sagemaker-python-sdk
3
https://github.com/astral-sh/uv
3
https://github.com/langroid/langroid
3
https://github.com/langchain-ai/langgraph
3
https://github.com/jpadilla/pyjwt
3
https://github.com/eventlet/eventlet
3
https://github.com/moinwiki/moin-1.9
3
https://github.com/lepture/mistune
3
https://github.com/pygments/pygments
3
https://github.com/certifi/python-certifi
3
https://github.com/adamghill/django-unicorn
3
https://github.com/Flask-Middleware/flask-security
3
https://github.com/IdentityPython/pysaml2
3
https://github.com/pyinstaller/pyinstaller
3
https://github.com/modelscope/ms-swift
3
https://github.com/paramiko/paramiko
3
https://github.com/aws/aws-sam-cli
3
https://github.com/pyca/pyopenssl
3
https://github.com/openstack/octavia
3
https://github.com/openstack/ironic
3
https://github.com/ankitects/anki
3
https://github.com/theupdateframework/python-tuf
3
https://github.com/benoitc/gunicorn
3
https://github.com/andialbrecht/sqlparse
3
https://github.com/khoj-ai/khoj
3
https://github.com/Project-MONAI/MONAI
3
https://github.com/ansible/ansible-runner
3
https://github.com/NASA-AMMOS/AIT-Core
3
https://github.com/bytecodealliance/wasmtime
3
https://github.com/stephenmcd/mezzanine
3
https://github.com/impredicative/bitlyshortener
3
https://github.com/poezio/slixmpp
3
https://github.com/dlitz/pycrypto
3
https://github.com/chatchat-space/Langchain-Chatchat
3
https://github.com/geyang/ml-logger
3
https://github.com/python/cpython
3
https://github.com/gventuri/pandas-ai
3
https://github.com/sqlalchemy/sqlalchemy
3
https://github.com/skops-dev/skops
3
https://github.com/micropython/micropython
3
https://github.com/theupdateframework/tuf
3
https://github.com/zauberzeug/nicegui
3
https://github.com/jlowin/fastmcp
3
https://github.com/sosreport/sos
3
https://github.com/beancount/fava
3
https://github.com/rochacbruno/quokka
3
https://github.com/Gerapy/Gerapy
3
https://github.com/openstack/python-keystoneclient
3