pypi
735,275 packages · pypi.org
Security Advisories in pypi
Moderate
about 2 months ago
Copier's safe template has filesystem write access outside destination path
pypi
copier
High
about 2 months ago
Copier's safe template has arbitrary filesystem read/write access
pypi
copier
High
about 2 months ago
Python-Future Module Arbitrary Code Execution via Unintended Import of test.py
pypi
future
Moderate
about 2 months ago
Apache Superset allows authenticated users to discover metadata about datasources they don't have permission to access
pypi
apache-superset
Moderate
about 2 months ago
Apache Superset data query improperly discloses database schema information to low-privileged guest user
pypi
apache-superset
Moderate
about 2 months ago
Apache Superset has bypass of `DISALLOWED_SQL_FUNCTIONS` that allows execution of blocked SQL functions
pypi
apache-superset
Moderate
about 2 months ago
Apache Superset's chart visualization has a stored Cross-Site Scripting (XSS) vulnerability
pypi
apache-superset
Moderate
about 2 months ago
OMERO.web displays unecessary user information when requesting password reset
pypi
omero-web
High
about 2 months ago
Keras vulnerable to CVE-2025-1550 bypass via reuse of internal functionality
pypi
keras
High
about 2 months ago
Picklescan has pickle parsing logic flaw that leads to malicious pickle file bypass
pypi
picklescan
High
about 2 months ago
PyLoad vulnerable to SQL Injection via API /json/add_package in add_links parameter
pypi
pyload-ng
Moderate
about 2 months ago
TinyScientist has Path Traversal Vulnerability in PDF Review Function (CWE-22)
pypi
tiny-scientist
Moderate
about 2 months ago
ExecuTorch integer overflow vulnerability leads to code execution
pypi
executorch
Moderate
about 2 months ago
Hugging Face Transformers Regular Expression Denial of Service (ReDoS) vulnerability
pypi
transformers
Critical
2 months ago
pyLoad CNL Blueprint allows Path Traversal through `dlc_path` which leads to Remote Code Execution (RCE)
pypi
pyload-ng
High
2 months ago
copyparty allows Regex Denial of Service (ReDoS) in the upload listing
pypi
copyparty
Moderate
2 months ago
MaterialX Lack of MTLX Import Depth Limit Leads to DoS (Denial-Of-Service) Via Stack Exhaustion
pypi
MaterialX
Moderate
2 months ago
MaterialX Stack Overflow via Lack of MTLX XML Parsing Recursion Limit
pypi
MaterialX
Critical
2 months ago
num2words subjected to phishing attack, two versions published containing malware
pypi
num2words
Moderate
2 months ago
OpenEXR ScanLineProcess::run_fill NULL Pointer Write In "reduceMemory" Mode
pypi
OpenEXR
Moderate
2 months ago
OpenEXR Out of Bounds Heap Read due to Bad Pointer Arithmetic in LossyDctDecoder_execute
pypi
OpenEXR
High
2 months ago
OpenEXR Heap-Based Buffer Overflow in Deep Scanline Parsing via Forged Unpacked Size
pypi
OpenEXR
Low
2 months ago
MaterialX Null Pointer Dereference in MaterialXCore Shader Generation due to Unchecked implGraphOutput
pypi
MaterialX
Low
2 months ago
MaterialX Null Pointer Dereference in getShaderNodes due to Unchecked nodeGraph->getOutput return
pypi
MaterialX
Moderate
2 months ago
Pyload log Injection via API /json/add_package in add_name parameter
pypi
pyload-ng
Moderate
2 months ago
copyparty has DOM-Based XSS vulnerability when displaying multimedia metadata
pypi
copyparty
Critical
2 months ago
smolagents has Sandbox Escape Vulnerability in the local_python_executor.py Module
pypi
smolagents
High
2 months ago
Skops has Inconsistent Trusted Type Validation that Enables Hidden `operator` Methods Execution
pypi
skops
Moderate
2 months ago
Assemblyline 4 service client vulnerable to Arbitrary Write through path traversal in Client code
pypi
assemblyline-service-client
Moderate
2 months ago
Calibre Web and Autocaliweb have OS Command Injection vulnerability
pypi
calibreweb
High
2 months ago
`pyLoad` has Path Traversal Vulnerability in `json/upload` Endpoint that allows Arbitrary File Write
pypi
pyload-ng
Moderate
2 months ago
Starlette has possible denial-of-service vector when parsing large files in multipart forms
pypi
starlette
Low
3 months ago
AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections
pypi
aiohttp
Moderate
3 months ago
py-libp2p is vulnerable to DoS attacks through use of large RSA keys
pypi
libp2p
Moderate
3 months ago
Roundup is vulnerable to XSS through interactions between URLs and issue tracker templates
pypi
roundup
Moderate
3 months ago
Transformers is vulnerable to ReDoS attack through its DonutProcessor class
pypi
transformers
Moderate
3 months ago
LlamaIndex vulnerable to data loss through hash collisions in its DocugamiReader class
pypi
llama-index-readers-docugami, llama-index
High
3 months ago
pyLoad is vulnerable to attacks that bypass localhost restrictions, enabling the creation of arbitrary packages
pypi
pyload-ng
Moderate
3 months ago
fastapi-guard is vulnerable to ReDoS through inefficient regex
pypi
fastapi-guard
Moderate
3 months ago
Dagster vulnerable to Path Traversal attack through its /logs endpoint
pypi
dagster
High
3 months ago
LlamaIndex vulnerable to Path Traversal attack through its encode_image function
pypi
llama-index-core
High
3 months ago
Lord of Large Language Models vulnerable to Observable Discrepancy attack via authenticate_user function
pypi
lollms
Moderate
3 months ago
LlamaIndex vulnerability in its ObsidianReader class can lead to Path Traversal exploit
pypi
llama-index-readers-obsidian
Moderate
3 months ago
LlamaIndex vulnerable to DoS attack through uncontrolled recursive JSON parsing
pypi
llama-index-core
Moderate
3 months ago
Transformers vulnerable to ReDoS attack through its SETTING_RE variable
pypi
transformers
Moderate
3 months ago
LlamaIndex vulnerability in ArxivReader class can cause MD5 hash collisions
pypi
llama-index-readers-papers
Low
3 months ago
Transformers's Improper Input Validation vulnerability can be exploited through username injection
pypi
transformers
Moderate
3 months ago
Transformers's ReDoS vulnerability in get_configuration_file can lead to catastrophic backtracking
pypi
transformers
Moderate
3 months ago
Transformers vulnerable to ReDoS attack through its get_imports() function
pypi
transformers
High
3 months ago
LlamaIndex has an XML Entity Expansion vulnerability in its sitemap parser
pypi
llama-index-readers-papers
High
3 months ago
LlamaIndex is vulnerable to Path Traversal attack through its ObsidianReader class
pypi
llama-index-readers-obsidian
Moderate
3 months ago
LlamaIndex has Incomplete Documentation of Program Execution related to JsonPickleSerializer component
pypi
llama-index-core
High
3 months ago
MCP Python SDK vulnerability in the FastMCP Server causes validation error, leading to DoS
pypi
mcp
High
3 months ago
MCP Python SDK has Unhandled Exception in Streamable HTTP Transport, Leading to Denial of Service
pypi
mcp
Moderate
3 months ago
HKUDS LightRAG allows Path Traversal via function upload_to_input_dir
pypi
lightrag-hku
High
3 months ago
MobSF vulnerability allows SSRF due to the allow_redirects=True parameter
pypi
mobsf
High
3 months ago
LLaMA-Factory allows Code Injection through improper vhead_file safeguards
pypi
llamafactory
Critical
3 months ago
Apache Airflow Providers Snowflake package allows for Special Element Injection via CopyFromExternalStageToSnowflakeOperator
pypi
apache-airflow-providers-snowflake
Low
3 months ago
pyspur Incomplete Filtering of Special Elements allowed by SingleLLMCallNode function
pypi
pyspur
High
3 months ago
LangChain Community SSRF vulnerability exists in RequestsToolkit component
pypi
langchain-community
Critical
4 months ago
rfc3161-client has insufficient verification for timestamp response signatures
pypi
rfc3161-client
Low
4 months ago
Upsonic has vulnerability in Pickle Handler component that can lead to deserialization
pypi
upsonic
Low
4 months ago
Upsonic is vulnerable to Path Traversal attack through its os.path.join function
pypi
upsonic
Moderate
4 months ago
urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation
pypi
urllib3
Moderate
4 months ago
Mezzanine CMS has a Stored Cross-Site Scripting (XSS) vulnerability in the displayable_links_js function
pypi
Mezzanine
Moderate
4 months ago
python-a2a has a path traversal in the create_workflow function
pypi
python-a2a
Filter by Severity
Filter by Package
tensorflow
430
tensorflow-cpu
408
tensorflow-gpu
399
Django
108
apache-airflow
86
Plone
71
salt
65
ansible
63
apache-superset
61
mlflow
53
nova
48
gradio
44
vyper
44
rdiffweb
42
matrix-synapse
42
picklescan
39
moin
35
opencv-python
31
keystone
31
opencv-contrib-python
31
Pillow
28
pillow
28
plone
27
django
27
open-webui
25
vllm
25
pyload-ng
23
glance
21
ethyca-fides
20
aim
20
transformers
19
neutron
19
langchain
18
cobbler
18
mindsdb
18
mercurial
18
calibreweb
17
OctoPrint
17
cryptography
17
notebook
17
PaddlePaddle
16
paddlepaddle
16
lollms
16
h2o
15
aiohttp
15
modoboa
14
pyftpdlib
14
litellm
14
vantage6
14
mobsf
14
urllib3
14
roundup
13
zenml
13
wagtail
12
swift
12
twisted
12
sentry
12
pgadmin4
12
nautobot
12
label-studio
11
onionshare-cli
11
trytond
11
ai.h2o:h2o-core
11
horizon
11
waitress
11
Flask-AppBuilder
10
opencv-python-headless
10
pyspark
10
ckan
9
opencv-contrib-python-headless
9
ryu
9
kiwitcms
9
python-keystoneclient
9
zope
9
cinder
9
agentscope
9
lief
9
numpy
8
llama-index-core
8
copyparty
8
pip
8
bentoml
8
ipython
8
dbgpt
8
Zope2
8
indico
8
aubio
8
trac
8
tornado
8
changedetection.io
8
Zope
8
llama-index
8
matrix-sydent
7
scrapy
7
jupyter-server
7
codechecker
7
inventree
7
web2py
7
executorch
7
pysaml2
7
requests
7
omero-web
6
OpenEXR
6
snowflake-connector-python
6
torchserve
6
lxml
6
keras
6
mage-ai
6
torch
6
Mezzanine
6
langflow
6
dtale
6
Jinja2
6
whoogle-search
6
tuf
6
mailman
6
yt-dlp
6
Moin
6
ansible-core
6
graphite-web
6
apache-airflow-providers-apache-hive
6
onnx
5
werkzeug
5
jupyterhub
5
saleor
5
langchain-community
5
esphome
5
grpc
5
ray
5
keylime
5
python-gnupg
5
mayan-edms
5
jupyterlab
5
oauthenticator
5
fschat
5
pretix
5
feedparser
5
Weblate
5
nltk
5
bleach
5
ait-core
5
lmdb
5
mitmproxy
5
langchain-experimental
5
Werkzeug
5
grpcio
5
composio-core
5
wasmtime
4
xml2rfc
4
pandasai
4
flask-appbuilder
4
Nova
4
tripleo-heat-templates
4
Pygments
4
starlette
4
koji
4
streamlit
4
pytorch-lightning
4
jinja2
4
indy-node
4
aws-iot-device-sdk-v2
4
GitPython
4
awsiotsdk
4
jwcrypto
4
weblate
4
dbt-core
4
InvokeAI
4
nvflare
4
Radicale
4
homeassistant
4
apache-iotdb
4
bottle
4
reportlab
4
RestrictedPython
4
qutebrowser
4
httpie
4
PyPDF2
4
software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
4
FreeTAKServer-UI
4
setuptools
4
buildbot
4
flask
4
Scrapy
4
MaterialX
4
markdown2
4
Flask-Security-Too
4
barbican
4
flask-cors
4
frappe
4
django-helpdesk
4
paramiko
4
skops
4
Kallithea
3
langchain-core
3
protobuf
3
wasmtime
3
ml-logger
3
Exiv2
3
mistune
3
sqlparse
3
Filter by Repository
https://github.com/tensorflow/tensorflow
433
https://github.com/django/django
119
https://github.com/apache/airflow
104
https://github.com/ansible/ansible
59
https://github.com/python-pillow/Pillow
52
https://github.com/vyperlang/vyper
44
https://github.com/ikus060/rdiffweb
42
https://github.com/saltstack/salt
42
https://github.com/mmaitre314/picklescan
39
https://github.com/openstack/nova
38
https://github.com/gradio-app/gradio
38
https://github.com/plone/Products.CMFPlone
37
https://github.com/mlflow/mlflow
35
https://github.com/matrix-org/synapse
32
https://github.com/opencv/opencv
32
https://github.com/PaddlePaddle/Paddle
31
https://github.com/openstack/keystone
28
https://github.com/langchain-ai/langchain
24
https://github.com/run-llama/llama_index
23
https://github.com/pyload/pyload
23
https://github.com/vllm-project/vllm
22
https://github.com/ethyca/fides
20
https://github.com/huggingface/transformers
19
https://github.com/mindsdb/mindsdb
17
https://github.com/vantage6/vantage6
17
https://github.com/pyca/cryptography
16
https://github.com/cobbler/cobbler
15
https://github.com/MobSF/Mobile-Security-Framework-MobSF
15
https://github.com/aio-libs/aiohttp
15
https://github.com/pgadmin-org/pgadmin4
14
https://github.com/urllib3/urllib3
14
https://github.com/dpgaspar/Flask-AppBuilder
14
https://github.com/apache/superset
14
https://github.com/janeczku/calibre-web
14
https://github.com/twisted/twisted
14
https://github.com/modoboa/modoboa
13
https://github.com/openstack/glance
12
https://github.com/zenml-io/zenml
12
https://github.com/nautobot/nautobot
12
https://github.com/wagtail/wagtail
12
https://github.com/h2oai/h2o-3
12
https://github.com/OctoPrint/OctoPrint
12
https://github.com/getsentry/sentry
12
https://github.com/parisneo/lollms
11
https://github.com/scrapy/scrapy
11
https://github.com/onionshare/onionshare
11
https://github.com/Pylons/waitress
11
https://github.com/jupyter/notebook
10
https://github.com/HumanSignal/label-studio
10
https://github.com/aimhubio/aim
9
https://github.com/open-webui/open-webui
9
https://github.com/openstack/horizon
9
https://github.com/faucetsdn/ryu
9
https://github.com/lief-project/LIEF
9
https://github.com/giampaolo/pyftpdlib
9
https://github.com/BerriAI/litellm
9
https://github.com/WeblateOrg/weblate
9
https://github.com/zopefoundation/Zope
9
https://github.com/9001/copyparty
8
https://github.com/element-hq/synapse
8
https://github.com/tornadoweb/tornado
8
https://github.com/ipython/ipython
8
https://github.com/dgtlmoon/changedetection.io
8
https://github.com/pallets/werkzeug
8
https://github.com/numpy/numpy
8
https://github.com/openstack/neutron
8
https://github.com/kiwitcms/Kiwi
8
https://github.com/ckan/ckan
8
https://github.com/octoprint/octoprint
8
https://sourceforge.net/projects/sourceforge.net
7
https://github.com/jupyter-server/jupyter_server
7
https://github.com/openstack/cinder
7
https://github.com/indico/indico
7
https://github.com/pypa/pip
7
https://github.com/aubio/aubio
7
https://github.com/pallets/jinja
7
https://github.com/pytorch/executorch
7
https://github.com/openstack/swift
7
https://github.com/Ericsson/codechecker
7
https://github.com/pytorch/pytorch
7
https://github.com/lxml/lxml
6
https://github.com/keylime/keylime
6
https://github.com/yt-dlp/yt-dlp
6
https://github.com/keras-team/keras
6
https://github.com/roundup-tracker/roundup
6
https://github.com/graphite-project/graphite-web
6
https://github.com/benbusby/whoogle-search
6
https://github.com/jupyterlab/jupyterlab
6
https://github.com/matrix-org/sydent
6
https://github.com/psf/requests
6
https://github.com/modelscope/agentscope
6
https://github.com/man-group/dtale
6
https://github.com/corydolphin/flask-cors
6
https://github.com/snowflakedb/snowflake-connector-python
6
https://github.com/onnx/onnx
5
https://github.com/mozilla/bleach
5
https://github.com/py-pdf/pypdf
5
https://github.com/inventree/InvenTree
5
https://github.com/ome/omero-web
5
https://github.com/mitmproxy/mitmproxy
5
https://github.com/esphome/esphome
5
https://github.com/ray-project/ray
5
https://github.com/tryton/trytond
5
https://github.com/TeamSeri0us/pocs
5
https://github.com/pytorch/serve
5
https://github.com/bentoml/BentoML
5
https://github.com/hwchase17/langchain
5
https://github.com/Exiv2/exiv2
5
https://github.com/encode/starlette
5
https://github.com/jupyterhub/oauthenticator
5
https://github.com/gitpython-developers/GitPython
5
https://github.com/ComposioHQ/composio
5
https://github.com/mlc-ai/xgrammar
4
https://github.com/nltk/nltk
4
https://github.com/pretix/pretix
4
https://github.com/eosphoros-ai/DB-GPT
4
https://github.com/zopefoundation/RestrictedPython
4
https://github.com/Cog-Creators/Red-DiscordBot
4
https://github.com/hyperledger/indy-node
4
https://github.com/NVIDIA/NVFlare
4
https://github.com/saleor/saleor
4
https://github.com/jhpyle/docassemble
4
https://github.com/web2py/web2py
4
https://github.com/Kozea/Radicale
4
https://github.com/ietf-tools/xml2rfc
4
https://github.com/berriai/litellm
4
https://github.com/aws/aws-iot-device-sdk-java-v2
4
https://github.com/pallets/flask
4
https://github.com/bottlepy/bottle
4
https://github.com/dbt-labs/dbt-core
4
https://github.com/FreeTAKTeam/UI
4
https://github.com/streamlit/streamlit
4
https://github.com/home-assistant/core
4
https://github.com/AcademySoftwareFoundation/MaterialX
4
https://github.com/django-helpdesk/django-helpdesk
4
https://github.com/langflow-ai/langflow
4
https://github.com/qutebrowser/qutebrowser
4
https://github.com/rohe/pysaml2
4
https://github.com/AcademySoftwareFoundation/openexr
4
https://github.com/ronf/asyncssh
4
https://github.com/latchset/jwcrypto
4
https://github.com/pypa/setuptools
4
https://github.com/jupyterhub/jupyterhub
4
https://github.com/grpc/grpc
4
https://github.com/bytecodealliance/wasmtime
4
https://github.com/frappe/frappe
4
https://github.com/moinwiki/moin-1.9
3
https://github.com/paramiko/paramiko
3
https://github.com/mpdavis/python-jose
3
https://github.com/ansible/ansible-runner
3
https://github.com/GeoNode/geonode
3
https://github.com/jupyterhub/jupyter-server-proxy
3
https://github.com/djblets/djblets
3
https://github.com/aws/sagemaker-python-sdk
3
https://github.com/Kludex/python-multipart
3
https://github.com/furlongm/openvpn-monitor
3
https://github.com/lepture/mistune
3
https://github.com/pyca/pyopenssl
3
https://github.com/sosreport/sos
3
https://github.com/eventlet/eventlet
3
https://github.com/Flask-Middleware/flask-security
3
https://github.com/skops-dev/skops
3
https://github.com/stephenmcd/mezzanine
3
https://github.com/langroid/langroid
3
https://github.com/IdentityPython/pysaml2
3
https://github.com/impredicative/bitlyshortener
3
https://github.com/openstack/octavia
3
https://github.com/openstack/ironic
3
https://github.com/pyinstaller/pyinstaller
3
https://github.com/jpadilla/pyjwt
3
https://github.com/ankitects/anki
3
https://github.com/poezio/slixmpp
3
https://github.com/adamghill/django-unicorn
3
https://github.com/benoitc/gunicorn
3
https://github.com/theupdateframework/python-tuf
3
https://github.com/Gerapy/Gerapy
3
https://github.com/certifi/python-certifi
3
https://github.com/pygments/pygments
3
https://gitlab.com/mayan-edms/mayan-edms
3
https://github.com/zopefoundation/AccessControl
3
https://github.com/httplib2/httplib2
3
https://github.com/pypa/advisory-db
3
https://sourceforge.net/projects/roject
3
https://github.com/python/cpython
3
https://github.com/litestar-org/litestar
3
https://github.com/beancount/fava
3
https://github.com/simonw/datasette
3
https://github.com/Project-MONAI/MONAI
3
https://github.com/modelscope/ms-swift
3
https://github.com/DavidOsipov/PostQuantum-Feldman-VSS
3
https://github.com/hiyouga/LLaMA-Factory
3
https://github.com/theupdateframework/tuf
3
https://github.com/gventuri/pandas-ai
3
https://github.com/geyang/ml-logger
3
https://github.com/zauberzeug/nicegui
3
https://github.com/rochacbruno/quokka
3
https://github.com/NASA-AMMOS/AIT-Core
3
https://github.com/wasm3/wasm3
3
https://github.com/andialbrecht/sqlparse
3