pypi
757,733 packages · pypi.org
Security Advisories in pypi
Critical
about 3 years ago
rdiffweb vulnerable to Improper Restriction of Rendered UI Layers or Frames
pypi
rdiffweb
High
about 3 years ago
MEI2Volpiano is vulnerable to XML External Entity (XXE), leading to a Denial of Service (DoS)
pypi
mei2volpiano
Moderate
about 3 years ago
Apache IoTDB Session Fixation vulnerability
pypi, maven
apache-iotdb, org.apache.iotdb:iotdb-server
High
about 3 years ago
Indy's NODE_UPGRADE transaction vulnerable to remote code execution
pypi
indy-node
Critical
about 3 years ago
python-scciclient vulnerable to Man-in-the-middle (MITM) attacks
pypi
python-scciclient
High
about 3 years ago
Denial of service due to incorrect application of event authorization rules
pypi
matrix-synapse
Critical
over 3 years ago
exotel-py includes code execution backdoor inserted by a third party
pypi
exotel
Moderate
over 3 years ago
Deluge Web-UI vulnerable to XSS through a crafted torrent file
pypi
deluge
Moderate
over 3 years ago
ansible-runner has default temporary files written to world R/W locations
pypi
ansible-runner
High
over 3 years ago
Bots using py-cord as Discord API wrapper are vulnerable to shutdowns through remote code execution
pypi
py-cord
High
over 3 years ago
Remote code execution in Apache Airflow Docker's Provider
pypi
apache-airflow-providers-docker
High
over 3 years ago
django-sendfile2 before 0.7.0 contains reflected file download vulnerability
pypi
django-sendfile2
Moderate
over 3 years ago
mofh Vulnerable to Improper Restriction of XML External Entity Reference
pypi
mofh
Moderate
over 3 years ago
nbconvert vulnerable to cross-site scripting (XSS) via multiple exploit paths
pypi
nbconvert
High
over 3 years ago
untangle vulnerable to Improper Restriction of XML External Entity Reference
pypi
untangle
High
over 3 years ago
sanic vulnerable to Path Traversal when using `app.static` if using encoded `%2F` URLs
pypi
sanic
High
over 3 years ago
chia-blockchain tokens can be inflated to an arbitrary extent
pypi
chia-blockchain
Low
over 3 years ago
Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query strings
pypi
Flask-AppBuilder
Moderate
over 3 years ago
Scrapy before 2.6.2 and 1.8.3 vulnerable to one proxy sending credentials to another
pypi
scrapy
Critical
over 3 years ago
WMAgent arbitrary code execution via a crafted dbs-client package
pypi
global-workqueue, reqmon, reqmgr2, wmagent
Moderate
over 3 years ago
Fava time and filter parameters vulnerable to reflected Cross-site Scripting
pypi
fava
High
over 3 years ago
Apache MXNet vulnerable to potential denial-of-service by excessive resource consumption
pypi
mxnet
High
over 3 years ago
Apache Spark UI can allow impersonation if ACLs enabled
pypi, maven
pyspark, org.apache.spark:spark-parent_2.12
Critical
over 3 years ago
Workers for local Dask clusters mistakenly listened on public interfaces
pypi
distributed
Moderate
over 3 years ago
OpenZeppelin Contracts for Cairo account cannot process transactions on Goerli
pypi
openzeppelin-cairo-contracts
Moderate
over 3 years ago
Whoogle Search Cross-site Scripting via string parameter
pypi
whoogle-search
Moderate
over 3 years ago
Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library
pypi, maven, nuget
azure-storage-blob, azure-storage-queue, com.azure:azure-storage-blob, Azure.Storage.Blobs, Azure.Storage.Queues
High
over 3 years ago
mat2 before 0.13.0 allows directory traversal during the ZIP archive cleaning process.
pypi
mat2
Critical
over 3 years ago
ChainerRL Visualizer 0.1.1 vulnerable to Path Traversal via unsafe use of send_file function
pypi
chainerrl-visualizer
Critical
over 3 years ago
Tooxie Shiva 0.10.0 allows absolute path traversal because Flask send_file function used unsafely
pypi
shiva
Critical
over 3 years ago
SatyaLab opendiamond 10.1.1 vulnerable to path traversal because Flask send_file function used unsafely
pypi
opendiamond
Moderate
over 3 years ago
Apache Superset allows authenticated users to access metadata they have no permission to
pypi
apache-superset
Moderate
over 3 years ago
Possible leak of key's raw field if declared length is incorrect
pypi
openssh-key-parser
Moderate
over 3 years ago
lxml NULL Pointer Dereference allows attackers to cause a denial of service
pypi
lxml
Moderate
over 3 years ago
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pycares
pypi
pycares
Critical
over 3 years ago
Django `Trunc()` and `Extract()` database functions vulnerable to SQL Injection
pypi
Django
High
over 3 years ago
URL previews of unusual or maliciously-crafted pages can crash Synapse media repositories or Synapse monoliths
pypi
matrix-synapse
Critical
over 3 years ago
Unsafe deserialisation in the PKI implementation scheme of NVFlare
pypi
nvflare
Critical
over 3 years ago
Couchbase Sync Gateway admin credentials not verified when using X.509 client cert authentication
pypi
couchbase
High
over 3 years ago
Cross Site Scripting vulnerability in django-jsonform's admin form.
pypi
django-jsonform
Moderate
over 3 years ago
Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator oauthenticator
pypi
oauthenticator
High
over 3 years ago
Uncaught Exception (due to a data race) leads to process termination in Waitress
pypi
waitress
High
over 3 years ago
Phoenix-ws source code and data in extensions folder is publicly available
pypi
phoenix-ws
Moderate
over 3 years ago
`CHECK` failure in depthwise ops via overflows
pypi
tensorflow-gpu, tensorflow-cpu, tensorflow
Filter by Severity
Filter by Package
tensorflow
433
tensorflow-cpu
410
tensorflow-gpu
397
apache-airflow
89
Django
89
salt
65
ansible
64
apache-superset
61
mlflow
55
Plone
54
nova
48
django
48
vyper
44
gradio
44
matrix-synapse
43
rdiffweb
42
plone
41
picklescan
39
moin
35
keystone
32
vllm
31
opencv-python
31
opencv-contrib-python
30
Pillow
28
pillow
28
open-webui
27
pyload-ng
24
glance
21
aim
20
ethyca-fides
20
langchain
19
transformers
19
neutron
19
mercurial
18
cobbler
18
mindsdb
18
cryptography
17
OctoPrint
17
calibreweb
17
notebook
17
PaddlePaddle
16
paddlepaddle
16
lollms
16
pgadmin4
16
h2o
15
aiohttp
15
pyftpdlib
14
zenml
14
modoboa
14
litellm
14
mobsf
14
urllib3
14
vantage6
14
roundup
13
swift
12
wagtail
12
sentry
12
nautobot
12
twisted
12
horizon
11
label-studio
11
ai.h2o:h2o-core
11
ckan
11
waitress
11
onionshare-cli
11
Flask-AppBuilder
10
trytond
10
opencv-python-headless
10
ryu
9
llama-index
9
cinder
9
lief
9
opencv-contrib-python-headless
9
keras
9
agentscope
9
kiwitcms
9
changedetection.io
9
zope
9
python-keystoneclient
8
bentoml
8
dbgpt
8
tornado
8
numpy
8
trac
8
ipython
8
aubio
8
Zope
8
pip
8
Zope2
8
copyparty
8
indico
8
llama-index-core
8
scrapy
7
matrix-sydent
7
inventree
7
web2py
7
pysaml2
7
executorch
7
requests
7
jupyter-server
7
codechecker
7
snowflake-connector-python
6
torch
6
ray
6
Mezzanine
6
omero-web
6
keylime
6
graphite-web
6
whoogle-search
6
pypdf
6
dtale
6
yt-dlp
6
ansible-core
6
mailman
6
mage-ai
6
apache-airflow-providers-apache-hive
6
lxml
6
OpenEXR
6
Moin
6
langflow
6
Jinja2
6
tuf
6
torchserve
6
homeassistant
5
fschat
5
grpc
5
langchain-experimental
5
grpcio
5
Products.CMFPlone
5
mayan-edms
5
feedparser
5
saleor
5
nltk
5
langchain-community
5
weblate
5
pretix
5
python-gnupg
5
mitmproxy
5
bleach
5
Scrapy
5
jupyterlab
5
starlette
5
jupyterhub
5
open-webui
5
Werkzeug
5
Weblate
5
composio-core
5
oauthenticator
5
lmdb
5
werkzeug
5
ait-core
5
onnx
5
esphome
5
RestrictedPython
4
Flask-Security-Too
4
MaterialX
4
streamlit
4
flask-appbuilder
4
authlib
4
koji
4
pywasm3
4
barbican
4
bottle
4
flask-cors
4
django-helpdesk
4
jwcrypto
4
flask
4
octoprint
4
buildbot
4
dbt-core
4
indy-node
4
xml2rfc
4
InvokeAI
4
nvflare
4
paramiko
4
Nova
4
aws-iot-device-sdk-v2
4
qutebrowser
4
setuptools
4
reportlab
4
llamafactory
4
pytorch-lightning
4
tripleo-heat-templates
4
Keystone
4
datasette
4
motioneye
4
bbot
4
FreeTAKServer-UI
4
pyspark
4
Radicale
4
langchain-core
4
httpie
4
frappe
4
Pygments
4
software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
4
PyPDF2
4
pandasai
4
skops
4
clearml
4
awsiotsdk
4
Filter by Repository
https://github.com/tensorflow/tensorflow
433
https://github.com/django/django
121
https://github.com/apache/airflow
105
https://github.com/ansible/ansible
59
https://github.com/python-pillow/Pillow
52
https://github.com/vyperlang/vyper
44
https://github.com/saltstack/salt
42
https://github.com/ikus060/rdiffweb
42
https://github.com/mmaitre314/picklescan
39
https://github.com/gradio-app/gradio
39
https://github.com/openstack/nova
38
https://github.com/plone/Products.CMFPlone
37
https://github.com/mlflow/mlflow
36
https://github.com/matrix-org/synapse
32
https://github.com/opencv/opencv
32
https://github.com/PaddlePaddle/Paddle
31
https://github.com/openstack/keystone
28
https://github.com/vllm-project/vllm
25
https://github.com/langchain-ai/langchain
25
https://github.com/pyload/pyload
24
https://github.com/run-llama/llama_index
24
https://github.com/ethyca/fides
20
https://github.com/huggingface/transformers
19
https://github.com/vantage6/vantage6
17
https://github.com/mindsdb/mindsdb
17
https://github.com/pyca/cryptography
16
https://github.com/MobSF/Mobile-Security-Framework-MobSF
15
https://github.com/cobbler/cobbler
15
https://github.com/aio-libs/aiohttp
15
https://github.com/pgadmin-org/pgadmin4
14
https://github.com/janeczku/calibre-web
14
https://github.com/twisted/twisted
14
https://github.com/urllib3/urllib3
14
https://github.com/dpgaspar/Flask-AppBuilder
14
https://github.com/apache/superset
14
https://github.com/OctoPrint/OctoPrint
13
https://github.com/modoboa/modoboa
13
https://github.com/zenml-io/zenml
13
https://github.com/h2oai/h2o-3
13
https://github.com/openstack/glance
12
https://github.com/wagtail/wagtail
12
https://github.com/getsentry/sentry
12
https://github.com/nautobot/nautobot
12
https://github.com/open-webui/open-webui
11
https://github.com/parisneo/lollms
11
https://github.com/Pylons/waitress
11
https://github.com/scrapy/scrapy
11
https://github.com/onionshare/onionshare
11
https://github.com/ckan/ckan
10
https://github.com/WeblateOrg/weblate
10
https://github.com/jupyter/notebook
10
https://github.com/HumanSignal/label-studio
10
https://github.com/faucetsdn/ryu
9
https://github.com/openstack/horizon
9
https://github.com/lief-project/LIEF
9
https://github.com/giampaolo/pyftpdlib
9
https://github.com/aimhubio/aim
9
https://github.com/BerriAI/litellm
9
https://github.com/keras-team/keras
9
https://github.com/element-hq/synapse
9
https://github.com/zopefoundation/Zope
9
https://github.com/kiwitcms/Kiwi
8
https://github.com/openstack/neutron
8
https://github.com/tornadoweb/tornado
8
https://github.com/dgtlmoon/changedetection.io
8
https://github.com/9001/copyparty
8
https://github.com/numpy/numpy
8
https://github.com/ipython/ipython
8
https://github.com/octoprint/octoprint
8
https://github.com/pallets/werkzeug
8
https://github.com/openstack/swift
7
https://github.com/jupyter-server/jupyter_server
7
https://github.com/indico/indico
7
https://github.com/py-pdf/pypdf
7
https://sourceforge.net/projects/sourceforge.net
7
https://github.com/pytorch/pytorch
7
https://github.com/aubio/aubio
7
https://github.com/pypa/pip
7
https://github.com/Ericsson/codechecker
7
https://github.com/pallets/jinja
7
https://github.com/openstack/cinder
7
https://github.com/pytorch/executorch
7
https://github.com/modelscope/agentscope
6
https://github.com/corydolphin/flask-cors
6
https://github.com/yt-dlp/yt-dlp
6
https://github.com/jupyterlab/jupyterlab
6
https://github.com/keylime/keylime
6
https://github.com/lxml/lxml
6
https://github.com/roundup-tracker/roundup
6
https://github.com/matrix-org/sydent
6
https://github.com/graphite-project/graphite-web
6
https://github.com/snowflakedb/snowflake-connector-python
6
https://github.com/psf/requests
6
https://github.com/benbusby/whoogle-search
6
https://github.com/man-group/dtale
6
https://github.com/mitmproxy/mitmproxy
5
https://github.com/pytorch/serve
5
https://github.com/TeamSeri0us/pocs
5
https://github.com/mozilla/bleach
5
https://github.com/Exiv2/exiv2
5
https://github.com/inventree/InvenTree
5
https://github.com/encode/starlette
5
https://github.com/onnx/onnx
5
https://github.com/ComposioHQ/composio
5
https://github.com/tryton/trytond
5
https://github.com/home-assistant/core
5
https://github.com/esphome/esphome
5
https://github.com/ome/omero-web
5
https://github.com/bentoml/BentoML
5
https://github.com/hwchase17/langchain
5
https://github.com/ray-project/ray
5
https://github.com/gitpython-developers/GitPython
5
https://github.com/jupyterhub/oauthenticator
5
https://github.com/bottlepy/bottle
4
https://github.com/Kozea/Radicale
4
https://github.com/langflow-ai/langflow
4
https://github.com/saleor/saleor
4
https://github.com/eosphoros-ai/DB-GPT
4
https://github.com/aws/aws-iot-device-sdk-java-v2
4
https://github.com/Cog-Creators/Red-DiscordBot
4
https://github.com/hyperledger/indy-node
4
https://github.com/latchset/jwcrypto
4
https://github.com/web2py/web2py
4
https://github.com/django-helpdesk/django-helpdesk
4
https://github.com/python-ldap/python-ldap
4
https://github.com/wasm3/wasm3
4
https://github.com/zopefoundation/RestrictedPython
4
https://github.com/nltk/nltk
4
https://github.com/pretix/pretix
4
https://github.com/litestar-org/litestar
4
https://github.com/jhpyle/docassemble
4
https://github.com/ietf-tools/xml2rfc
4
https://github.com/dbt-labs/dbt-core
4
https://github.com/rohe/pysaml2
4
https://github.com/AcademySoftwareFoundation/MaterialX
4
https://github.com/streamlit/streamlit
4
https://github.com/blacklanternsecurity/bbot
4
https://github.com/simonw/datasette
4
https://github.com/jupyterhub/jupyterhub
4
https://github.com/NVIDIA/NVFlare
4
https://github.com/frappe/frappe
4
https://github.com/hiyouga/LLaMA-Factory
4
https://github.com/ronf/asyncssh
4
https://github.com/AcademySoftwareFoundation/openexr
4
https://github.com/qutebrowser/qutebrowser
4
https://github.com/pypa/setuptools
4
https://github.com/pallets/flask
4
https://github.com/mlc-ai/xgrammar
4
https://github.com/berriai/litellm
4
https://github.com/grpc/grpc
4
https://github.com/FreeTAKTeam/UI
4
https://github.com/NASA-AMMOS/AIT-Core
3
https://github.com/benoitc/gunicorn
3
https://github.com/langroid/langroid
3
https://github.com/rochacbruno/quokka
3
https://github.com/pypa/advisory-db
3
https://github.com/aws/aws-sam-cli
3
https://github.com/andialbrecht/sqlparse
3
https://sourceforge.net/projects/roject
3
https://github.com/beancount/fava
3
https://github.com/eventlet/eventlet
3
https://github.com/modelscope/ms-swift
3
https://github.com/khoj-ai/khoj
3
https://github.com/theupdateframework/tuf
3
https://github.com/sosreport/sos
3
https://github.com/Project-MONAI/MONAI
3
https://github.com/impredicative/bitlyshortener
3
https://github.com/pyinstaller/pyinstaller
3
https://github.com/Kludex/python-multipart
3
https://github.com/certifi/python-certifi
3
https://github.com/Gerapy/Gerapy
3
https://github.com/paramiko/paramiko
3
https://github.com/theupdateframework/python-tuf
3
https://github.com/Flask-Middleware/flask-security
3
https://github.com/zauberzeug/nicegui
3
https://github.com/aws/sagemaker-python-sdk
3
https://github.com/stephenmcd/mezzanine
3
https://github.com/chatchat-space/Langchain-Chatchat
3
https://github.com/micropython/micropython
3
https://github.com/python/cpython
3
https://github.com/ansible/ansible-runner
3
https://github.com/langchain-ai/langgraph
3
https://github.com/geyang/ml-logger
3
https://github.com/ankitects/anki
3
https://github.com/openstack/ironic
3
https://github.com/bytecodealliance/wasmtime
3
https://github.com/pyca/pyopenssl
3
https://github.com/openstack/octavia
3
https://github.com/jlowin/fastmcp
3
https://github.com/GeoNode/geonode
3
https://github.com/openstack/python-keystoneclient
3
https://github.com/gventuri/pandas-ai
3
https://github.com/lepture/mistune
3
https://github.com/dlitz/pycrypto
3
https://github.com/moinwiki/moin-1.9
3
https://github.com/jupyterhub/jupyter-server-proxy
3
https://github.com/trentm/python-markdown2
3
https://github.com/astral-sh/uv
3
https://github.com/mpdavis/python-jose
3