pypi
734,614 packages · pypi.org
Security Advisories in pypi
Critical
4 months ago
Salt vulnerable to directory traversal attack in file receiving method
pypi
salt
Moderate
4 months ago
Salt's worker process vulnerable to denial of service through file read operation
pypi
salt
Moderate
4 months ago
Salt vulnerable to directory traversal attack in minion file cache creation
pypi
salt
Moderate
4 months ago
Salt's on demand pillar functionality vulnerable to arbitrary command injections
pypi
salt
Low
4 months ago
vantage6 lacks brute-force protection on change password functionality
pypi
vantage6
Moderate
4 months ago
Nautobot may allows uploaded media files to be accessible without authentication
pypi
nautobot
Moderate
4 months ago
Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating
pypi
nautobot
Moderate
4 months ago
OctoPrint Vulnerable to Denial of Service through malformed HTTP request in OctoPrint
pypi
OctoPrint
Moderate
4 months ago
OctoPrint vulnerable to possible file extraction via upload endpoints
pypi
OctoPrint
Moderate
4 months ago
Requests vulnerable to .netrc credentials leak via malicious URLs
pypi
requests
High
4 months ago
BackendAI vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
pypi
backend.ai
Moderate
4 months ago
SignXML's signature verification with HMAC is vulnerable to an algorithm confusion attack
pypi
signxml
Moderate
4 months ago
SignXML's signature verification with HMAC is vulnerable to a timing attack
pypi
signxml
High
4 months ago
Jupyter Core on Windows Has Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
pypi
jupyter_core
High
4 months ago
Apache Superset: Improper authorization bypass on row level security via SQL Injection
pypi
apache-superset
Moderate
4 months ago
multicast in source builds from vulnerable setuptools dependency
pypi
multicast
Moderate
4 months ago
vLLM has a Weakness in MultiModalHasher Image Hashing Implementation
pypi
vllm
Low
4 months ago
Potential Timing Side-Channel Vulnerability in vLLM’s Chunk-Based Prefix Caching
pypi
vllm
Moderate
4 months ago
vLLM has a Regular Expression Denial of Service (ReDoS, Exponential Complexity) Vulnerability in `pythonic_tool_parser.py`
pypi
vllm
High
4 months ago
Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin
pypi
redshift-connector
High
4 months ago
Django-Select2 Vulnerable to Widget Instance Secret Cache Key Leaking
pypi
django-select2
Moderate
4 months ago
HumanSignal label-studio-ml-backend Deserialization of Untrusted Data vulnerability
pypi
label-studio-ml
Critical
4 months ago
vLLM Allows Remote Code Execution via PyNcclPipe Communication Service
pypi
vllm
High
4 months ago
Langroid has a Code Injection vulnerability in LanceDocChatAgent through vector_store
pypi
langroid
High
5 months ago
setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write
pypi
setuptools
Moderate
5 months ago
Hugging Face Transformers Regular Expression Denial of Service
pypi
transformers
Moderate
5 months ago
Flask-AppBuilder open redirect vulnerability using HTTP host injection
pypi
flask-appbuilder
High
5 months ago
Tornado vulnerable to excessive logging caused by malformed multipart form data
pypi
tornado
Low
5 months ago
Vyper's `concat()` builtin may elide side-effects for zero-length arguments
pypi
vyper
High
5 months ago
label-studio vulnerable to Cross-Site Scripting (Reflected) via the label_config parameter.
pypi
label-studio
High
5 months ago
motionEye vulnerable to RCE in add_camera Function Due to unsafe command execution
pypi
motioneye
High
5 months ago
Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration
pypi
vllm
Moderate
5 months ago
Mobile Security Framework (MobSF) Allows Web Server Resource Exhaustion via ZIP of Death Attack
pypi
mobsf
Critical
5 months ago
Browser Use allows bypassing `allowed_domains` by putting a decoy domain in http auth username portion of a URL
pypi
browser-use
Moderate
5 months ago
Mobile Security Framework (MobSF) Allows Stored Cross Site Scripting (XSS) via malicious SVG Icon Upload
pypi
mobsf
Moderate
5 months ago
phi4mm: Quadratic Time Complexity in Input Token Processing leads to denial of service
pypi
vllm
Moderate
5 months ago
Transformers Regular Expression Denial of Service (ReDoS) vulnerability
pypi
transformers
Low
5 months ago
markdownify allows large headline prefixes such as <h9999999>, which causes memory consumption
pypi
markdownify
Moderate
5 months ago
LLaMA-Factory Allows Arbitrary Code Execution via Unsafe Deserialization in Ilamafy_baichuan2.py
pypi
llamafactory
Critical
5 months ago
CVE-2025-24357 Malicious model remote code execution fix bypass with PyTorch < 2.6.0
pypi
vllm
Moderate
5 months ago
OctoPrint Authenticated Reverse Proxy Page Authentication Bypass
pypi
octoprint
High
6 months ago
youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization
pypi
youtube-dl
Critical
6 months ago
PyTorch: `torch.load` with `weights_only=True` leads to remote code execution
pypi
torch
High
6 months ago
Whoogle allows attackers to execute arbitrary code via supplying a crafted search query
pypi
whoogle-search
Low
6 months ago
VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext
pypi
weblate
Critical
6 months ago
TigerVNC accessible via the network and not just via a UNIX socket as intended
pypi
jupyter-remote-desktop-proxy
Moderate
6 months ago
xgrammar Vulnerable to Denial of Service (DoS) by abusing unbounded cache in memory
pypi
xgrammar
Critical
6 months ago
BentoML's runner server Vulnerable to Remote Code Execution (RCE) via Insecure Deserialization
pypi
bentoml
Moderate
6 months ago
Picklescan missing detection when calling built-in python library function timeit.timeit()
pypi
picklescan
Moderate
6 months ago
Picklescan failed to detect to some unsafe global function in Numpy library
pypi
picklescan
High
6 months ago
Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate
pypi
picklescan
Critical
6 months ago
LNbits Lightning Network Payment System Vulnerable to Server-Side Request Forgery via LNURL Authentication Callback
pypi
lnbits
High
6 months ago
Apache Airflow Common SQL Provider Vulnerable to SQL Injection
pypi
apache-airflow-providers-common-sql
Critical
6 months ago
BentoML Allows Remote Code Execution (RCE) via Insecure Deserialization
pypi
bentoml
High
6 months ago
jupyterlab-git has a command injection vulnerability in "Open Git Repository in Terminal"
pypi
jupyterlab-git
Filter by Severity
Filter by Package
tensorflow
433
tensorflow-cpu
408
tensorflow-gpu
400
Django
89
apache-airflow
86
salt
65
ansible
63
apache-superset
61
Plone
54
mlflow
53
nova
48
django
46
gradio
44
vyper
44
rdiffweb
42
matrix-synapse
42
plone
41
picklescan
39
moin
35
opencv-python
31
opencv-contrib-python
31
keystone
31
Pillow
28
pillow
28
vllm
25
open-webui
25
pyload-ng
23
glance
21
ethyca-fides
20
aim
20
langchain
19
transformers
19
neutron
19
cobbler
18
mindsdb
18
mercurial
18
calibreweb
17
notebook
17
cryptography
17
OctoPrint
17
paddlepaddle
16
lollms
16
PaddlePaddle
16
h2o
15
aiohttp
15
vantage6
14
litellm
14
mobsf
14
modoboa
14
urllib3
14
pyftpdlib
14
roundup
13
zenml
13
twisted
12
pgadmin4
12
nautobot
12
wagtail
12
sentry
12
swift
12
onionshare-cli
11
label-studio
11
waitress
11
horizon
11
opencv-python-headless
10
ai.h2o:h2o-core
10
Flask-AppBuilder
10
trytond
10
opencv-contrib-python-headless
9
zope
9
cinder
9
ckan
9
ryu
9
agentscope
9
lief
9
kiwitcms
9
aubio
8
pip
8
copyparty
8
numpy
8
llama-index-core
8
llama-index
8
indico
8
tornado
8
Zope2
8
python-keystoneclient
8
dbgpt
8
bentoml
8
ipython
8
changedetection.io
8
Zope
8
trac
8
inventree
7
codechecker
7
jupyter-server
7
matrix-sydent
7
scrapy
7
web2py
7
executorch
7
requests
7
pysaml2
7
snowflake-connector-python
6
apache-airflow-providers-apache-hive
6
ansible-core
6
mage-ai
6
torch
6
yt-dlp
6
Moin
6
mailman
6
Jinja2
6
torchserve
6
lxml
6
tuf
6
Mezzanine
6
OpenEXR
6
keras
6
whoogle-search
6
graphite-web
6
dtale
6
langflow
6
werkzeug
5
grpcio
5
Products.CMFPlone
5
saleor
5
esphome
5
keylime
5
ait-core
5
fschat
5
composio-core
5
Werkzeug
5
onnx
5
grpc
5
omero-web
5
nltk
5
langchain-community
5
mayan-edms
5
feedparser
5
bleach
5
ray
5
lmdb
5
Weblate
5
oauthenticator
5
mitmproxy
5
jupyterlab
5
jupyterhub
5
langchain-experimental
5
python-gnupg
5
pretix
5
GitPython
4
Keystone
4
setuptools
4
xml2rfc
4
flask-appbuilder
4
FreeTAKServer-UI
4
httpie
4
jwcrypto
4
django-helpdesk
4
software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
4
PyPDF2
4
indy-node
4
aws-iot-device-sdk-v2
4
frappe
4
RestrictedPython
4
pywasm3
4
homeassistant
4
jinja2
4
InvokeAI
4
nvflare
4
skops
4
weblate
4
flask-cors
4
qutebrowser
4
streamlit
4
koji
4
Pygments
4
tripleo-heat-templates
4
pandasai
4
paramiko
4
barbican
4
buildbot
4
reportlab
4
bottle
4
Radicale
4
markdown2
4
dbt-core
4
awsiotsdk
4
pytorch-lightning
4
starlette
4
flask
4
Scrapy
4
Nova
4
MaterialX
4
Flask-Security-Too
4
openstack-heat
3
gunicorn
3
langroid
3
anki
3
jupyter-server-proxy
3
slixmpp
3
ajenti
3
monai
3
Filter by Repository
https://github.com/tensorflow/tensorflow
433
https://github.com/django/django
119
https://github.com/apache/airflow
104
https://github.com/ansible/ansible
59
https://github.com/python-pillow/Pillow
52
https://github.com/vyperlang/vyper
44
https://github.com/saltstack/salt
42
https://github.com/ikus060/rdiffweb
42
https://github.com/mmaitre314/picklescan
39
https://github.com/openstack/nova
38
https://github.com/gradio-app/gradio
38
https://github.com/plone/Products.CMFPlone
37
https://github.com/mlflow/mlflow
35
https://github.com/opencv/opencv
32
https://github.com/matrix-org/synapse
32
https://github.com/PaddlePaddle/Paddle
31
https://github.com/openstack/keystone
28
https://github.com/langchain-ai/langchain
24
https://github.com/run-llama/llama_index
23
https://github.com/pyload/pyload
23
https://github.com/vllm-project/vllm
22
https://github.com/ethyca/fides
20
https://github.com/huggingface/transformers
19
https://github.com/vantage6/vantage6
17
https://github.com/mindsdb/mindsdb
17
https://github.com/pyca/cryptography
16
https://github.com/aio-libs/aiohttp
15
https://github.com/cobbler/cobbler
15
https://github.com/MobSF/Mobile-Security-Framework-MobSF
15
https://github.com/janeczku/calibre-web
14
https://github.com/pgadmin-org/pgadmin4
14
https://github.com/apache/superset
14
https://github.com/urllib3/urllib3
14
https://github.com/dpgaspar/Flask-AppBuilder
14
https://github.com/twisted/twisted
14
https://github.com/modoboa/modoboa
13
https://github.com/wagtail/wagtail
12
https://github.com/getsentry/sentry
12
https://github.com/openstack/glance
12
https://github.com/nautobot/nautobot
12
https://github.com/zenml-io/zenml
12
https://github.com/h2oai/h2o-3
12
https://github.com/OctoPrint/OctoPrint
12
https://github.com/parisneo/lollms
11
https://github.com/onionshare/onionshare
11
https://github.com/scrapy/scrapy
11
https://github.com/Pylons/waitress
11
https://github.com/HumanSignal/label-studio
10
https://github.com/jupyter/notebook
10
https://github.com/faucetsdn/ryu
9
https://github.com/BerriAI/litellm
9
https://github.com/lief-project/LIEF
9
https://github.com/openstack/horizon
9
https://github.com/aimhubio/aim
9
https://github.com/open-webui/open-webui
9
https://github.com/giampaolo/pyftpdlib
9
https://github.com/zopefoundation/Zope
9
https://github.com/WeblateOrg/weblate
9
https://github.com/openstack/neutron
8
https://github.com/element-hq/synapse
8
https://github.com/9001/copyparty
8
https://github.com/numpy/numpy
8
https://github.com/tornadoweb/tornado
8
https://github.com/dgtlmoon/changedetection.io
8
https://github.com/ckan/ckan
8
https://github.com/ipython/ipython
8
https://github.com/kiwitcms/Kiwi
8
https://github.com/pallets/werkzeug
8
https://github.com/octoprint/octoprint
8
https://github.com/pytorch/executorch
7
https://github.com/aubio/aubio
7
https://github.com/openstack/cinder
7
https://github.com/Ericsson/codechecker
7
https://github.com/indico/indico
7
https://github.com/pypa/pip
7
https://github.com/jupyter-server/jupyter_server
7
https://sourceforge.net/projects/sourceforge.net
7
https://github.com/openstack/swift
7
https://github.com/pytorch/pytorch
7
https://github.com/pallets/jinja
7
https://github.com/keylime/keylime
6
https://github.com/graphite-project/graphite-web
6
https://github.com/yt-dlp/yt-dlp
6
https://github.com/corydolphin/flask-cors
6
https://github.com/roundup-tracker/roundup
6
https://github.com/matrix-org/sydent
6
https://github.com/jupyterlab/jupyterlab
6
https://github.com/keras-team/keras
6
https://github.com/lxml/lxml
6
https://github.com/psf/requests
6
https://github.com/modelscope/agentscope
6
https://github.com/man-group/dtale
6
https://github.com/benbusby/whoogle-search
6
https://github.com/snowflakedb/snowflake-connector-python
6
https://github.com/onnx/onnx
5
https://github.com/jupyterhub/oauthenticator
5
https://github.com/mozilla/bleach
5
https://github.com/gitpython-developers/GitPython
5
https://github.com/ome/omero-web
5
https://github.com/hwchase17/langchain
5
https://github.com/tryton/trytond
5
https://github.com/ComposioHQ/composio
5
https://github.com/encode/starlette
5
https://github.com/py-pdf/pypdf
5
https://github.com/TeamSeri0us/pocs
5
https://github.com/pytorch/serve
5
https://github.com/bentoml/BentoML
5
https://github.com/esphome/esphome
5
https://github.com/ray-project/ray
5
https://github.com/Exiv2/exiv2
5
https://github.com/mitmproxy/mitmproxy
5
https://github.com/inventree/InvenTree
5
https://github.com/jhpyle/docassemble
4
https://github.com/NVIDIA/NVFlare
4
https://github.com/langflow-ai/langflow
4
https://github.com/streamlit/streamlit
4
https://github.com/qutebrowser/qutebrowser
4
https://github.com/pretix/pretix
4
https://github.com/ietf-tools/xml2rfc
4
https://github.com/nltk/nltk
4
https://github.com/pallets/flask
4
https://github.com/wasm3/wasm3
4
https://github.com/Cog-Creators/Red-DiscordBot
4
https://github.com/frappe/frappe
4
https://github.com/hyperledger/indy-node
4
https://github.com/jupyterhub/jupyterhub
4
https://github.com/django-helpdesk/django-helpdesk
4
https://github.com/home-assistant/core
4
https://github.com/web2py/web2py
4
https://github.com/AcademySoftwareFoundation/openexr
4
https://github.com/Kozea/Radicale
4
https://github.com/dbt-labs/dbt-core
4
https://github.com/zopefoundation/RestrictedPython
4
https://github.com/bottlepy/bottle
4
https://github.com/pypa/setuptools
4
https://github.com/ronf/asyncssh
4
https://github.com/eosphoros-ai/DB-GPT
4
https://github.com/grpc/grpc
4
https://github.com/AcademySoftwareFoundation/MaterialX
4
https://github.com/saleor/saleor
4
https://github.com/latchset/jwcrypto
4
https://github.com/rohe/pysaml2
4
https://github.com/berriai/litellm
4
https://github.com/mlc-ai/xgrammar
4
https://github.com/FreeTAKTeam/UI
4
https://github.com/aws/aws-iot-device-sdk-java-v2
4
https://github.com/poezio/slixmpp
3
https://github.com/modelscope/ms-swift
3
https://github.com/beancount/fava
3
https://github.com/eventlet/eventlet
3
https://github.com/langroid/langroid
3
https://github.com/lepture/mistune
3
https://github.com/Flask-Middleware/flask-security
3
https://github.com/sosreport/sos
3
https://gitlab.com/mayan-edms/mayan-edms
3
https://github.com/Project-MONAI/MONAI
3
https://github.com/openstack/octavia
3
https://github.com/impredicative/bitlyshortener
3
https://github.com/pyinstaller/pyinstaller
3
https://github.com/trentm/python-markdown2
3
https://github.com/adamghill/django-unicorn
3
https://github.com/python/cpython
3
https://github.com/NASA-AMMOS/AIT-Core
3
https://github.com/sqlalchemy/sqlalchemy
3
https://github.com/certifi/python-certifi
3
https://github.com/pygments/pygments
3
https://github.com/jpadilla/pyjwt
3
https://github.com/moinwiki/moin-1.9
3
https://github.com/Gerapy/Gerapy
3
https://github.com/rochacbruno/quokka
3
https://github.com/paramiko/paramiko
3
https://github.com/djblets/djblets
3
https://github.com/mpdavis/python-jose
3
https://github.com/theupdateframework/tuf
3
https://github.com/stephenmcd/mezzanine
3
https://github.com/micropython/micropython
3
https://github.com/aws/sagemaker-python-sdk
3
https://github.com/skops-dev/skops
3
https://github.com/github/securitylab
3
https://github.com/pyca/pyopenssl
3
https://github.com/openstack/ironic
3
https://github.com/litestar-org/litestar
3
https://github.com/invoke-ai/InvokeAI
3
https://github.com/gventuri/pandas-ai
3
https://github.com/ankitects/anki
3
https://github.com/geyang/ml-logger
3
https://github.com/yaml/pyyaml
3
https://github.com/IdentityPython/pysaml2
3
https://github.com/benoitc/gunicorn
3
https://github.com/andialbrecht/sqlparse
3
https://github.com/khoj-ai/khoj
3
https://github.com/dlitz/pycrypto
3
https://github.com/zopefoundation/AccessControl
3
https://github.com/ansible/ansible-runner
3
https://github.com/aws/aws-sam-cli
3
https://github.com/simonw/datasette
3
https://github.com/GeoNode/geonode
3
https://github.com/jupyterhub/jupyter-server-proxy
3
https://sourceforge.net/projects/roject
3