pypi
754,222 packages · pypi.org
Security Advisories in pypi
Moderate
3 months ago
TinyScientist has Path Traversal Vulnerability in PDF Review Function (CWE-22)
pypi
tiny-scientist
Moderate
3 months ago
ExecuTorch integer overflow vulnerability leads to code execution
pypi
executorch
Moderate
4 months ago
Hugging Face Transformers Regular Expression Denial of Service (ReDoS) vulnerability
pypi
transformers
Critical
4 months ago
pyLoad CNL Blueprint allows Path Traversal through `dlc_path` which leads to Remote Code Execution (RCE)
pypi
pyload-ng
High
4 months ago
copyparty allows Regex Denial of Service (ReDoS) in the upload listing
pypi
copyparty
Moderate
4 months ago
MaterialX Lack of MTLX Import Depth Limit Leads to DoS (Denial-Of-Service) Via Stack Exhaustion
pypi
MaterialX
Moderate
4 months ago
MaterialX Stack Overflow via Lack of MTLX XML Parsing Recursion Limit
pypi
MaterialX
Critical
4 months ago
num2words subjected to phishing attack, two versions published containing malware
pypi
num2words
Moderate
4 months ago
OpenEXR ScanLineProcess::run_fill NULL Pointer Write In "reduceMemory" Mode
pypi
OpenEXR
Moderate
4 months ago
OpenEXR Out of Bounds Heap Read due to Bad Pointer Arithmetic in LossyDctDecoder_execute
pypi
OpenEXR
High
4 months ago
OpenEXR Heap-Based Buffer Overflow in Deep Scanline Parsing via Forged Unpacked Size
pypi
OpenEXR
Low
4 months ago
MaterialX Null Pointer Dereference in MaterialXCore Shader Generation due to Unchecked implGraphOutput
pypi
MaterialX
Low
4 months ago
MaterialX Null Pointer Dereference in getShaderNodes due to Unchecked nodeGraph->getOutput return
pypi
MaterialX
Moderate
4 months ago
Pyload log Injection via API /json/add_package in add_name parameter
pypi
pyload-ng
Moderate
4 months ago
copyparty has DOM-Based XSS vulnerability when displaying multimedia metadata
pypi
copyparty
Critical
4 months ago
smolagents has Sandbox Escape Vulnerability in the local_python_executor.py Module
pypi
smolagents
High
4 months ago
Skops has Inconsistent Trusted Type Validation that Enables Hidden `operator` Methods Execution
pypi
skops
Moderate
4 months ago
Assemblyline 4 service client vulnerable to Arbitrary Write through path traversal in Client code
pypi
assemblyline-service-client
Moderate
4 months ago
Calibre Web and Autocaliweb have OS Command Injection vulnerability
pypi
calibreweb
High
4 months ago
`pyLoad` has Path Traversal Vulnerability in `json/upload` Endpoint that allows Arbitrary File Write
pypi
pyload-ng
Moderate
4 months ago
Starlette has possible denial-of-service vector when parsing large files in multipart forms
pypi
starlette
Low
4 months ago
AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections
pypi
aiohttp
Moderate
4 months ago
py-libp2p is vulnerable to DoS attacks through use of large RSA keys
pypi
libp2p
Moderate
4 months ago
Roundup is vulnerable to XSS through interactions between URLs and issue tracker templates
pypi
roundup
High
4 months ago
ExecuTorch vulnerable to Heap-based Buffer Overflow attack
swift, maven, pypi
executorch, org.pytorch:executorch-android
Moderate
4 months ago
Transformers is vulnerable to ReDoS attack through its DonutProcessor class
pypi
transformers
Moderate
4 months ago
LlamaIndex vulnerable to data loss through hash collisions in its DocugamiReader class
pypi
llama-index-readers-docugami, llama-index
High
4 months ago
pyLoad is vulnerable to attacks that bypass localhost restrictions, enabling the creation of arbitrary packages
pypi
pyload-ng
Moderate
5 months ago
fastapi-guard is vulnerable to ReDoS through inefficient regex
pypi
fastapi-guard
Moderate
5 months ago
Dagster vulnerable to Path Traversal attack through its /logs endpoint
pypi
dagster
High
5 months ago
LlamaIndex vulnerable to Path Traversal attack through its encode_image function
pypi
llama-index-core
Moderate
5 months ago
LlamaIndex vulnerability in its ObsidianReader class can lead to Path Traversal exploit
pypi
llama-index-readers-obsidian
Moderate
5 months ago
LlamaIndex vulnerable to DoS attack through uncontrolled recursive JSON parsing
pypi
llama-index-core
High
5 months ago
Lord of Large Language Models vulnerable to Observable Discrepancy attack via authenticate_user function
pypi
lollms
Moderate
5 months ago
Transformers vulnerable to ReDoS attack through its get_imports() function
pypi
transformers
High
5 months ago
LlamaIndex has an XML Entity Expansion vulnerability in its sitemap parser
pypi
llama-index-readers-papers
Moderate
5 months ago
LlamaIndex vulnerability in ArxivReader class can cause MD5 hash collisions
pypi
llama-index-readers-papers
High
5 months ago
LlamaIndex is vulnerable to Path Traversal attack through its ObsidianReader class
pypi
llama-index-readers-obsidian
Moderate
5 months ago
Transformers vulnerable to ReDoS attack through its SETTING_RE variable
pypi
transformers
Moderate
5 months ago
Transformers's ReDoS vulnerability in get_configuration_file can lead to catastrophic backtracking
pypi
transformers
Low
5 months ago
Transformers's Improper Input Validation vulnerability can be exploited through username injection
pypi
transformers
Moderate
5 months ago
LlamaIndex has Incomplete Documentation of Program Execution related to JsonPickleSerializer component
pypi
llama-index-core
High
5 months ago
MCP Python SDK vulnerability in the FastMCP Server causes validation error, leading to DoS
pypi
mcp
High
5 months ago
MCP Python SDK has Unhandled Exception in Streamable HTTP Transport, Leading to Denial of Service
pypi
mcp
Moderate
5 months ago
HKUDS LightRAG allows Path Traversal via function upload_to_input_dir
pypi
lightrag-hku
High
5 months ago
MobSF vulnerability allows SSRF due to the allow_redirects=True parameter
pypi
mobsf
High
5 months ago
LLaMA-Factory allows Code Injection through improper vhead_file safeguards
pypi
llamafactory
Critical
5 months ago
Apache Airflow Providers Snowflake package allows for Special Element Injection via CopyFromExternalStageToSnowflakeOperator
pypi
apache-airflow-providers-snowflake
High
5 months ago
LangChain Community SSRF vulnerability exists in RequestsToolkit component
pypi
langchain-community
Low
5 months ago
pyspur Incomplete Filtering of Special Elements allowed by SingleLLMCallNode function
pypi
pyspur
Critical
5 months ago
rfc3161-client has insufficient verification for timestamp response signatures
pypi
rfc3161-client
Low
5 months ago
Upsonic is vulnerable to Path Traversal attack through its os.path.join function
pypi
upsonic
Low
5 months ago
Upsonic has vulnerability in Pickle Handler component that can lead to deserialization
pypi
upsonic
Moderate
5 months ago
urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation
pypi
urllib3
Moderate
5 months ago
Mezzanine CMS has a Stored Cross-Site Scripting (XSS) vulnerability in the displayable_links_js function
pypi
Mezzanine
Moderate
5 months ago
python-a2a has a path traversal in the create_workflow function
pypi
python-a2a
Moderate
5 months ago
Salt's worker process vulnerable to denial of service through file read operation
pypi
salt
Critical
5 months ago
Salt vulnerable to directory traversal attack in file receiving method
pypi
salt
Moderate
5 months ago
Salt's on demand pillar functionality vulnerable to arbitrary command injections
pypi
salt
Filter by Severity
Filter by Package
tensorflow
433
tensorflow-cpu
409
tensorflow-gpu
394
Django
89
apache-airflow
89
salt
65
ansible
64
apache-superset
61
mlflow
55
Plone
54
django
48
nova
48
gradio
44
vyper
44
matrix-synapse
43
rdiffweb
42
plone
41
picklescan
39
moin
35
keystone
32
opencv-python
31
opencv-contrib-python
30
vllm
28
Pillow
28
pillow
28
open-webui
27
pyload-ng
24
glance
21
ethyca-fides
20
aim
20
neutron
19
langchain
19
transformers
19
mindsdb
18
cobbler
18
mercurial
18
calibreweb
17
notebook
17
OctoPrint
17
cryptography
17
PaddlePaddle
16
paddlepaddle
16
pgadmin4
16
lollms
16
h2o
15
aiohttp
15
pyftpdlib
14
mobsf
14
urllib3
14
modoboa
14
zenml
14
vantage6
14
litellm
14
roundup
13
nautobot
12
twisted
12
sentry
12
swift
12
wagtail
12
waitress
11
ckan
11
ai.h2o:h2o-core
11
onionshare-cli
11
label-studio
11
horizon
11
opencv-python-headless
10
Flask-AppBuilder
10
trytond
10
agentscope
9
kiwitcms
9
zope
9
changedetection.io
9
ryu
9
cinder
9
llama-index
9
keras
9
opencv-contrib-python-headless
9
lief
9
bentoml
8
trac
8
ipython
8
tornado
8
llama-index-core
8
copyparty
8
pip
8
python-keystoneclient
8
Zope
8
numpy
8
aubio
8
Zope2
8
dbgpt
8
indico
8
requests
7
scrapy
7
executorch
7
pysaml2
7
web2py
7
matrix-sydent
7
inventree
7
codechecker
7
jupyter-server
7
tuf
6
mailman
6
ansible-core
6
whoogle-search
6
apache-airflow-providers-apache-hive
6
lxml
6
dtale
6
OpenEXR
6
Moin
6
snowflake-connector-python
6
torch
6
langflow
6
mage-ai
6
yt-dlp
6
torchserve
6
graphite-web
6
Mezzanine
6
Jinja2
6
homeassistant
5
lmdb
5
esphome
5
Werkzeug
5
pretix
5
saleor
5
langchain-experimental
5
grpc
5
keylime
5
python-gnupg
5
mitmproxy
5
nltk
5
ait-core
5
fschat
5
composio-core
5
bleach
5
Weblate
5
oauthenticator
5
jupyterlab
5
pypdf
5
grpcio
5
onnx
5
ray
5
jupyterhub
5
weblate
5
Products.CMFPlone
5
langchain-community
5
feedparser
5
mayan-edms
5
werkzeug
5
starlette
5
open-webui
5
omero-web
5
setuptools
4
pandasai
4
flask-appbuilder
4
Nova
4
tripleo-heat-templates
4
Pygments
4
koji
4
streamlit
4
pytorch-lightning
4
jinja2
4
aws-iot-device-sdk-v2
4
indy-node
4
GitPython
4
awsiotsdk
4
authlib
4
jwcrypto
4
dbt-core
4
InvokeAI
4
nvflare
4
Keystone
4
bbot
4
Radicale
4
clearml
4
python-ldap
4
bottle
4
reportlab
4
datasette
4
RestrictedPython
4
motioneye
4
qutebrowser
4
httpie
4
litestar
4
PyPDF2
4
software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
4
pyspark
4
FreeTAKServer-UI
4
llamafactory
4
buildbot
4
octoprint
4
flask
4
Scrapy
4
MaterialX
4
Flask-Security-Too
4
markdown2
4
barbican
4
pywasm3
4
flask-cors
4
frappe
4
Filter by Repository
https://github.com/tensorflow/tensorflow
433
https://github.com/django/django
121
https://github.com/apache/airflow
105
https://github.com/ansible/ansible
59
https://github.com/python-pillow/Pillow
52
https://github.com/vyperlang/vyper
44
https://github.com/saltstack/salt
42
https://github.com/ikus060/rdiffweb
42
https://github.com/mmaitre314/picklescan
39
https://github.com/gradio-app/gradio
39
https://github.com/openstack/nova
38
https://github.com/plone/Products.CMFPlone
37
https://github.com/mlflow/mlflow
36
https://github.com/opencv/opencv
32
https://github.com/matrix-org/synapse
32
https://github.com/PaddlePaddle/Paddle
31
https://github.com/openstack/keystone
28
https://github.com/vllm-project/vllm
25
https://github.com/langchain-ai/langchain
25
https://github.com/run-llama/llama_index
24
https://github.com/pyload/pyload
24
https://github.com/ethyca/fides
20
https://github.com/huggingface/transformers
19
https://github.com/vantage6/vantage6
17
https://github.com/mindsdb/mindsdb
17
https://github.com/pyca/cryptography
16
https://github.com/MobSF/Mobile-Security-Framework-MobSF
15
https://github.com/aio-libs/aiohttp
15
https://github.com/cobbler/cobbler
15
https://github.com/apache/superset
14
https://github.com/urllib3/urllib3
14
https://github.com/pgadmin-org/pgadmin4
14
https://github.com/dpgaspar/Flask-AppBuilder
14
https://github.com/twisted/twisted
14
https://github.com/janeczku/calibre-web
14
https://github.com/zenml-io/zenml
13
https://github.com/modoboa/modoboa
13
https://github.com/h2oai/h2o-3
13
https://github.com/OctoPrint/OctoPrint
13
https://github.com/nautobot/nautobot
12
https://github.com/openstack/glance
12
https://github.com/getsentry/sentry
12
https://github.com/wagtail/wagtail
12
https://github.com/parisneo/lollms
11
https://github.com/open-webui/open-webui
11
https://github.com/Pylons/waitress
11
https://github.com/onionshare/onionshare
11
https://github.com/scrapy/scrapy
11
https://github.com/HumanSignal/label-studio
10
https://github.com/ckan/ckan
10
https://github.com/WeblateOrg/weblate
10
https://github.com/jupyter/notebook
10
https://github.com/lief-project/LIEF
9
https://github.com/element-hq/synapse
9
https://github.com/keras-team/keras
9
https://github.com/BerriAI/litellm
9
https://github.com/giampaolo/pyftpdlib
9
https://github.com/zopefoundation/Zope
9
https://github.com/openstack/horizon
9
https://github.com/faucetsdn/ryu
9
https://github.com/aimhubio/aim
9
https://github.com/ipython/ipython
8
https://github.com/tornadoweb/tornado
8
https://github.com/pallets/werkzeug
8
https://github.com/numpy/numpy
8
https://github.com/octoprint/octoprint
8
https://github.com/9001/copyparty
8
https://github.com/openstack/neutron
8
https://github.com/kiwitcms/Kiwi
8
https://github.com/dgtlmoon/changedetection.io
8
https://github.com/jupyter-server/jupyter_server
7
https://github.com/indico/indico
7
https://github.com/py-pdf/pypdf
7
https://github.com/pypa/pip
7
https://github.com/pytorch/executorch
7
https://github.com/aubio/aubio
7
https://github.com/Ericsson/codechecker
7
https://sourceforge.net/projects/sourceforge.net
7
https://github.com/openstack/cinder
7
https://github.com/openstack/swift
7
https://github.com/pallets/jinja
7
https://github.com/pytorch/pytorch
7
https://github.com/lxml/lxml
6
https://github.com/modelscope/agentscope
6
https://github.com/yt-dlp/yt-dlp
6
https://github.com/jupyterlab/jupyterlab
6
https://github.com/man-group/dtale
6
https://github.com/graphite-project/graphite-web
6
https://github.com/psf/requests
6
https://github.com/roundup-tracker/roundup
6
https://github.com/keylime/keylime
6
https://github.com/corydolphin/flask-cors
6
https://github.com/benbusby/whoogle-search
6
https://github.com/snowflakedb/snowflake-connector-python
6
https://github.com/matrix-org/sydent
6
https://github.com/mozilla/bleach
5
https://github.com/esphome/esphome
5
https://github.com/home-assistant/core
5
https://github.com/mitmproxy/mitmproxy
5
https://github.com/bentoml/BentoML
5
https://github.com/tryton/trytond
5
https://github.com/ome/omero-web
5
https://github.com/hwchase17/langchain
5
https://github.com/gitpython-developers/GitPython
5
https://github.com/ComposioHQ/composio
5
https://github.com/pytorch/serve
5
https://github.com/encode/starlette
5
https://github.com/TeamSeri0us/pocs
5
https://github.com/jupyterhub/oauthenticator
5
https://github.com/onnx/onnx
5
https://github.com/Exiv2/exiv2
5
https://github.com/ray-project/ray
5
https://github.com/inventree/InvenTree
5
https://github.com/AcademySoftwareFoundation/openexr
4
https://github.com/latchset/jwcrypto
4
https://github.com/pretix/pretix
4
https://github.com/hyperledger/indy-node
4
https://github.com/Cog-Creators/Red-DiscordBot
4
https://github.com/jhpyle/docassemble
4
https://github.com/aws/aws-iot-device-sdk-java-v2
4
https://github.com/berriai/litellm
4
https://github.com/nltk/nltk
4
https://github.com/mlc-ai/xgrammar
4
https://github.com/NVIDIA/NVFlare
4
https://github.com/ietf-tools/xml2rfc
4
https://github.com/litestar-org/litestar
4
https://github.com/langflow-ai/langflow
4
https://github.com/hiyouga/LLaMA-Factory
4
https://github.com/eosphoros-ai/DB-GPT
4
https://github.com/wasm3/wasm3
4
https://github.com/grpc/grpc
4
https://github.com/qutebrowser/qutebrowser
4
https://github.com/blacklanternsecurity/bbot
4
https://github.com/frappe/frappe
4
https://github.com/AcademySoftwareFoundation/MaterialX
4
https://github.com/FreeTAKTeam/UI
4
https://github.com/django-helpdesk/django-helpdesk
4
https://github.com/python-ldap/python-ldap
4
https://github.com/rohe/pysaml2
4
https://github.com/bottlepy/bottle
4
https://github.com/zopefoundation/RestrictedPython
4
https://github.com/Kozea/Radicale
4
https://github.com/pypa/setuptools
4
https://github.com/simonw/datasette
4
https://github.com/streamlit/streamlit
4
https://github.com/web2py/web2py
4
https://github.com/ronf/asyncssh
4
https://github.com/dbt-labs/dbt-core
4
https://github.com/jupyterhub/jupyterhub
4
https://github.com/pallets/flask
4
https://github.com/saleor/saleor
4
https://github.com/aws/sagemaker-python-sdk
3
https://github.com/astral-sh/uv
3
https://github.com/langroid/langroid
3
https://github.com/langchain-ai/langgraph
3
https://github.com/jpadilla/pyjwt
3
https://github.com/eventlet/eventlet
3
https://github.com/moinwiki/moin-1.9
3
https://github.com/lepture/mistune
3
https://github.com/pygments/pygments
3
https://github.com/certifi/python-certifi
3
https://github.com/adamghill/django-unicorn
3
https://github.com/Flask-Middleware/flask-security
3
https://github.com/IdentityPython/pysaml2
3
https://github.com/pyinstaller/pyinstaller
3
https://github.com/modelscope/ms-swift
3
https://github.com/paramiko/paramiko
3
https://github.com/aws/aws-sam-cli
3
https://github.com/pyca/pyopenssl
3
https://github.com/openstack/octavia
3
https://github.com/openstack/ironic
3
https://github.com/ankitects/anki
3
https://github.com/theupdateframework/python-tuf
3
https://github.com/benoitc/gunicorn
3
https://github.com/andialbrecht/sqlparse
3
https://github.com/khoj-ai/khoj
3
https://github.com/Project-MONAI/MONAI
3
https://github.com/ansible/ansible-runner
3
https://github.com/NASA-AMMOS/AIT-Core
3
https://github.com/bytecodealliance/wasmtime
3
https://github.com/stephenmcd/mezzanine
3
https://github.com/impredicative/bitlyshortener
3
https://github.com/poezio/slixmpp
3
https://github.com/dlitz/pycrypto
3
https://github.com/chatchat-space/Langchain-Chatchat
3
https://github.com/geyang/ml-logger
3
https://github.com/python/cpython
3
https://github.com/gventuri/pandas-ai
3
https://github.com/sqlalchemy/sqlalchemy
3
https://github.com/skops-dev/skops
3
https://github.com/micropython/micropython
3
https://github.com/theupdateframework/tuf
3
https://github.com/zauberzeug/nicegui
3
https://github.com/jlowin/fastmcp
3
https://github.com/sosreport/sos
3
https://github.com/beancount/fava
3
https://github.com/rochacbruno/quokka
3
https://github.com/Gerapy/Gerapy
3
https://github.com/openstack/python-keystoneclient
3