pypi
756,334 packages · pypi.org
Moderate Security Advisories in pypi Clear Filters
Moderate
8 months ago
composio allows Server-Side Request Forgery (SSRF) in BROWSERTOOL
pypi
composio-core
Moderate
8 months ago
Open WebUI Has Improper Access Control Leading to Arbitrary Prompt Read
pypi
open-webui
Moderate
8 months ago
TorchServe script references S3 bucket without ensuring ownership or confirming accessibility
pypi
torchserve
Moderate
8 months ago
Open WebUI Vulnerable to Cross-Site Scripting (XSS) via Chat File Upload
pypi
open-webui
Moderate
8 months ago
Flask-CORS vulnerable to Improper Handling of Case Sensitivity
pypi
flask-cors
Moderate
8 months ago
Open WebUI Allows Arbitrary File Write via the `/models/upload` Endpoint
pypi
open-webui
Moderate
8 months ago
H2O Vulnerable to Execution of Arbitrary Files
maven, pypi
ai.h2o:h2o-core, h2o
Moderate
8 months ago
Open WebUI Allows Arbitrary File Write via the `download_model` Endpoint
pypi
open-webui
Moderate
8 months ago
Aim vulnerable to Synchronous Access of Remote Resource without Timeout
pypi
aim
Moderate
8 months ago
Transformers Regular Expression Denial of Service (ReDoS) vulnerability
pypi
transformers
Moderate
8 months ago
langchain-core allows unauthorized users to read arbitrary files from the host file system
pypi
langchain-core
Moderate
8 months ago
Apache Airflow MySQL Provider is Vulnerable to SQL Injection
pypi
apache-airflow-providers-mysql
Moderate
9 months ago
Post-Quantum Secure Feldman's Verifiable Secret Sharing has Inadequate Fault Injection Countermeasures in `secure_redundant_execution`
pypi
PostQuantum-Feldman-VSS
Moderate
9 months ago
Post-Quantum Secure Feldman's Verifiable Secret Sharing has Timing Side-Channels in Matrix Operations
pypi
PostQuantum-Feldman-VSS
Moderate
9 months ago
Azure PromptFlow remote code execution related to Jinja templates
pypi
promptflow-core, promptflow-tools
Moderate
9 months ago
Django vulnerable to Allocation of Resources Without Limits or Throttling
pypi
Django
Moderate
9 months ago
Jinja2 vulnerable to sandbox breakout through attr filter selecting format method
pypi
Jinja2
Moderate
9 months ago
Picklescan Allows Remote Code Execution via Malicious Pickle File Bypassing Static Analysis
pypi
picklescan
Moderate
9 months ago
PyTorch Model Files Can Bypass Pickle Scanners via Unexpected Pickle Extensions
pypi
picklescan
Moderate
9 months ago
CodeChecker open redirect when URL contains multiple slashes after the product name
pypi
codechecker
Moderate
9 months ago
Keylime registrar is vulnerable to Denial-of-Service attack when updated to version 7.12.0
pypi
keylime
Moderate
9 months ago
Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint
pypi
label-studio
Moderate
10 months ago
snowflake-connector-python vulnerable to insecure deserialization of the OCSP response cache
pypi
snowflake-connector-python
Moderate
10 months ago
snowflake-connector-python vulnerable to insecure cache files permissions
pypi
snowflake-connector-python
Moderate
10 months ago
Django has a potential denial-of-service vulnerability in IPv6 validation
pypi
Django
Moderate
11 months ago
Composio Command Execution vulnerability
pypi
composio-julep, composio-openai, composio-claude
Moderate
11 months ago
khoj has an IDOR in subscription management allows unauthorized subscription modifications
pypi
khoj
Moderate
11 months ago
Jinja has a sandbox breakout through indirect reference to format method
pypi
jinja2
Moderate
12 months ago
D-Tale allows Remote Code Execution through the Custom Filter Input
pypi
dtale
Moderate
12 months ago
Apache Superset: Error verbosity exposes metadata in analytics databases
pypi
apache-superset
Moderate
12 months ago
Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality
pypi
mobsf
Moderate
12 months ago
Synapse Matrix has a partial room state leak via Sliding Sync
pypi
matrix-synapse
Moderate
12 months ago
Synapse's unauthenticated writes to the media repository allow planting of problematic content
pypi
matrix-synapse
Moderate
12 months ago
Python package "zhmcclient" stores passwords in clear text in its HMC and API logs
pypi
zhmcclient
Moderate
12 months ago
check-jsonschema default caching for remote schemas allows for cache confusion
pypi
check-jsonschema
Moderate
about 1 year ago
OpenStack Neutron can use an incorrect ID during policy enforcement
pypi
neutron
Moderate
about 1 year ago
Sentry improper error handling leaks Application Integration Client Secret
pypi
sentry
Moderate
about 1 year ago
django CMS Attributes Field Cross-site Scripting
pypi
djangocms-attributes-field
Moderate
about 1 year ago
Django Filer Unrestricted Upload of File with Dangerous Type
pypi
django-filer
Moderate
about 1 year ago
aiohttp allows request smuggling due to incorrect parsing of chunk extensions
pypi
aiohttp
Moderate
about 1 year ago
aiohttp has a memory leak when middleware is enabled when requesting a resource with a non-allowed method
pypi
aiohttp
Moderate
about 1 year ago
Generation of Error Message Containing Sensitive Information in janeczku/calibre-web
pypi
calibreweb
Moderate
about 1 year ago
wasm3 uncontrolled memory allocation vulnerability
cargo, pypi, swift
wasm3, pywasm3, github.com/shareup/wasm-interpreter-apple
Moderate
about 1 year ago
Gradio vulnerable to arbitrary file read with File and UploadButton components
pypi
gradio
Moderate
about 1 year ago
OctoPrint has API key access in settings without reauthentication
pypi
OctoPrint
Moderate
about 1 year ago
Access control vulnerable to user data deletion by anonynmous users
pypi
AccessControl
Moderate
about 1 year ago
MPXJ has a Potential Path Traversal Vulnerability
nuget, pypi, rubygems, maven
MPXJ.Net, net.sf.mpxj-for-vb, net.sf.mpxj-for-csharp, net.sf.mpxj, mpxj, net.sf.mpxj:mpxj
Moderate
about 1 year ago
Werkzeug possible resource exhaustion when parsing file data in forms
pypi
werkzeug
Moderate
about 1 year ago
The Snowflake Connector for Python stores sensitive data in logs
pypi
snowflake-connector-python
Moderate
about 1 year ago
Exiv2 has a denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder
pypi
exiv2
Moderate
about 1 year ago
Exiv2 has an out-of-bounds read in QuickTimeVideo::NikonTagsDecoder
pypi
exiv2
Moderate
about 1 year ago
OpenCanary Executes Commands From Potentially Writable Config File
pypi
OpenCanary
Filter by Severity
Filter by Package
tensorflow
200
tensorflow-cpu
188
tensorflow-gpu
181
apache-airflow
47
apache-superset
45
Django
39
picklescan
34
plone
29
nova
29
moin
27
ansible
26
Plone
23
gradio
20
matrix-synapse
20
django
20
salt
17
rdiffweb
16
vyper
15
glance
14
keystone
13
transformers
12
vllm
12
roundup
12
aiohttp
10
OctoPrint
10
PaddlePaddle
10
notebook
10
calibreweb
9
pyftpdlib
9
horizon
9
urllib3
9
open-webui
9
onionshare-cli
8
opencv-contrib-python
8
pyload-ng
8
opencv-python
8
ckan
8
neutron
8
mlflow
8
modoboa
8
zenml
7
twisted
7
mobsf
7
swift
6
indico
6
wagtail
6
Mezzanine
6
lxml
6
requests
6
Flask-AppBuilder
6
cinder
6
vantage6
6
aim
6
pypdf
6
pgadmin4
6
cryptography
5
mage-ai
5
trytond
5
mayan-edms
5
mindsdb
5
trac
5
ethyca-fides
5
copyparty
5
web2py
5
Pillow
5
jupyter-server
5
cobbler
5
paddlepaddle
4
matrix-sydent
4
lief
4
composio-core
4
dtale
4
PyPDF2
4
mailman
4
omero-web
4
OpenEXR
4
sentry
4
snowflake-connector-python
4
jwcrypto
4
ansible-core
4
pip
4
Scrapy
4
tornado
4
waitress
4
pillow
4
zope
4
python-ldap
4
flask-cors
4
label-studio
4
Products.CMFPlone
4
codechecker
4
lollms
4
jinja2
4
streamlit
3
ajenti
3
tuf
3
opencv-contrib-python-headless
3
changedetection.io
3
FreeTAKServer-UI
3
wasmtime
3
eventlet
3
inventree
3
frappe
3
micropython-io
3
saleor
3
AccessControl
3
flask-appbuilder
3
micropython-copy
3
markdown2
3
nautobot
3
bleach
3
litellm
3
Moin
3
Jinja2
3
wasmtime
3
werkzeug
3
aws-sam-cli
3
datasette
3
mercurial
3
scrapy
3
buildbot
3
ipython
3
opencv-python-headless
3
fava
3
numpy
3
barbican
3
feedparser
3
graphite-web
3
whoogle-search
3
Keystone
3
pysaml2
3
scancodeio
2
langflow
2
django-cms
2
khoj
2
httpie
2
MaterialX
2
PostQuantum-Feldman-VSS
2
pymongo
2
llama-index
2
lmdeploy
2
weblate
2
SOAPpy
2
pretix
2
exiv2
2
openzeppelin-cairo-contracts
2
torchserve
2
bbot
2
mistune
2
in-toto
2
kiwitcms
2
ml-logger
2
dompurify
2
keras
2
Roundup
2
python-apt
2
yt-dlp
2
asyncssh
2
mlx
2
tripleo-heat-templates
2
Zope2
2
wagtail-2fa
2
eth-abi
2
archivy
2
Red-DiscordBot
2
sosreport
2
langchain-core
2
ms-swift
2
xgrammar
2
zope2
2
social-auth-app-django
2
ubi-reader
2
parlai
2
ujson
2
html5lib
2
langchain-community
2
invenio-communities
2
Products.PluggableAuthService
2
jupyterlab
2
pypickle
2
homeassistant
2
signxml
2
tripleo-ansible
2
uv
2
clearml
2
CherryMusic
2
aiosmtpd
2
h2o
2
libosdp
2
fastapi-admin
2
django-unicorn
2
ipsilon
2
llama-index-core
2
python-keystoneclient
2
keylime
2
fastmcp
2
jupyterhub
2
ansible-runner
2
Werkzeug
2
python-cjson
2
Filter by Repository
https://github.com/tensorflow/tensorflow
200
https://github.com/django/django
50
https://github.com/apache/airflow
44
https://github.com/mmaitre314/picklescan
34
https://github.com/ansible/ansible
26
https://github.com/plone/Products.CMFPlone
20
https://github.com/openstack/nova
18
https://github.com/matrix-org/synapse
16
https://github.com/ikus060/rdiffweb
16
https://github.com/gradio-app/gradio
16
https://github.com/vyperlang/vyper
15
https://github.com/PaddlePaddle/Paddle
14
https://github.com/saltstack/salt
14
https://github.com/huggingface/transformers
12
https://github.com/openstack/keystone
11
https://github.com/aio-libs/aiohttp
10
https://github.com/vllm-project/vllm
10
https://github.com/dpgaspar/Flask-AppBuilder
9
https://github.com/OctoPrint/OctoPrint
9
https://github.com/urllib3/urllib3
9
https://github.com/ckan/ckan
8
https://github.com/pyload/pyload
8
https://github.com/apache/superset
8
https://github.com/onionshare/onionshare
8
https://github.com/modoboa/modoboa
8
https://github.com/openstack/glance
8
https://github.com/python-pillow/Pillow
7
https://github.com/zenml-io/zenml
7
https://github.com/py-pdf/pypdf
7
https://github.com/janeczku/calibre-web
7
https://github.com/opencv/opencv
7
https://github.com/openstack/horizon
7
https://github.com/jupyter/notebook
7
https://github.com/scrapy/scrapy
7
https://github.com/MobSF/Mobile-Security-Framework-MobSF
7
https://github.com/lxml/lxml
6
https://github.com/psf/requests
6
https://github.com/run-llama/llama_index
6
https://github.com/roundup-tracker/roundup
6
https://github.com/wagtail/wagtail
6
https://github.com/pallets/jinja
6
https://github.com/giampaolo/pyftpdlib
6
https://github.com/vantage6/vantage6
6
https://github.com/twisted/twisted
6
https://github.com/9001/copyparty
5
https://github.com/langchain-ai/langchain
5
https://github.com/mlflow/mlflow
5
https://github.com/ethyca/fides
5
https://github.com/pgadmin-org/pgadmin4
5
https://github.com/indico/indico
5
https://github.com/pallets/werkzeug
4
https://github.com/matrix-org/sydent
4
https://github.com/Pylons/waitress
4
https://github.com/HumanSignal/label-studio
4
https://github.com/man-group/dtale
4
https://github.com/getsentry/sentry
4
https://github.com/snowflakedb/snowflake-connector-python
4
https://github.com/corydolphin/flask-cors
4
https://github.com/python-ldap/python-ldap
4
https://github.com/pyca/cryptography
4
https://github.com/jupyter-server/jupyter_server
4
https://github.com/pypa/pip
4
https://github.com/tornadoweb/tornado
4
https://github.com/openstack/cinder
4
https://github.com/cobbler/cobbler
4
https://github.com/ComposioHQ/composio
4
https://github.com/latchset/jwcrypto
4
https://github.com/Ericsson/codechecker
4
https://github.com/lief-project/LIEF
4
https://github.com/element-hq/synapse
4
https://github.com/dgtlmoon/changedetection.io
3
https://github.com/ome/omero-web
3
https://github.com/saleor/saleor
3
https://github.com/stephenmcd/mezzanine
3
https://github.com/streamlit/streamlit
3
https://github.com/AcademySoftwareFoundation/openexr
3
https://github.com/FreeTAKTeam/UI
3
https://github.com/jupyterlab/jupyterlab
3
https://github.com/frappe/frappe
3
https://github.com/simonw/datasette
3
https://github.com/mindsdb/mindsdb
3
https://github.com/octoprint/octoprint
3
https://github.com/aimhubio/aim
3
https://gitlab.com/mayan-edms/mayan-edms
3
https://github.com/graphite-project/graphite-web
3
https://github.com/micropython/micropython
3
https://github.com/zopefoundation/AccessControl
3
https://github.com/BerriAI/litellm
3
https://github.com/Cog-Creators/Red-DiscordBot
3
https://github.com/aws/aws-sam-cli
3
https://github.com/khoj-ai/khoj
3
https://github.com/WeblateOrg/weblate
3
https://github.com/Exiv2/exiv2
3
https://sourceforge.net/projects/sourceforge.net
3
https://github.com/benbusby/whoogle-search
3
https://github.com/ipython/ipython
3
https://github.com/bytecodealliance/wasmtime
3
https://github.com/nautobot/nautobot
3
https://github.com/numpy/numpy
3
https://github.com/openstack/swift
3
https://github.com/eventlet/eventlet
3
https://github.com/mlc-ai/xgrammar
3
https://github.com/beancount/fava
3
https://github.com/mozilla/bleach
3
https://github.com/ietf-tools/xml2rfc
2
https://github.com/web2py/web2py
2
https://github.com/wasm3/wasm3
2
https://github.com/geyang/ml-logger
2
https://github.com/faucetsdn/ryu
2
https://github.com/encode/starlette
2
https://github.com/ansible/ansible-runner
2
https://github.com/zopefoundation/Zope
2
https://github.com/ethereum/eth-abi
2
https://github.com/sosreport/sos
2
https://github.com/adamghill/django-unicorn
2
https://github.com/archivy/archivy
2
https://github.com/OpenZeppelin/cairo-contracts
2
https://github.com/modelscope/ms-swift
2
https://github.com/saghul/pycares
2
https://github.com/facebookresearch/ParlAI
2
https://github.com/moinwiki/moin-1.9
2
https://github.com/openstack/neutron
2
https://github.com/djblets/djblets
2
https://github.com/python-social-auth/social-app-django
2
https://github.com/yt-dlp/yt-dlp
2
https://github.com/html5lib/html5lib-python
2
https://github.com/dagster-io/dagster
2
https://github.com/tryton/trytond
2
https://github.com/pretix/pretix
2
https://github.com/mongodb/mongo-python-driver
2
https://github.com/open-webui/open-webui
2
https://github.com/XML-Security/signxml
2
https://github.com/keylime/keylime
2
https://github.com/httplib2/httplib2
2
https://github.com/jupyterhub/jupyterhub
2
https://github.com/trentm/python-markdown2
2
https://github.com/plone/Products.ATContentTypes
2
https://github.com/aio-libs/aiosmtpd
2
https://github.com/blacklanternsecurity/bbot
2
https://github.com/erdogant/pypickle
2
https://github.com/httpie/httpie
2
https://github.com/devsnd/cherrymusic
2
https://github.com/jlowin/fastmcp
2
https://github.com/bbangert/beaker
2
https://github.com/jhpyle/docassemble
2
https://github.com/astral-sh/uv
2
https://github.com/DavidOsipov/PostQuantum-Feldman-VSS
2
https://github.com/SiCKRAGE/SiCKRAGE
2
https://github.com/labd/wagtail-2fa
2
https://github.com/ronf/asyncssh
2
https://github.com/lepture/mistune
2
https://github.com/fastapi-admin/fastapi-admin
2
https://github.com/inventree/InvenTree
2
https://github.com/keras-team/keras
2
https://github.com/home-assistant/core
2
https://github.com/theupdateframework/tuf
2
https://github.com/InternLM/lmdeploy
2
https://github.com/parisneo/lollms
2
https://github.com/inveniosoftware/invenio-communities
2
https://github.com/goToMain/libosdp
2
https://github.com/nexB/scancode.io
2
https://github.com/jrspruitt/ubi_reader
2
https://github.com/IdentityPython/pysaml2
2
https://github.com/AcademySoftwareFoundation/MaterialX
2
https://github.com/cure53/DOMPurify
2
https://github.com/aws/aws-encryption-sdk-python
1
https://github.com/crossbario/autobahn-python
1
https://github.com/redis/redis-py
1
https://github.com/python-hyper/h2
1
https://github.com/ansible/ansible-modules-core
1
https://github.com/inventree/inventree
1
https://github.com/zopefoundation/Products.GenericSetup
1
https://github.com/zhmcclient/python-zhmcclient
1
https://github.com/aws/sagemaker-training-toolkit
1
https://github.com/modelscope/agentscope
1
https://github.com/mozilla/PollBot
1
https://github.com/Unstructured-IO/unstructured
1
https://github.com/contentful/the-example-app.py
1
https://github.com/Netflix/security_monkey
1
https://github.com/python-jsonschema/check-jsonschema
1
https://github.com/0x72303074/CVE-Disclosures
1
https://github.com/jupyter/jupyter_server
1
https://github.com/nitely/spirit
1
https://github.com/sqlfluff/sqlfluff
1
https://github.com/CybercentreCanada/assemblyline
1
https://github.com/bayuncao/vul-cve-20
1
https://github.com/sehmaschine/django-grappelli
1
https://github.com/Flask-Middleware/flask-security
1
https://github.com/huggingface/smolagents
1
https://github.com/openexr/openexr
1
https://github.com/collective/collective.task
1
https://github.com/shenhav12/CVE-2024-25169-Mezzanine-v6.0.0
1
https://github.com/openstack/python-openstackclient
1
https://github.com/opsmill/infrahub
1
https://github.com/aquynh/capstone
1
https://github.com/calix2/pyVulApp
1
https://github.com/cyface/django-termsandconditions
1
https://github.com/nonebot/nonebot2
1
https://github.com/themanojdesai/python-a2a
1