pypi
742,056 packages · pypi.org
Security Advisories in pypi
Moderate
6 months ago
Mobile Security Framework (MobSF) Allows Web Server Resource Exhaustion via ZIP of Death Attack
pypi
mobsf
Critical
6 months ago
Browser Use allows bypassing `allowed_domains` by putting a decoy domain in http auth username portion of a URL
pypi
browser-use
Moderate
6 months ago
Mobile Security Framework (MobSF) Allows Stored Cross Site Scripting (XSS) via malicious SVG Icon Upload
pypi
mobsf
Moderate
6 months ago
phi4mm: Quadratic Time Complexity in Input Token Processing leads to denial of service
pypi
vllm
Moderate
6 months ago
Transformers Regular Expression Denial of Service (ReDoS) vulnerability
pypi
transformers
Low
6 months ago
markdownify allows large headline prefixes such as <h9999999>, which causes memory consumption
pypi
markdownify
Moderate
6 months ago
LLaMA-Factory Allows Arbitrary Code Execution via Unsafe Deserialization in Ilamafy_baichuan2.py
pypi
llamafactory
Critical
6 months ago
CVE-2025-24357 Malicious model remote code execution fix bypass with PyTorch < 2.6.0
pypi
vllm
Moderate
6 months ago
OctoPrint Authenticated Reverse Proxy Page Authentication Bypass
pypi
octoprint
High
6 months ago
youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization
pypi
youtube-dl
Critical
6 months ago
PyTorch: `torch.load` with `weights_only=True` leads to remote code execution
pypi
torch
High
6 months ago
Whoogle allows attackers to execute arbitrary code via supplying a crafted search query
pypi
whoogle-search
Low
6 months ago
VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext
pypi
weblate
Critical
6 months ago
TigerVNC accessible via the network and not just via a UNIX socket as intended
pypi
jupyter-remote-desktop-proxy
Moderate
7 months ago
xgrammar Vulnerable to Denial of Service (DoS) by abusing unbounded cache in memory
pypi
xgrammar
Critical
7 months ago
BentoML's runner server Vulnerable to Remote Code Execution (RCE) via Insecure Deserialization
pypi
bentoml
Moderate
7 months ago
Picklescan missing detection when calling built-in python library function timeit.timeit()
pypi
picklescan
Moderate
7 months ago
Picklescan failed to detect to some unsafe global function in Numpy library
pypi
picklescan
High
7 months ago
Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate
pypi
picklescan
Critical
7 months ago
LNbits Lightning Network Payment System Vulnerable to Server-Side Request Forgery via LNURL Authentication Callback
pypi
lnbits
High
7 months ago
Apache Airflow Common SQL Provider Vulnerable to SQL Injection
pypi
apache-airflow-providers-common-sql
Critical
7 months ago
BentoML Allows Remote Code Execution (RCE) via Insecure Deserialization
pypi
bentoml
High
7 months ago
jupyterlab-git has a command injection vulnerability in "Open Git Repository in Terminal"
pypi
jupyterlab-git
Critical
7 months ago
pgAdmin 4 Vulnerable to Cross-Site Scripting (XSS) via Query Result Rendering
pypi
pgadmin4
Moderate
7 months ago
AWS SAM CLI Path Traversal allows file copy to build container
pypi
aws-sam-cli
Moderate
7 months ago
Mobile Security Framework (MobSF) has a SSRF Vulnerability fix bypass on assetlinks_check with DNS Rebinding
pypi
mobsf
High
7 months ago
Synapse vulnerable to federation denial of service via malformed events
pypi
matrix-synapse
Low
7 months ago
Django TomSelect incomplete escaping of dangerous characters in widget attributes
pypi
django-tomselect
Moderate
7 months ago
Frappe has possibility of SQL injection due to improper validations
pypi
frappe
High
7 months ago
Frappe vulnerable to information disclosure leading to account takeover
pypi
frappe
Moderate
7 months ago
Frappe has Possibility of Remote Code Execution due to improper validation
pypi
frappe
Moderate
7 months ago
Frappe has possibility of SQL injection due to improper validations
pypi
frappe
Moderate
7 months ago
SageMaker Workflow component allows possibility of MD5 hash collisions
pypi
sagemaker
High
7 months ago
Open WebUI Unauthenticated Multipart Boundary Denial of Service (DoS) Vulnerability
pypi, npm
open-webui
Critical
7 months ago
vLLM allows Remote Code Execution by Pickle Deserialization via AsyncEngineRPCServer() RPC server entrypoints
pypi
vllm
Critical
7 months ago
vLLM deserialization vulnerability in vllm.distributed.GroupCoordinator.recv_object
pypi
vllm
High
7 months ago
Quivr unauthenticated Denial of Service (DoS) via Multipart Boundary
pypi
quivr-core
High
7 months ago
LiteLLM Vulnerable to Denial of Service (DoS) via Crafted HTTP Request
pypi
litellm
Moderate
7 months ago
composio allows Server-Side Request Forgery (SSRF) in BROWSERTOOL
pypi
composio-core
High
7 months ago
AgentScope arbitrary file download vulnerability in rpc_agent_client
pypi
agentscope
High
7 months ago
Aim allows denial of service due to no timeouts for some tracking server endpoints
pypi
aim
High
7 months ago
Open WebUI lacks authentication for the `api/v1/utils/pdf` endpoint
pypi
open-webui
High
7 months ago
H2O Vulnerable to Denial of Service (DoS) via `HEAD` Request
maven, pypi
ai.h2o:h2o-core, h2o
High
7 months ago
Open WebUI denial of service through endpoint for converting markdown
pypi
open-webui
High
7 months ago
Open WebUI allows Remote Code Execution via Arbitrary File Upload to /audio/api/v1/transcriptions
pypi
open-webui
High
7 months ago
H2O Vulnerable to Denial of Service (DoS) via `/3/ImportFiles` Endpoint
maven, pypi
ai.h2o:h2o-core, h2o
Moderate
7 months ago
Open WebUI Has Improper Access Control Leading to Arbitrary Prompt Read
pypi
open-webui
High
7 months ago
Open WebUI Unauthenticated Multipart Boundary Denial of Service (DoS) Vulnerability in api/chat/file
pypi
open-webui
Filter by Severity
Filter by Package
tensorflow
430
tensorflow-cpu
401
tensorflow-gpu
393
Django
106
apache-airflow
86
Plone
70
salt
65
ansible
63
apache-superset
61
mlflow
53
nova
48
vyper
44
gradio
44
matrix-synapse
43
rdiffweb
42
picklescan
39
moin
35
keystone
32
opencv-python
31
opencv-contrib-python
30
django
29
Pillow
28
plone
28
pillow
28
vllm
28
open-webui
25
pyload-ng
24
glance
21
aim
20
ethyca-fides
20
neutron
19
transformers
19
cobbler
18
langchain
18
mercurial
18
mindsdb
18
cryptography
17
calibreweb
17
notebook
17
OctoPrint
17
paddlepaddle
16
lollms
16
PaddlePaddle
16
aiohttp
15
h2o
15
urllib3
14
modoboa
14
zenml
14
mobsf
14
pyftpdlib
14
litellm
14
vantage6
14
roundup
13
wagtail
12
sentry
12
swift
12
twisted
12
nautobot
12
pgadmin4
12
onionshare-cli
11
label-studio
11
waitress
11
horizon
11
ai.h2o:h2o-core
11
pyspark
10
Flask-AppBuilder
10
opencv-python-headless
10
trytond
10
agentscope
9
python-keystoneclient
9
opencv-contrib-python-headless
9
cinder
9
ryu
9
ckan
9
zope
9
kiwitcms
9
lief
9
llama-index
9
tornado
8
aubio
8
bentoml
8
dbgpt
8
Zope
8
pip
8
trac
8
copyparty
8
numpy
8
changedetection.io
8
llama-index-core
8
indico
8
ipython
8
jupyter-server
7
executorch
7
codechecker
7
matrix-sydent
7
keras
7
web2py
7
inventree
7
requests
7
scrapy
7
pysaml2
7
apache-airflow-providers-apache-hive
6
yt-dlp
6
mailman
6
torchserve
6
graphite-web
6
mage-ai
6
Mezzanine
6
Jinja2
6
snowflake-connector-python
6
tuf
6
lxml
6
OpenEXR
6
langflow
6
torch
6
ansible-core
6
dtale
6
Moin
6
whoogle-search
6
omero-web
6
grpc
5
keylime
5
onnx
5
pretix
5
ray
5
fschat
5
lmdb
5
saleor
5
mayan-edms
5
mitmproxy
5
grpcio
5
nltk
5
jupyterlab
5
jupyterhub
5
bleach
5
Weblate
5
oauthenticator
5
ait-core
5
feedparser
5
python-gnupg
5
composio-core
5
Werkzeug
5
homeassistant
5
werkzeug
5
esphome
5
langchain-experimental
5
langchain-community
5
django-helpdesk
4
apache-iotdb
4
authlib
4
tripleo-heat-templates
4
GitPython
4
buildbot
4
llamafactory
4
frappe
4
indy-node
4
markdown2
4
Flask-Security-Too
4
clearml
4
flask
4
bottle
4
pandasai
4
xml2rfc
4
reportlab
4
Scrapy
4
skops
4
Radicale
4
jinja2
4
weblate
4
barbican
4
PyPDF2
4
Nova
4
setuptools
4
software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
4
MaterialX
4
pytorch-lightning
4
python-ldap
4
starlette
4
FreeTAKServer-UI
4
paramiko
4
aws-iot-device-sdk-v2
4
streamlit
4
litestar
4
Zope2
4
awsiotsdk
4
InvokeAI
4
pywasm3
4
koji
4
RestrictedPython
4
flask-cors
4
dbt-core
4
qutebrowser
4
httpie
4
jwcrypto
4
Pygments
4
flask-appbuilder
4
nvflare
4
plone.app.theming
3
ms-swift
3
wasm3
3
Filter by Repository
https://github.com/tensorflow/tensorflow
433
https://github.com/django/django
119
https://github.com/apache/airflow
104
https://github.com/ansible/ansible
59
https://github.com/python-pillow/Pillow
52
https://github.com/vyperlang/vyper
44
https://github.com/ikus060/rdiffweb
42
https://github.com/saltstack/salt
42
https://github.com/mmaitre314/picklescan
39
https://github.com/gradio-app/gradio
39
https://github.com/openstack/nova
38
https://github.com/plone/Products.CMFPlone
37
https://github.com/mlflow/mlflow
35
https://github.com/matrix-org/synapse
32
https://github.com/opencv/opencv
32
https://github.com/PaddlePaddle/Paddle
31
https://github.com/openstack/keystone
28
https://github.com/vllm-project/vllm
25
https://github.com/langchain-ai/langchain
25
https://github.com/run-llama/llama_index
24
https://github.com/pyload/pyload
24
https://github.com/ethyca/fides
20
https://github.com/huggingface/transformers
19
https://github.com/vantage6/vantage6
17
https://github.com/mindsdb/mindsdb
17
https://github.com/pyca/cryptography
16
https://github.com/MobSF/Mobile-Security-Framework-MobSF
15
https://github.com/aio-libs/aiohttp
15
https://github.com/cobbler/cobbler
15
https://github.com/janeczku/calibre-web
14
https://github.com/urllib3/urllib3
14
https://github.com/pgadmin-org/pgadmin4
14
https://github.com/dpgaspar/Flask-AppBuilder
14
https://github.com/twisted/twisted
14
https://github.com/apache/superset
14
https://github.com/modoboa/modoboa
13
https://github.com/zenml-io/zenml
13
https://github.com/h2oai/h2o-3
13
https://github.com/nautobot/nautobot
12
https://github.com/openstack/glance
12
https://github.com/wagtail/wagtail
12
https://github.com/getsentry/sentry
12
https://github.com/OctoPrint/OctoPrint
12
https://github.com/Pylons/waitress
11
https://github.com/onionshare/onionshare
11
https://github.com/scrapy/scrapy
11
https://github.com/parisneo/lollms
11
https://github.com/jupyter/notebook
10
https://github.com/HumanSignal/label-studio
10
https://github.com/giampaolo/pyftpdlib
9
https://github.com/BerriAI/litellm
9
https://github.com/lief-project/LIEF
9
https://github.com/aimhubio/aim
9
https://github.com/element-hq/synapse
9
https://github.com/WeblateOrg/weblate
9
https://github.com/faucetsdn/ryu
9
https://github.com/openstack/horizon
9
https://github.com/zopefoundation/Zope
9
https://github.com/open-webui/open-webui
9
https://github.com/octoprint/octoprint
8
https://github.com/kiwitcms/Kiwi
8
https://github.com/openstack/neutron
8
https://github.com/9001/copyparty
8
https://github.com/dgtlmoon/changedetection.io
8
https://github.com/ipython/ipython
8
https://github.com/ckan/ckan
8
https://github.com/numpy/numpy
8
https://github.com/tornadoweb/tornado
8
https://github.com/pallets/werkzeug
8
https://sourceforge.net/projects/sourceforge.net
7
https://github.com/jupyter-server/jupyter_server
7
https://github.com/keras-team/keras
7
https://github.com/pallets/jinja
7
https://github.com/indico/indico
7
https://github.com/openstack/cinder
7
https://github.com/pypa/pip
7
https://github.com/aubio/aubio
7
https://github.com/openstack/swift
7
https://github.com/Ericsson/codechecker
7
https://github.com/pytorch/pytorch
7
https://github.com/pytorch/executorch
7
https://github.com/yt-dlp/yt-dlp
6
https://github.com/modelscope/agentscope
6
https://github.com/lxml/lxml
6
https://github.com/man-group/dtale
6
https://github.com/psf/requests
6
https://github.com/matrix-org/sydent
6
https://github.com/graphite-project/graphite-web
6
https://github.com/keylime/keylime
6
https://github.com/jupyterlab/jupyterlab
6
https://github.com/roundup-tracker/roundup
6
https://github.com/benbusby/whoogle-search
6
https://github.com/snowflakedb/snowflake-connector-python
6
https://github.com/corydolphin/flask-cors
6
https://github.com/onnx/onnx
5
https://github.com/tryton/trytond
5
https://github.com/hwchase17/langchain
5
https://github.com/ComposioHQ/composio
5
https://github.com/home-assistant/core
5
https://github.com/mitmproxy/mitmproxy
5
https://github.com/esphome/esphome
5
https://github.com/TeamSeri0us/pocs
5
https://github.com/py-pdf/pypdf
5
https://github.com/mozilla/bleach
5
https://github.com/bentoml/BentoML
5
https://github.com/ome/omero-web
5
https://github.com/Exiv2/exiv2
5
https://github.com/inventree/InvenTree
5
https://github.com/ray-project/ray
5
https://github.com/gitpython-developers/GitPython
5
https://github.com/jupyterhub/oauthenticator
5
https://github.com/encode/starlette
5
https://github.com/pytorch/serve
5
https://github.com/python-ldap/python-ldap
4
https://github.com/hyperledger/indy-node
4
https://github.com/aws/aws-iot-device-sdk-java-v2
4
https://github.com/mlc-ai/xgrammar
4
https://github.com/pretix/pretix
4
https://github.com/wasm3/wasm3
4
https://github.com/django-helpdesk/django-helpdesk
4
https://github.com/NVIDIA/NVFlare
4
https://github.com/web2py/web2py
4
https://github.com/hiyouga/LLaMA-Factory
4
https://github.com/zopefoundation/RestrictedPython
4
https://github.com/ronf/asyncssh
4
https://github.com/ietf-tools/xml2rfc
4
https://github.com/jhpyle/docassemble
4
https://github.com/Kozea/Radicale
4
https://github.com/frappe/frappe
4
https://github.com/saleor/saleor
4
https://github.com/litestar-org/litestar
4
https://github.com/pallets/flask
4
https://github.com/streamlit/streamlit
4
https://github.com/dbt-labs/dbt-core
4
https://github.com/FreeTAKTeam/UI
4
https://github.com/eosphoros-ai/DB-GPT
4
https://github.com/qutebrowser/qutebrowser
4
https://github.com/jupyterhub/jupyterhub
4
https://github.com/bottlepy/bottle
4
https://github.com/AcademySoftwareFoundation/MaterialX
4
https://github.com/nltk/nltk
4
https://github.com/Cog-Creators/Red-DiscordBot
4
https://github.com/grpc/grpc
4
https://github.com/berriai/litellm
4
https://github.com/pypa/setuptools
4
https://github.com/langflow-ai/langflow
4
https://github.com/latchset/jwcrypto
4
https://github.com/rohe/pysaml2
4
https://github.com/AcademySoftwareFoundation/openexr
4
https://github.com/aws/sagemaker-python-sdk
3
https://github.com/aws/aws-sam-cli
3
https://github.com/furlongm/openvpn-monitor
3
https://github.com/micropython/micropython
3
https://github.com/Kludex/python-multipart
3
https://github.com/djblets/djblets
3
https://github.com/mpdavis/python-jose
3
https://github.com/dlitz/pycrypto
3
https://github.com/moinwiki/moin-1.9
3
https://github.com/lepture/mistune
3
https://github.com/pyca/pyopenssl
3
https://github.com/sosreport/sos
3
https://github.com/skops-dev/skops
3
https://github.com/eventlet/eventlet
3
https://github.com/Flask-Middleware/flask-security
3
https://github.com/openstack/octavia
3
https://github.com/langroid/langroid
3
https://github.com/impredicative/bitlyshortener
3
https://github.com/IdentityPython/pysaml2
3
https://github.com/openstack/ironic
3
https://github.com/pyinstaller/pyinstaller
3
https://github.com/ankitects/anki
3
https://github.com/jpadilla/pyjwt
3
https://github.com/poezio/slixmpp
3
https://github.com/blacklanternsecurity/bbot
3
https://github.com/adamghill/django-unicorn
3
https://github.com/benoitc/gunicorn
3
https://github.com/theupdateframework/python-tuf
3
https://github.com/stephenmcd/mezzanine
3
https://github.com/certifi/python-certifi
3
https://github.com/pygments/pygments
3
https://github.com/zopefoundation/AccessControl
3
https://github.com/jupyterhub/jupyter-server-proxy
3
https://github.com/ansible/ansible-runner
3
https://github.com/httplib2/httplib2
3
https://github.com/pypa/advisory-db
3
https://github.com/python/cpython
3
https://sourceforge.net/projects/roject
3
https://github.com/Project-MONAI/MONAI
3
https://github.com/geyang/ml-logger
3
https://github.com/beancount/fava
3
https://github.com/NASA-AMMOS/AIT-Core
3
https://github.com/theupdateframework/tuf
3
https://github.com/zauberzeug/nicegui
3
https://github.com/simonw/datasette
3
https://github.com/authlib/authlib
3
https://github.com/openstack/python-keystoneclient
3
https://github.com/rochacbruno/quokka
3
https://github.com/gventuri/pandas-ai
3
https://github.com/DavidOsipov/PostQuantum-Feldman-VSS
3