pypi
734,614 packages · pypi.org
Security Advisories in pypi
Moderate
7 months ago
Aim vulnerable to Synchronous Access of Remote Resource without Timeout
pypi
aim
High
7 months ago
LlamaIndex Improper Handling of Exceptional Conditions vulnerability
pypi
llama_index
Critical
7 months ago
LlamaIndex Retrievers Integration: DuckDBRetriever SQL Injection
pypi
llama-index-retrievers-duckdb-retriever
Moderate
7 months ago
langchain-core allows unauthorized users to read arbitrary files from the host file system
pypi
langchain-core
Critical
7 months ago
DB-GPT is vulnerable to SQL Injection attacks from unauthenticated users
pypi
dbgpt
High
7 months ago
InvokeAI has Denial of Service (DoS) vulnerability in `/api/v1/images/upload`
pypi
InvokeAI
Critical
7 months ago
DB-GPT Absolute Path Traversal in knowledge/{space_name}/document/upload
pypi
dbgpt
High
7 months ago
H2O Vulnerable to Denial of Service (DoS) and File Write
maven, pypi
ai.h2o:h2o-ext-xgboost, h2o
Critical
7 months ago
H2O Deserialization of Untrusted Data Vulnerability
maven, pypi
ai.h2o:h2o-core, h2o
High
7 months ago
H2O Vulnerable to Denial of Service (DoS) via `/3/Parse` Endpoint
maven, pypi
ai.h2o:h2o-core, h2o
High
7 months ago
H2O Vulnerable to Denial of Service (DoS) via `/3/ParseSetup` Endpoint
maven, pypi
ai.h2o:h2o-core, h2o
Moderate
7 months ago
Apache Airflow MySQL Provider is Vulnerable to SQL Injection
pypi
apache-airflow-providers-mysql
High
7 months ago
PostQuantum-Feldman-VSS'S Dependency Vulnerability in gmpy2 Leading to Interpreter Crash
pypi
PostQuantum-Feldman-VSS
Critical
7 months ago
Qiskit allows arbitrary code execution decoding QPY format versions < 13
pypi
qiskit, qiskit-terra
Moderate
7 months ago
Post-Quantum Secure Feldman's Verifiable Secret Sharing has Inadequate Fault Injection Countermeasures in `secure_redundant_execution`
pypi
PostQuantum-Feldman-VSS
Moderate
7 months ago
Post-Quantum Secure Feldman's Verifiable Secret Sharing has Timing Side-Channels in Matrix Operations
pypi
PostQuantum-Feldman-VSS
Moderate
7 months ago
Azure PromptFlow remote code execution related to Jinja templates
pypi
promptflow-tools
Moderate
7 months ago
Django vulnerable to Allocation of Resources Without Limits or Throttling
pypi
Django
Moderate
7 months ago
Jinja2 vulnerable to sandbox breakout through attr filter selecting format method
pypi
Jinja2
High
7 months ago
dmlc/dgl Vulnerable to Remote Code Execution by Pickle Deserialization via rpc.recv_request()
pypi
dgl
Moderate
7 months ago
Picklescan Allows Remote Code Execution via Malicious Pickle File Bypassing Static Analysis
pypi
picklescan
Moderate
7 months ago
PyTorch Model Files Can Bypass Pickle Scanners via Unexpected Pickle Extensions
pypi
picklescan
Moderate
7 months ago
CodeChecker open redirect when URL contains multiple slashes after the product name
pypi
codechecker
High
7 months ago
Spotipy's cache file, containing spotify auth token, is created with overly broad permissions
pypi
spotipy
Low
7 months ago
copyparty renders unsanitized filenames as HTML when user uploads empty files
pypi
copyparty
Critical
7 months ago
LTI JupyterHub Authenticator does not properly validate JWT Signature
pypi
jupyterhub-ltiauthenticator
High
7 months ago
Malciously crafted QPY files can allows Remote Attackers to Cause Denial of Service in Qiskit
pypi
qiskit-terra, qiskit
High
8 months ago
Home Assistant does not correctly validate SSL for outgoing requests in core and used libs
pypi
homeassistant
Moderate
8 months ago
Keylime registrar is vulnerable to Denial-of-Service attack when updated to version 7.12.0
pypi
keylime
High
8 months ago
Label Studio allows Server-Side Request Forgery in the S3 Storage Endpoint
pypi
label-studio
Moderate
8 months ago
Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint
pypi
label-studio
High
8 months ago
Label Studio has a Path Traversal Vulnerability via image Field
pypi
label-studio-sdk
Critical
8 months ago
PandasAI interactive prompt function Remote Code Execution (RCE)
pypi
pandasai
Low
8 months ago
vLLM uses Python 3.12 built-in hash() which leads to predictable hash collisions in prefix cache
pypi
vllm
High
8 months ago
CKAN has an XSS vector in user uploaded images in group/org and user profiles
pypi
ckan
Critical
8 months ago
Django-Unicorn Class Pollution Vulnerability, Leading to XSS, DoS and Authentication Bypass
pypi
django-unicorn
High
8 months ago
snowflake-connector-python vulnerable to SQL Injection in write_pandas
pypi
snowflake-connector-python
Moderate
8 months ago
snowflake-connector-python vulnerable to insecure deserialization of the OCSP response cache
pypi
snowflake-connector-python
Moderate
8 months ago
snowflake-connector-python vulnerable to insecure cache files permissions
pypi
snowflake-connector-python
High
8 months ago
ASTEVAL Allows Maliciously Crafted Format Strings to Lead to Sandbox Escape
pypi
asteval
High
8 months ago
ASTEVAL Allows Malicious Tampering of Exposed AST Nodes Leads to Sandbox Escape
pypi
asteval
High
8 months ago
try/except* clauses could allow bypass RestrictedPython via type confusion bug in the CPython interpreter
pypi
RestrictedPython
High
8 months ago
sniff_csv provides filesystem access even when enable_external_access is disabled in duckdb
pypi
duckdb
High
9 months ago
nbgrader's `frame-ancestors: self` grants all users access to formgrader
pypi
nbgrader
Critical
9 months ago
Sentry's improper authentication on SAML SSO process allows user impersonation
pypi
sentry
Moderate
9 months ago
Django has a potential denial-of-service vulnerability in IPv6 validation
pypi
Django
Filter by Severity
Filter by Package
tensorflow
433
tensorflow-cpu
408
tensorflow-gpu
400
Django
89
apache-airflow
86
salt
65
ansible
63
apache-superset
61
Plone
54
mlflow
53
nova
48
django
46
gradio
44
vyper
44
rdiffweb
42
matrix-synapse
42
plone
41
picklescan
39
moin
35
opencv-python
31
opencv-contrib-python
31
keystone
31
Pillow
28
pillow
28
vllm
25
open-webui
25
pyload-ng
23
glance
21
ethyca-fides
20
aim
20
langchain
19
transformers
19
neutron
19
cobbler
18
mindsdb
18
mercurial
18
calibreweb
17
notebook
17
cryptography
17
OctoPrint
17
paddlepaddle
16
lollms
16
PaddlePaddle
16
h2o
15
aiohttp
15
vantage6
14
litellm
14
mobsf
14
modoboa
14
urllib3
14
pyftpdlib
14
roundup
13
zenml
13
twisted
12
pgadmin4
12
nautobot
12
wagtail
12
sentry
12
swift
12
onionshare-cli
11
label-studio
11
waitress
11
horizon
11
opencv-python-headless
10
ai.h2o:h2o-core
10
Flask-AppBuilder
10
trytond
10
opencv-contrib-python-headless
9
zope
9
cinder
9
ckan
9
ryu
9
agentscope
9
lief
9
kiwitcms
9
aubio
8
pip
8
copyparty
8
numpy
8
llama-index-core
8
llama-index
8
indico
8
tornado
8
Zope2
8
python-keystoneclient
8
dbgpt
8
bentoml
8
ipython
8
changedetection.io
8
Zope
8
trac
8
inventree
7
codechecker
7
jupyter-server
7
matrix-sydent
7
scrapy
7
web2py
7
executorch
7
requests
7
pysaml2
7
snowflake-connector-python
6
apache-airflow-providers-apache-hive
6
ansible-core
6
mage-ai
6
torch
6
yt-dlp
6
Moin
6
mailman
6
Jinja2
6
torchserve
6
lxml
6
tuf
6
Mezzanine
6
OpenEXR
6
keras
6
whoogle-search
6
graphite-web
6
dtale
6
langflow
6
werkzeug
5
grpcio
5
Products.CMFPlone
5
saleor
5
esphome
5
keylime
5
ait-core
5
fschat
5
composio-core
5
Werkzeug
5
onnx
5
grpc
5
omero-web
5
nltk
5
langchain-community
5
mayan-edms
5
feedparser
5
bleach
5
ray
5
lmdb
5
Weblate
5
oauthenticator
5
mitmproxy
5
jupyterlab
5
jupyterhub
5
langchain-experimental
5
python-gnupg
5
pretix
5
GitPython
4
Keystone
4
setuptools
4
xml2rfc
4
flask-appbuilder
4
FreeTAKServer-UI
4
httpie
4
jwcrypto
4
django-helpdesk
4
software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
4
PyPDF2
4
indy-node
4
aws-iot-device-sdk-v2
4
frappe
4
RestrictedPython
4
pywasm3
4
homeassistant
4
jinja2
4
InvokeAI
4
nvflare
4
skops
4
weblate
4
flask-cors
4
qutebrowser
4
streamlit
4
koji
4
Pygments
4
tripleo-heat-templates
4
pandasai
4
paramiko
4
barbican
4
buildbot
4
reportlab
4
bottle
4
Radicale
4
markdown2
4
dbt-core
4
awsiotsdk
4
pytorch-lightning
4
starlette
4
flask
4
Scrapy
4
Nova
4
MaterialX
4
Flask-Security-Too
4
openstack-heat
3
gunicorn
3
langroid
3
anki
3
jupyter-server-proxy
3
slixmpp
3
ajenti
3
monai
3
Filter by Repository
https://github.com/tensorflow/tensorflow
433
https://github.com/django/django
119
https://github.com/apache/airflow
104
https://github.com/ansible/ansible
59
https://github.com/python-pillow/Pillow
52
https://github.com/vyperlang/vyper
44
https://github.com/saltstack/salt
42
https://github.com/ikus060/rdiffweb
42
https://github.com/mmaitre314/picklescan
39
https://github.com/openstack/nova
38
https://github.com/gradio-app/gradio
38
https://github.com/plone/Products.CMFPlone
37
https://github.com/mlflow/mlflow
35
https://github.com/opencv/opencv
32
https://github.com/matrix-org/synapse
32
https://github.com/PaddlePaddle/Paddle
31
https://github.com/openstack/keystone
28
https://github.com/langchain-ai/langchain
24
https://github.com/run-llama/llama_index
23
https://github.com/pyload/pyload
23
https://github.com/vllm-project/vllm
22
https://github.com/ethyca/fides
20
https://github.com/huggingface/transformers
19
https://github.com/vantage6/vantage6
17
https://github.com/mindsdb/mindsdb
17
https://github.com/pyca/cryptography
16
https://github.com/aio-libs/aiohttp
15
https://github.com/cobbler/cobbler
15
https://github.com/MobSF/Mobile-Security-Framework-MobSF
15
https://github.com/janeczku/calibre-web
14
https://github.com/pgadmin-org/pgadmin4
14
https://github.com/apache/superset
14
https://github.com/urllib3/urllib3
14
https://github.com/dpgaspar/Flask-AppBuilder
14
https://github.com/twisted/twisted
14
https://github.com/modoboa/modoboa
13
https://github.com/wagtail/wagtail
12
https://github.com/getsentry/sentry
12
https://github.com/openstack/glance
12
https://github.com/nautobot/nautobot
12
https://github.com/zenml-io/zenml
12
https://github.com/h2oai/h2o-3
12
https://github.com/OctoPrint/OctoPrint
12
https://github.com/parisneo/lollms
11
https://github.com/onionshare/onionshare
11
https://github.com/scrapy/scrapy
11
https://github.com/Pylons/waitress
11
https://github.com/HumanSignal/label-studio
10
https://github.com/jupyter/notebook
10
https://github.com/faucetsdn/ryu
9
https://github.com/BerriAI/litellm
9
https://github.com/lief-project/LIEF
9
https://github.com/openstack/horizon
9
https://github.com/aimhubio/aim
9
https://github.com/open-webui/open-webui
9
https://github.com/giampaolo/pyftpdlib
9
https://github.com/zopefoundation/Zope
9
https://github.com/WeblateOrg/weblate
9
https://github.com/openstack/neutron
8
https://github.com/element-hq/synapse
8
https://github.com/9001/copyparty
8
https://github.com/numpy/numpy
8
https://github.com/tornadoweb/tornado
8
https://github.com/dgtlmoon/changedetection.io
8
https://github.com/ckan/ckan
8
https://github.com/ipython/ipython
8
https://github.com/kiwitcms/Kiwi
8
https://github.com/pallets/werkzeug
8
https://github.com/octoprint/octoprint
8
https://github.com/pytorch/executorch
7
https://github.com/aubio/aubio
7
https://github.com/openstack/cinder
7
https://github.com/Ericsson/codechecker
7
https://github.com/indico/indico
7
https://github.com/pypa/pip
7
https://github.com/jupyter-server/jupyter_server
7
https://sourceforge.net/projects/sourceforge.net
7
https://github.com/openstack/swift
7
https://github.com/pytorch/pytorch
7
https://github.com/pallets/jinja
7
https://github.com/keylime/keylime
6
https://github.com/graphite-project/graphite-web
6
https://github.com/yt-dlp/yt-dlp
6
https://github.com/corydolphin/flask-cors
6
https://github.com/roundup-tracker/roundup
6
https://github.com/matrix-org/sydent
6
https://github.com/jupyterlab/jupyterlab
6
https://github.com/keras-team/keras
6
https://github.com/lxml/lxml
6
https://github.com/psf/requests
6
https://github.com/modelscope/agentscope
6
https://github.com/man-group/dtale
6
https://github.com/benbusby/whoogle-search
6
https://github.com/snowflakedb/snowflake-connector-python
6
https://github.com/onnx/onnx
5
https://github.com/jupyterhub/oauthenticator
5
https://github.com/mozilla/bleach
5
https://github.com/gitpython-developers/GitPython
5
https://github.com/ome/omero-web
5
https://github.com/hwchase17/langchain
5
https://github.com/tryton/trytond
5
https://github.com/ComposioHQ/composio
5
https://github.com/encode/starlette
5
https://github.com/py-pdf/pypdf
5
https://github.com/TeamSeri0us/pocs
5
https://github.com/pytorch/serve
5
https://github.com/bentoml/BentoML
5
https://github.com/esphome/esphome
5
https://github.com/ray-project/ray
5
https://github.com/Exiv2/exiv2
5
https://github.com/mitmproxy/mitmproxy
5
https://github.com/inventree/InvenTree
5
https://github.com/jhpyle/docassemble
4
https://github.com/NVIDIA/NVFlare
4
https://github.com/langflow-ai/langflow
4
https://github.com/streamlit/streamlit
4
https://github.com/qutebrowser/qutebrowser
4
https://github.com/pretix/pretix
4
https://github.com/ietf-tools/xml2rfc
4
https://github.com/nltk/nltk
4
https://github.com/pallets/flask
4
https://github.com/wasm3/wasm3
4
https://github.com/Cog-Creators/Red-DiscordBot
4
https://github.com/frappe/frappe
4
https://github.com/hyperledger/indy-node
4
https://github.com/jupyterhub/jupyterhub
4
https://github.com/django-helpdesk/django-helpdesk
4
https://github.com/home-assistant/core
4
https://github.com/web2py/web2py
4
https://github.com/AcademySoftwareFoundation/openexr
4
https://github.com/Kozea/Radicale
4
https://github.com/dbt-labs/dbt-core
4
https://github.com/zopefoundation/RestrictedPython
4
https://github.com/bottlepy/bottle
4
https://github.com/pypa/setuptools
4
https://github.com/ronf/asyncssh
4
https://github.com/eosphoros-ai/DB-GPT
4
https://github.com/grpc/grpc
4
https://github.com/AcademySoftwareFoundation/MaterialX
4
https://github.com/saleor/saleor
4
https://github.com/latchset/jwcrypto
4
https://github.com/rohe/pysaml2
4
https://github.com/berriai/litellm
4
https://github.com/mlc-ai/xgrammar
4
https://github.com/FreeTAKTeam/UI
4
https://github.com/aws/aws-iot-device-sdk-java-v2
4
https://github.com/poezio/slixmpp
3
https://github.com/modelscope/ms-swift
3
https://github.com/beancount/fava
3
https://github.com/eventlet/eventlet
3
https://github.com/langroid/langroid
3
https://github.com/lepture/mistune
3
https://github.com/Flask-Middleware/flask-security
3
https://github.com/sosreport/sos
3
https://gitlab.com/mayan-edms/mayan-edms
3
https://github.com/Project-MONAI/MONAI
3
https://github.com/openstack/octavia
3
https://github.com/impredicative/bitlyshortener
3
https://github.com/pyinstaller/pyinstaller
3
https://github.com/trentm/python-markdown2
3
https://github.com/adamghill/django-unicorn
3
https://github.com/python/cpython
3
https://github.com/NASA-AMMOS/AIT-Core
3
https://github.com/sqlalchemy/sqlalchemy
3
https://github.com/certifi/python-certifi
3
https://github.com/pygments/pygments
3
https://github.com/jpadilla/pyjwt
3
https://github.com/moinwiki/moin-1.9
3
https://github.com/Gerapy/Gerapy
3
https://github.com/rochacbruno/quokka
3
https://github.com/paramiko/paramiko
3
https://github.com/djblets/djblets
3
https://github.com/mpdavis/python-jose
3
https://github.com/theupdateframework/tuf
3
https://github.com/stephenmcd/mezzanine
3
https://github.com/micropython/micropython
3
https://github.com/aws/sagemaker-python-sdk
3
https://github.com/skops-dev/skops
3
https://github.com/github/securitylab
3
https://github.com/pyca/pyopenssl
3
https://github.com/openstack/ironic
3
https://github.com/litestar-org/litestar
3
https://github.com/invoke-ai/InvokeAI
3
https://github.com/gventuri/pandas-ai
3
https://github.com/ankitects/anki
3
https://github.com/geyang/ml-logger
3
https://github.com/yaml/pyyaml
3
https://github.com/IdentityPython/pysaml2
3
https://github.com/benoitc/gunicorn
3
https://github.com/andialbrecht/sqlparse
3
https://github.com/khoj-ai/khoj
3
https://github.com/dlitz/pycrypto
3
https://github.com/zopefoundation/AccessControl
3
https://github.com/ansible/ansible-runner
3
https://github.com/aws/aws-sam-cli
3
https://github.com/simonw/datasette
3
https://github.com/GeoNode/geonode
3
https://github.com/jupyterhub/jupyter-server-proxy
3
https://sourceforge.net/projects/roject
3