pypi
755,850 packages · pypi.org
Moderate Security Advisories in pypi Clear Filters
Moderate
over 1 year ago
path traversal vulnerability was identified in the parisneo/lollms-webui
pypi
lollms
Moderate
over 1 year ago
code injection vulnerability exists in the huggingface/text-generation-inference repository
pypi
text-generation
Moderate
over 1 year ago
Improper Handling of Insufficient Permissions in `wagtail.contrib.settings`
pypi
wagtail
Moderate
over 1 year ago
Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints
pypi
ethyca-fides
Moderate
over 1 year ago
Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects
pypi
nautobot
Moderate
over 1 year ago
dbt allows Binding to an Unrestricted IP Address via socketsocket
pypi
dbt-core
Moderate
over 1 year ago
jupyter-scheduler's endpoint is missing authentication
pypi
jupyter-scheduler
Moderate
over 1 year ago
Gradio applications running locally vulnerable to 3rd party websites accessing routes and uploading files
pypi
gradio
Moderate
over 1 year ago
OMERO.web must check that the JSONP callback is a valid function
pypi
omero-web
Moderate
over 1 year ago
Requests `Session` object does not verify requests after making first request with verify=False
pypi
requests
Moderate
over 1 year ago
Scrapy leaks the authorization header on same-domain but cross-origin redirects
pypi
Scrapy
Moderate
over 1 year ago
Apache Airflow: XSS vulnerability in Task Instance Log/Log Details
pypi
apache-airflow
Moderate
over 1 year ago
Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter
pypi
Jinja2
Moderate
over 1 year ago
Gradio's Component Server does not properly consider` _is_server_fn` for functions
pypi
gradio
Moderate
over 1 year ago
changedetection.io Cross-site Scripting vulnerability
pypi
changedetection.io
Moderate
over 1 year ago
pgAdmin is affected by a multi-factor authentication bypass vulnerability
pypi
pgadmin4
Moderate
over 1 year ago
dcnnt-py is vulnerable to command injection via Notification Handler
pypi
dcnnt
Moderate
over 1 year ago
vyper performs double eval of the slice start/length args in certain cases
pypi
vyper
Moderate
over 1 year ago
social-auth-app-django affected by Improper Handling of Case Sensitivity
pypi
social-auth-app-django
Moderate
over 1 year ago
Synapse V2 state resolution weakness allows Denial of Service (DoS)
pypi
matrix-synapse
Moderate
over 1 year ago
flask-cors vulnerable to log injection when the log level is set to debug
pypi
flask-cors
Moderate
over 1 year ago
aiohttp Cross-site Scripting vulnerability on index pages for static file handling
pypi
aiohttp
Moderate
over 1 year ago
Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used
pypi
apache-airflow
Moderate
over 1 year ago
OpenStack magnum vulnerable to time-of-check to time-of-use (TOCTOU) attack
pypi
magnum
Moderate
over 1 year ago
Internationalized Domain Names in Applications (IDNA) vulnerable to denial of service from specially crafted inputs to idna.encode
pypi
idna
Moderate
over 1 year ago
Potential DoS via the Tudoor mechanism in eventlet and dnspython
pypi
dnspython, eventlet
Moderate
over 1 year ago
Mobile Security Framework (MobSF) vulnerable to SSRF in firebase database check
pypi
mobsf
Moderate
over 1 year ago
Saleor: Customers' addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method
pypi
saleor
Moderate
over 1 year ago
Apache Airflow Improper Preservation of Permissions vulnerability
pypi
apache-airflow
Moderate
over 1 year ago
LangChain's XMLOutputParser vulnerable to XML Entity Expansion
pypi
langchain-core
Moderate
over 1 year ago
`qiskit_ibm_runtime.RuntimeDecoder` can execute arbitrary code
pypi
qiskit-ibm-runtime
Moderate
over 1 year ago
Black vulnerable to Regular Expression Denial of Service (ReDoS)
pypi
black
Moderate
over 1 year ago
XSS via the "Snapshot Test" feature in Classic Webcam plugin settings
pypi
OctoPrint
Moderate
over 1 year ago
vantage6 vulnerable to a username timing attack on recover password/MFA token
pypi
vantage6
Moderate
over 1 year ago
Django MarkdownX Cross-Site Scripting (XSS) vulnerability
pypi
django-markdownx
Moderate
over 1 year ago
JWCrypto vulnerable to JWT bomb Attack in `deserialize` function
pypi
jwcrypto
Moderate
over 1 year ago
esphome vulnerable to stored Cross-site Scripting in edit configuration file API
pypi
esphome
Moderate
over 1 year ago
Apache Airflow: Incorrect Default Permissions in audit logs for Ops and Viewers users
pypi
apache-airflow
Moderate
over 1 year ago
Apache Airflow: DAG Code and Import Error Permissions Ignored
pypi
apache-airflow
Moderate
over 1 year ago
Mezzanine allows attackers to bypass access controls via manipulating the Host header
pypi
Mezzanine
Moderate
over 1 year ago
Mezzanine allows attackers to bypass access control mechanisms
pypi
Mezzanine
Moderate
over 1 year ago
Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS)
pypi
Flask-AppBuilder
Moderate
over 1 year ago
Apache Superset: Improper authorization validation on dashboards and charts import
pypi
apache-superset
Moderate
over 1 year ago
Apache Superset: Improper data authorization when creating a new dataset
pypi
apache-superset
Moderate
over 1 year ago
Apache Superset: Improper Neutralization of custom SQL on embedded context
pypi
apache-superset
Moderate
over 1 year ago
Apache Superset: Improper validation of SQL statements allows for unauthorized access to data
pypi
apache-superset
Moderate
almost 2 years ago
Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config
pypi
label-studio
Moderate
almost 2 years ago
NoneBot Potential Information Leak in User-Constructed Message Templates
pypi
nonebot2
Moderate
almost 2 years ago
Allegro AI ClearML Stores Credentials in Plaintext in MongoDB Instance
pypi
clearml
Moderate
almost 2 years ago
pyLoad open redirect vulnerability due to improper validation of the is_safe_url function
pypi
pyload-ng
Moderate
almost 2 years ago
m2crypto Bleichenbacher timing attack - incomplete fix for CVE-2020-25657
pypi
m2crypto
Moderate
almost 2 years ago
Dash apps vulnerable to Cross-site Scripting
npm, pypi
dash-html-components, dash, dash-core-components
Moderate
almost 2 years ago
OctoPrint Unverified Password Change via Access Control Settings
pypi
OctoPrint
Moderate
almost 2 years ago
Label Studio SSRF on Import Bypassing `SSRF_PROTECTION_ENABLED` Protections
pypi
label-studio
Moderate
almost 2 years ago
vantage6 has insecure SSH configuration for node and server containers
pypi
vantage6
Moderate
almost 2 years ago
Vyper's raw_call `value=` kwargs not disabled for static and delegate calls
pypi
vyper
Filter by Severity
Filter by Package
tensorflow
200
tensorflow-cpu
188
tensorflow-gpu
181
apache-airflow
47
apache-superset
45
Django
39
picklescan
34
nova
29
plone
29
moin
27
ansible
26
Plone
23
django
20
gradio
20
matrix-synapse
20
salt
17
rdiffweb
16
vyper
15
glance
14
keystone
13
vllm
12
roundup
12
transformers
12
OctoPrint
10
PaddlePaddle
10
aiohttp
10
notebook
10
open-webui
9
horizon
9
urllib3
9
calibreweb
9
pyftpdlib
9
ckan
8
pyload-ng
8
opencv-python
8
opencv-contrib-python
8
modoboa
8
onionshare-cli
8
neutron
8
mlflow
8
mobsf
7
zenml
7
twisted
7
aim
6
Mezzanine
6
vantage6
6
swift
6
requests
6
Flask-AppBuilder
6
pypdf
6
wagtail
6
pgadmin4
6
lxml
6
indico
6
cinder
6
mage-ai
5
trac
5
trytond
5
ethyca-fides
5
mindsdb
5
cryptography
5
cobbler
5
mayan-edms
5
copyparty
5
Pillow
5
jupyter-server
5
web2py
5
OpenEXR
4
Scrapy
4
waitress
4
jwcrypto
4
sentry
4
snowflake-connector-python
4
ansible-core
4
jinja2
4
flask-cors
4
lollms
4
label-studio
4
lief
4
dtale
4
composio-core
4
pip
4
tornado
4
paddlepaddle
4
matrix-sydent
4
mailman
4
codechecker
4
pillow
4
PyPDF2
4
Products.CMFPlone
4
omero-web
4
zope
4
python-ldap
4
nautobot
3
Moin
3
eventlet
3
FreeTAKServer-UI
3
barbican
3
opencv-python-headless
3
AccessControl
3
buildbot
3
bleach
3
streamlit
3
micropython-io
3
flask-appbuilder
3
numpy
3
mercurial
3
werkzeug
3
scrapy
3
ipython
3
Keystone
3
ajenti
3
micropython-copy
3
aws-sam-cli
3
fava
3
tuf
3
datasette
3
feedparser
3
wasmtime
3
markdown2
3
saleor
3
Jinja2
3
wasmtime
3
graphite-web
3
opencv-contrib-python-headless
3
frappe
3
changedetection.io
3
inventree
3
litellm
3
pysaml2
3
whoogle-search
3
Werkzeug
2
python-cjson
2
docassemble.webapp
2
Zope2
2
ryu
2
Products.PluggableAuthService
2
uv
2
langchain-community
2
ujson
2
jupyterhub
2
parlai
2
xgrammar
2
social-auth-app-django
2
pywasm3
2
zope2
2
ms-swift
2
pydantic
2
Red-DiscordBot
2
archivy
2
sickrage
2
sosreport
2
khoj
2
ubi-reader
2
CherryMusic
2
ipsilon
2
aiosmtpd
2
python-keystoneclient
2
pymongo
2
wagtail-2fa
2
fastmcp
2
xml2rfc
2
pypickle
2
lmdeploy
2
weblate
2
pycares
2
wasm3
2
starlette
2
pretix
2
openzeppelin-cairo-contracts
2
httplib2
2
octoprint
2
dagster
2
bbot
2
langflow
2
django-cms
2
httpie
2
in-toto
2
langchain-core
2
mistune
2
kiwitcms
2
MaterialX
2
PostQuantum-Feldman-VSS
2
ml-logger
2
scancodeio
2
torchserve
2
dompurify
2
Roundup
2
python-apt
2
llama-index
2
SOAPpy
2
yt-dlp
2
exiv2
2
eth-abi
2
keras
2
libosdp
2
clearml
2
fastapi-admin
2
h2o
2
asyncssh
2
Filter by Repository
https://github.com/tensorflow/tensorflow
200
https://github.com/django/django
50
https://github.com/apache/airflow
44
https://github.com/mmaitre314/picklescan
34
https://github.com/ansible/ansible
26
https://github.com/plone/Products.CMFPlone
20
https://github.com/openstack/nova
18
https://github.com/matrix-org/synapse
16
https://github.com/ikus060/rdiffweb
16
https://github.com/gradio-app/gradio
16
https://github.com/vyperlang/vyper
15
https://github.com/PaddlePaddle/Paddle
14
https://github.com/saltstack/salt
14
https://github.com/huggingface/transformers
12
https://github.com/openstack/keystone
11
https://github.com/aio-libs/aiohttp
10
https://github.com/vllm-project/vllm
10
https://github.com/dpgaspar/Flask-AppBuilder
9
https://github.com/OctoPrint/OctoPrint
9
https://github.com/urllib3/urllib3
9
https://github.com/ckan/ckan
8
https://github.com/pyload/pyload
8
https://github.com/apache/superset
8
https://github.com/onionshare/onionshare
8
https://github.com/modoboa/modoboa
8
https://github.com/openstack/glance
8
https://github.com/python-pillow/Pillow
7
https://github.com/zenml-io/zenml
7
https://github.com/py-pdf/pypdf
7
https://github.com/janeczku/calibre-web
7
https://github.com/opencv/opencv
7
https://github.com/openstack/horizon
7
https://github.com/jupyter/notebook
7
https://github.com/scrapy/scrapy
7
https://github.com/MobSF/Mobile-Security-Framework-MobSF
7
https://github.com/lxml/lxml
6
https://github.com/psf/requests
6
https://github.com/run-llama/llama_index
6
https://github.com/roundup-tracker/roundup
6
https://github.com/wagtail/wagtail
6
https://github.com/pallets/jinja
6
https://github.com/giampaolo/pyftpdlib
6
https://github.com/vantage6/vantage6
6
https://github.com/twisted/twisted
6
https://github.com/9001/copyparty
5
https://github.com/langchain-ai/langchain
5
https://github.com/mlflow/mlflow
5
https://github.com/ethyca/fides
5
https://github.com/pgadmin-org/pgadmin4
5
https://github.com/indico/indico
5
https://github.com/pallets/werkzeug
4
https://github.com/matrix-org/sydent
4
https://github.com/Pylons/waitress
4
https://github.com/HumanSignal/label-studio
4
https://github.com/man-group/dtale
4
https://github.com/getsentry/sentry
4
https://github.com/snowflakedb/snowflake-connector-python
4
https://github.com/corydolphin/flask-cors
4
https://github.com/python-ldap/python-ldap
4
https://github.com/pyca/cryptography
4
https://github.com/jupyter-server/jupyter_server
4
https://github.com/pypa/pip
4
https://github.com/tornadoweb/tornado
4
https://github.com/openstack/cinder
4
https://github.com/cobbler/cobbler
4
https://github.com/ComposioHQ/composio
4
https://github.com/latchset/jwcrypto
4
https://github.com/Ericsson/codechecker
4
https://github.com/lief-project/LIEF
4
https://github.com/element-hq/synapse
4
https://github.com/dgtlmoon/changedetection.io
3
https://github.com/ome/omero-web
3
https://github.com/saleor/saleor
3
https://github.com/stephenmcd/mezzanine
3
https://github.com/streamlit/streamlit
3
https://github.com/AcademySoftwareFoundation/openexr
3
https://github.com/FreeTAKTeam/UI
3
https://github.com/jupyterlab/jupyterlab
3
https://github.com/frappe/frappe
3
https://github.com/simonw/datasette
3
https://github.com/mindsdb/mindsdb
3
https://github.com/octoprint/octoprint
3
https://github.com/aimhubio/aim
3
https://gitlab.com/mayan-edms/mayan-edms
3
https://github.com/graphite-project/graphite-web
3
https://github.com/micropython/micropython
3
https://github.com/zopefoundation/AccessControl
3
https://github.com/BerriAI/litellm
3
https://github.com/Cog-Creators/Red-DiscordBot
3
https://github.com/aws/aws-sam-cli
3
https://github.com/khoj-ai/khoj
3
https://github.com/WeblateOrg/weblate
3
https://github.com/Exiv2/exiv2
3
https://sourceforge.net/projects/sourceforge.net
3
https://github.com/benbusby/whoogle-search
3
https://github.com/ipython/ipython
3
https://github.com/bytecodealliance/wasmtime
3
https://github.com/nautobot/nautobot
3
https://github.com/numpy/numpy
3
https://github.com/openstack/swift
3
https://github.com/eventlet/eventlet
3
https://github.com/mlc-ai/xgrammar
3
https://github.com/beancount/fava
3
https://github.com/mozilla/bleach
3
https://github.com/ietf-tools/xml2rfc
2
https://github.com/web2py/web2py
2
https://github.com/wasm3/wasm3
2
https://github.com/geyang/ml-logger
2
https://github.com/faucetsdn/ryu
2
https://github.com/encode/starlette
2
https://github.com/ansible/ansible-runner
2
https://github.com/zopefoundation/Zope
2
https://github.com/ethereum/eth-abi
2
https://github.com/sosreport/sos
2
https://github.com/adamghill/django-unicorn
2
https://github.com/archivy/archivy
2
https://github.com/OpenZeppelin/cairo-contracts
2
https://github.com/modelscope/ms-swift
2
https://github.com/saghul/pycares
2
https://github.com/facebookresearch/ParlAI
2
https://github.com/moinwiki/moin-1.9
2
https://github.com/openstack/neutron
2
https://github.com/djblets/djblets
2
https://github.com/python-social-auth/social-app-django
2
https://github.com/yt-dlp/yt-dlp
2
https://github.com/html5lib/html5lib-python
2
https://github.com/dagster-io/dagster
2
https://github.com/tryton/trytond
2
https://github.com/pretix/pretix
2
https://github.com/mongodb/mongo-python-driver
2
https://github.com/open-webui/open-webui
2
https://github.com/XML-Security/signxml
2
https://github.com/keylime/keylime
2
https://github.com/httplib2/httplib2
2
https://github.com/jupyterhub/jupyterhub
2
https://github.com/trentm/python-markdown2
2
https://github.com/plone/Products.ATContentTypes
2
https://github.com/aio-libs/aiosmtpd
2
https://github.com/blacklanternsecurity/bbot
2
https://github.com/erdogant/pypickle
2
https://github.com/httpie/httpie
2
https://github.com/devsnd/cherrymusic
2
https://github.com/jlowin/fastmcp
2
https://github.com/bbangert/beaker
2
https://github.com/jhpyle/docassemble
2
https://github.com/astral-sh/uv
2
https://github.com/DavidOsipov/PostQuantum-Feldman-VSS
2
https://github.com/SiCKRAGE/SiCKRAGE
2
https://github.com/labd/wagtail-2fa
2
https://github.com/ronf/asyncssh
2
https://github.com/lepture/mistune
2
https://github.com/fastapi-admin/fastapi-admin
2
https://github.com/inventree/InvenTree
2
https://github.com/keras-team/keras
2
https://github.com/home-assistant/core
2
https://github.com/theupdateframework/tuf
2
https://github.com/InternLM/lmdeploy
2
https://github.com/parisneo/lollms
2
https://github.com/inveniosoftware/invenio-communities
2
https://github.com/goToMain/libosdp
2
https://github.com/nexB/scancode.io
2
https://github.com/jrspruitt/ubi_reader
2
https://github.com/IdentityPython/pysaml2
2
https://github.com/AcademySoftwareFoundation/MaterialX
2
https://github.com/cure53/DOMPurify
2
https://github.com/aws/aws-encryption-sdk-python
1
https://github.com/crossbario/autobahn-python
1
https://github.com/redis/redis-py
1
https://github.com/python-hyper/h2
1
https://github.com/ansible/ansible-modules-core
1
https://github.com/inventree/inventree
1
https://github.com/zopefoundation/Products.GenericSetup
1
https://github.com/zhmcclient/python-zhmcclient
1
https://github.com/aws/sagemaker-training-toolkit
1
https://github.com/modelscope/agentscope
1
https://github.com/mozilla/PollBot
1
https://github.com/Unstructured-IO/unstructured
1
https://github.com/contentful/the-example-app.py
1
https://github.com/Netflix/security_monkey
1
https://github.com/python-jsonschema/check-jsonschema
1
https://github.com/0x72303074/CVE-Disclosures
1
https://github.com/jupyter/jupyter_server
1
https://github.com/nitely/spirit
1
https://github.com/sqlfluff/sqlfluff
1
https://github.com/CybercentreCanada/assemblyline
1
https://github.com/bayuncao/vul-cve-20
1
https://github.com/sehmaschine/django-grappelli
1
https://github.com/Flask-Middleware/flask-security
1
https://github.com/huggingface/smolagents
1
https://github.com/openexr/openexr
1
https://github.com/collective/collective.task
1
https://github.com/shenhav12/CVE-2024-25169-Mezzanine-v6.0.0
1
https://github.com/openstack/python-openstackclient
1
https://github.com/opsmill/infrahub
1
https://github.com/aquynh/capstone
1
https://github.com/calix2/pyVulApp
1
https://github.com/cyface/django-termsandconditions
1
https://github.com/nonebot/nonebot2
1
https://github.com/themanojdesai/python-a2a
1