pypi
755,850 packages · pypi.org
Security Advisories in pypi
Critical
8 months ago
LlamaIndex Retrievers Integration: DuckDBRetriever SQL Injection
pypi
llama-index-retrievers-duckdb-retriever
Moderate
8 months ago
langchain-core allows unauthorized users to read arbitrary files from the host file system
pypi
langchain-core
Critical
8 months ago
DB-GPT is vulnerable to SQL Injection attacks from unauthenticated users
pypi
dbgpt
Critical
8 months ago
DB-GPT Absolute Path Traversal in knowledge/{space_name}/document/upload
pypi
dbgpt
High
8 months ago
InvokeAI has Denial of Service (DoS) vulnerability in `/api/v1/images/upload`
pypi
InvokeAI
High
8 months ago
H2O Vulnerable to Denial of Service (DoS) via `/3/ParseSetup` Endpoint
maven, pypi
ai.h2o:h2o-core, h2o
Critical
8 months ago
H2O Deserialization of Untrusted Data Vulnerability
maven, pypi
ai.h2o:h2o-core, h2o
High
8 months ago
H2O Vulnerable to Denial of Service (DoS) and File Write
maven, pypi
ai.h2o:h2o-ext-xgboost, h2o
High
8 months ago
H2O Vulnerable to Denial of Service (DoS) via `/3/Parse` Endpoint
maven, pypi
ai.h2o:h2o-core, h2o
Moderate
8 months ago
Apache Airflow MySQL Provider is Vulnerable to SQL Injection
pypi
apache-airflow-providers-mysql
High
8 months ago
PostQuantum-Feldman-VSS'S Dependency Vulnerability in gmpy2 Leading to Interpreter Crash
pypi
PostQuantum-Feldman-VSS
Critical
8 months ago
Qiskit allows arbitrary code execution decoding QPY format versions < 13
pypi
qiskit, qiskit-terra
Moderate
8 months ago
Post-Quantum Secure Feldman's Verifiable Secret Sharing has Inadequate Fault Injection Countermeasures in `secure_redundant_execution`
pypi
PostQuantum-Feldman-VSS
Moderate
8 months ago
Post-Quantum Secure Feldman's Verifiable Secret Sharing has Timing Side-Channels in Matrix Operations
pypi
PostQuantum-Feldman-VSS
Moderate
9 months ago
Azure PromptFlow remote code execution related to Jinja templates
pypi
promptflow-core, promptflow-tools
Moderate
9 months ago
Django vulnerable to Allocation of Resources Without Limits or Throttling
pypi
Django
Moderate
9 months ago
Jinja2 vulnerable to sandbox breakout through attr filter selecting format method
pypi
Jinja2
High
9 months ago
dmlc/dgl Vulnerable to Remote Code Execution by Pickle Deserialization via rpc.recv_request()
pypi
dgl
Moderate
9 months ago
Picklescan Allows Remote Code Execution via Malicious Pickle File Bypassing Static Analysis
pypi
picklescan
Moderate
9 months ago
PyTorch Model Files Can Bypass Pickle Scanners via Unexpected Pickle Extensions
pypi
picklescan
Moderate
9 months ago
CodeChecker open redirect when URL contains multiple slashes after the product name
pypi
codechecker
High
9 months ago
Spotipy's cache file, containing spotify auth token, is created with overly broad permissions
pypi
spotipy
Low
9 months ago
copyparty renders unsanitized filenames as HTML when user uploads empty files
pypi
copyparty
Critical
9 months ago
LTI JupyterHub Authenticator does not properly validate JWT Signature
pypi
jupyterhub-ltiauthenticator
High
9 months ago
Malciously crafted QPY files can allows Remote Attackers to Cause Denial of Service in Qiskit
pypi
qiskit-terra, qiskit
High
9 months ago
Home Assistant does not correctly validate SSL for outgoing requests in core and used libs
pypi
homeassistant
Moderate
9 months ago
Keylime registrar is vulnerable to Denial-of-Service attack when updated to version 7.12.0
pypi
keylime
High
9 months ago
Label Studio allows Server-Side Request Forgery in the S3 Storage Endpoint
pypi
label-studio
Moderate
9 months ago
Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint
pypi
label-studio
High
9 months ago
Label Studio has a Path Traversal Vulnerability via image Field
pypi
label-studio-sdk
Critical
10 months ago
PandasAI interactive prompt function Remote Code Execution (RCE)
pypi
pandasai
Low
10 months ago
vLLM uses Python 3.12 built-in hash() which leads to predictable hash collisions in prefix cache
pypi
vllm
High
10 months ago
CKAN has an XSS vector in user uploaded images in group/org and user profiles
pypi
ckan
Critical
10 months ago
Django-Unicorn Class Pollution Vulnerability, Leading to XSS, DoS and Authentication Bypass
pypi
django-unicorn
High
10 months ago
snowflake-connector-python vulnerable to SQL Injection in write_pandas
pypi
snowflake-connector-python
Moderate
10 months ago
snowflake-connector-python vulnerable to insecure deserialization of the OCSP response cache
pypi
snowflake-connector-python
Moderate
10 months ago
snowflake-connector-python vulnerable to insecure cache files permissions
pypi
snowflake-connector-python
High
10 months ago
vllm: Malicious model to RCE by torch.load in hf_model_weights_iterator
pypi
vllm
High
10 months ago
ASTEVAL Allows Maliciously Crafted Format Strings to Lead to Sandbox Escape
pypi
asteval
High
10 months ago
ASTEVAL Allows Malicious Tampering of Exposed AST Nodes Leads to Sandbox Escape
pypi
asteval
High
10 months ago
try/except* clauses could allow bypass RestrictedPython via type confusion bug in the CPython interpreter
pypi
RestrictedPython
High
10 months ago
sniff_csv provides filesystem access even when enable_external_access is disabled in duckdb
pypi
duckdb
High
10 months ago
nbgrader's `frame-ancestors: self` grants all users access to formgrader
pypi
nbgrader
Critical
10 months ago
Sentry's improper authentication on SAML SSO process allows user impersonation
pypi
sentry
Moderate
10 months ago
Django has a potential denial-of-service vulnerability in IPv6 validation
pypi
Django
Critical
10 months ago
Rasa Allows Remote Code Execution via Remote Model Loading
pypi
rasa, rasa-pro
Low
11 months ago
Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution
pypi
strawberry-graphql
Filter by Severity
Filter by Package
tensorflow
433
tensorflow-cpu
409
tensorflow-gpu
394
apache-airflow
89
Django
89
salt
65
ansible
64
apache-superset
61
mlflow
55
Plone
54
django
48
nova
48
vyper
44
gradio
44
matrix-synapse
43
rdiffweb
42
plone
41
picklescan
39
moin
35
keystone
32
vllm
31
opencv-python
31
opencv-contrib-python
31
Pillow
28
pillow
28
open-webui
27
pyload-ng
24
glance
21
ethyca-fides
20
aim
20
neutron
19
langchain
19
transformers
19
cobbler
18
mindsdb
18
mercurial
18
calibreweb
17
notebook
17
cryptography
17
OctoPrint
17
paddlepaddle
16
pgadmin4
16
lollms
16
PaddlePaddle
16
h2o
15
aiohttp
15
urllib3
14
modoboa
14
zenml
14
litellm
14
pyftpdlib
14
mobsf
14
vantage6
14
roundup
13
twisted
12
sentry
12
wagtail
12
swift
12
nautobot
12
horizon
11
onionshare-cli
11
waitress
11
label-studio
11
ckan
11
ai.h2o:h2o-core
11
trytond
10
opencv-python-headless
10
Flask-AppBuilder
10
kiwitcms
9
changedetection.io
9
keras
9
opencv-contrib-python-headless
9
cinder
9
ryu
9
zope
9
agentscope
9
lief
9
llama-index
9
dbgpt
8
aubio
8
ipython
8
llama-index-core
8
trac
8
Zope
8
pip
8
copyparty
8
indico
8
tornado
8
bentoml
8
python-keystoneclient
8
numpy
8
Zope2
8
requests
7
scrapy
7
jupyter-server
7
codechecker
7
executorch
7
inventree
7
matrix-sydent
7
web2py
7
pysaml2
7
yt-dlp
6
mailman
6
lxml
6
torchserve
6
OpenEXR
6
tuf
6
mage-ai
6
Moin
6
dtale
6
graphite-web
6
ansible-core
6
snowflake-connector-python
6
apache-airflow-providers-apache-hive
6
Jinja2
6
Mezzanine
6
langflow
6
torch
6
whoogle-search
6
Weblate
5
pypdf
5
nltk
5
langchain-community
5
oauthenticator
5
grpcio
5
onnx
5
open-webui
5
keylime
5
bleach
5
grpc
5
pretix
5
python-gnupg
5
mitmproxy
5
lmdb
5
esphome
5
saleor
5
jupyterlab
5
werkzeug
5
composio-core
5
fschat
5
omero-web
5
jupyterhub
5
ray
5
starlette
5
feedparser
5
mayan-edms
5
Products.CMFPlone
5
homeassistant
5
ait-core
5
langchain-experimental
5
weblate
5
Werkzeug
5
jwcrypto
4
bottle
4
llamafactory
4
flask-cors
4
Flask-Security-Too
4
flask
4
Pygments
4
software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
4
litestar
4
motioneye
4
FreeTAKServer-UI
4
paramiko
4
setuptools
4
PyPDF2
4
streamlit
4
aws-iot-device-sdk-v2
4
bbot
4
pyspark
4
xml2rfc
4
tripleo-heat-templates
4
skops
4
buildbot
4
Keystone
4
nvflare
4
octoprint
4
langchain-core
4
barbican
4
datasette
4
Radicale
4
jinja2
4
authlib
4
Scrapy
4
RestrictedPython
4
InvokeAI
4
reportlab
4
flask-appbuilder
4
qutebrowser
4
python-ldap
4
pywasm3
4
indy-node
4
dbt-core
4
GitPython
4
httpie
4
awsiotsdk
4
koji
4
pytorch-lightning
4
pandasai
4
Nova
4
Filter by Repository
https://github.com/tensorflow/tensorflow
433
https://github.com/django/django
121
https://github.com/apache/airflow
105
https://github.com/ansible/ansible
59
https://github.com/python-pillow/Pillow
52
https://github.com/vyperlang/vyper
44
https://github.com/saltstack/salt
42
https://github.com/ikus060/rdiffweb
42
https://github.com/mmaitre314/picklescan
39
https://github.com/gradio-app/gradio
39
https://github.com/openstack/nova
38
https://github.com/plone/Products.CMFPlone
37
https://github.com/mlflow/mlflow
36
https://github.com/opencv/opencv
32
https://github.com/matrix-org/synapse
32
https://github.com/PaddlePaddle/Paddle
31
https://github.com/openstack/keystone
28
https://github.com/vllm-project/vllm
25
https://github.com/langchain-ai/langchain
25
https://github.com/run-llama/llama_index
24
https://github.com/pyload/pyload
24
https://github.com/ethyca/fides
20
https://github.com/huggingface/transformers
19
https://github.com/vantage6/vantage6
17
https://github.com/mindsdb/mindsdb
17
https://github.com/pyca/cryptography
16
https://github.com/MobSF/Mobile-Security-Framework-MobSF
15
https://github.com/aio-libs/aiohttp
15
https://github.com/cobbler/cobbler
15
https://github.com/apache/superset
14
https://github.com/urllib3/urllib3
14
https://github.com/pgadmin-org/pgadmin4
14
https://github.com/dpgaspar/Flask-AppBuilder
14
https://github.com/twisted/twisted
14
https://github.com/janeczku/calibre-web
14
https://github.com/zenml-io/zenml
13
https://github.com/modoboa/modoboa
13
https://github.com/h2oai/h2o-3
13
https://github.com/OctoPrint/OctoPrint
13
https://github.com/nautobot/nautobot
12
https://github.com/openstack/glance
12
https://github.com/getsentry/sentry
12
https://github.com/wagtail/wagtail
12
https://github.com/parisneo/lollms
11
https://github.com/open-webui/open-webui
11
https://github.com/Pylons/waitress
11
https://github.com/onionshare/onionshare
11
https://github.com/scrapy/scrapy
11
https://github.com/HumanSignal/label-studio
10
https://github.com/ckan/ckan
10
https://github.com/WeblateOrg/weblate
10
https://github.com/jupyter/notebook
10
https://github.com/lief-project/LIEF
9
https://github.com/element-hq/synapse
9
https://github.com/keras-team/keras
9
https://github.com/BerriAI/litellm
9
https://github.com/giampaolo/pyftpdlib
9
https://github.com/zopefoundation/Zope
9
https://github.com/openstack/horizon
9
https://github.com/faucetsdn/ryu
9
https://github.com/aimhubio/aim
9
https://github.com/ipython/ipython
8
https://github.com/tornadoweb/tornado
8
https://github.com/pallets/werkzeug
8
https://github.com/numpy/numpy
8
https://github.com/octoprint/octoprint
8
https://github.com/9001/copyparty
8
https://github.com/openstack/neutron
8
https://github.com/kiwitcms/Kiwi
8
https://github.com/dgtlmoon/changedetection.io
8
https://github.com/jupyter-server/jupyter_server
7
https://github.com/indico/indico
7
https://github.com/py-pdf/pypdf
7
https://github.com/pypa/pip
7
https://github.com/pytorch/executorch
7
https://github.com/aubio/aubio
7
https://github.com/Ericsson/codechecker
7
https://sourceforge.net/projects/sourceforge.net
7
https://github.com/openstack/cinder
7
https://github.com/openstack/swift
7
https://github.com/pytorch/pytorch
7
https://github.com/pallets/jinja
7
https://github.com/modelscope/agentscope
6
https://github.com/man-group/dtale
6
https://github.com/psf/requests
6
https://github.com/matrix-org/sydent
6
https://github.com/jupyterlab/jupyterlab
6
https://github.com/benbusby/whoogle-search
6
https://github.com/roundup-tracker/roundup
6
https://github.com/lxml/lxml
6
https://github.com/corydolphin/flask-cors
6
https://github.com/snowflakedb/snowflake-connector-python
6
https://github.com/graphite-project/graphite-web
6
https://github.com/keylime/keylime
6
https://github.com/yt-dlp/yt-dlp
6
https://github.com/inventree/InvenTree
5
https://github.com/tryton/trytond
5
https://github.com/onnx/onnx
5
https://github.com/jupyterhub/oauthenticator
5
https://github.com/mitmproxy/mitmproxy
5
https://github.com/esphome/esphome
5
https://github.com/bentoml/BentoML
5
https://github.com/pytorch/serve
5
https://github.com/TeamSeri0us/pocs
5
https://github.com/encode/starlette
5
https://github.com/home-assistant/core
5
https://github.com/ComposioHQ/composio
5
https://github.com/mozilla/bleach
5
https://github.com/gitpython-developers/GitPython
5
https://github.com/hwchase17/langchain
5
https://github.com/ome/omero-web
5
https://github.com/ray-project/ray
5
https://github.com/Exiv2/exiv2
5
https://github.com/django-helpdesk/django-helpdesk
4
https://github.com/Kozea/Radicale
4
https://github.com/python-ldap/python-ldap
4
https://github.com/NVIDIA/NVFlare
4
https://github.com/jupyterhub/jupyterhub
4
https://github.com/hiyouga/LLaMA-Factory
4
https://github.com/web2py/web2py
4
https://github.com/berriai/litellm
4
https://github.com/ietf-tools/xml2rfc
4
https://github.com/aws/aws-iot-device-sdk-java-v2
4
https://github.com/jhpyle/docassemble
4
https://github.com/FreeTAKTeam/UI
4
https://github.com/wasm3/wasm3
4
https://github.com/nltk/nltk
4
https://github.com/frappe/frappe
4
https://github.com/mlc-ai/xgrammar
4
https://github.com/latchset/jwcrypto
4
https://github.com/streamlit/streamlit
4
https://github.com/hyperledger/indy-node
4
https://github.com/zopefoundation/RestrictedPython
4
https://github.com/AcademySoftwareFoundation/openexr
4
https://github.com/litestar-org/litestar
4
https://github.com/pypa/setuptools
4
https://github.com/Cog-Creators/Red-DiscordBot
4
https://github.com/qutebrowser/qutebrowser
4
https://github.com/eosphoros-ai/DB-GPT
4
https://github.com/blacklanternsecurity/bbot
4
https://github.com/rohe/pysaml2
4
https://github.com/bottlepy/bottle
4
https://github.com/AcademySoftwareFoundation/MaterialX
4
https://github.com/ronf/asyncssh
4
https://github.com/langflow-ai/langflow
4
https://github.com/simonw/datasette
4
https://github.com/pallets/flask
4
https://github.com/saleor/saleor
4
https://github.com/pretix/pretix
4
https://github.com/grpc/grpc
4
https://github.com/dbt-labs/dbt-core
4
https://github.com/jpadilla/pyjwt
3
https://github.com/openstack/python-keystoneclient
3
https://github.com/eventlet/eventlet
3
https://github.com/moinwiki/moin-1.9
3
https://github.com/ankitects/anki
3
https://github.com/gventuri/pandas-ai
3
https://github.com/astral-sh/uv
3
https://github.com/theupdateframework/python-tuf
3
https://github.com/benoitc/gunicorn
3
https://github.com/aws/sagemaker-python-sdk
3
https://github.com/langchain-ai/langgraph
3
https://github.com/Kludex/python-multipart
3
https://github.com/aws/aws-sam-cli
3
https://github.com/furlongm/openvpn-monitor
3
https://github.com/langroid/langroid
3
https://github.com/djblets/djblets
3
https://github.com/mpdavis/python-jose
3
https://github.com/IdentityPython/pysaml2
3
https://github.com/impredicative/bitlyshortener
3
https://github.com/andialbrecht/sqlparse
3
https://github.com/Flask-Middleware/flask-security
3
https://github.com/pyinstaller/pyinstaller
3
https://github.com/dlitz/pycrypto
3
https://github.com/openstack/octavia
3
https://github.com/khoj-ai/khoj
3
https://github.com/openstack/ironic
3
https://github.com/chatchat-space/Langchain-Chatchat
3
https://github.com/Project-MONAI/MONAI
3
https://github.com/adamghill/django-unicorn
3
https://github.com/poezio/slixmpp
3
https://github.com/pyca/pyopenssl
3
https://github.com/ansible/ansible-runner
3
https://github.com/lepture/mistune
3
https://github.com/geyang/ml-logger
3
https://github.com/certifi/python-certifi
3
https://github.com/python/cpython
3
https://github.com/pygments/pygments
3
https://github.com/theupdateframework/tuf
3
https://github.com/sosreport/sos
3
https://github.com/Gerapy/Gerapy
3
https://github.com/micropython/micropython
3
https://github.com/zauberzeug/nicegui
3
https://github.com/trentm/python-markdown2
3
https://github.com/authlib/authlib
3
https://github.com/yaml/pyyaml
3
https://github.com/stephenmcd/mezzanine
3
https://github.com/DavidOsipov/PostQuantum-Feldman-VSS
3
https://github.com/GeoNode/geonode
3