pypi
755,850 packages · pypi.org
Security Advisories in pypi
Moderate
11 months ago
Composio Command Execution vulnerability
pypi
composio-julep, composio-openai, composio-claude
Low
11 months ago
Apache Airflow Fab Provider Insufficient Session Expiration vulnerability
pypi
apache-airflow-providers-fab
Moderate
11 months ago
khoj has an IDOR in subscription management allows unauthorized subscription modifications
pypi
khoj
High
11 months ago
changedetection.io Vulnerable to Improper Input Validation Leading to LFR/Path Traversal
pypi
changedetection.io
High
11 months ago
Amazon Redshift Python Connector vulnerable to SQL Injection
pypi
redshift_connector
Moderate
11 months ago
Jinja has a sandbox breakout through indirect reference to format method
pypi
jinja2
High
11 months ago
pyrage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution
pypi
pyrage
Moderate
12 months ago
D-Tale allows Remote Code Execution through the Custom Filter Input
pypi
dtale
High
12 months ago
Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access
pypi
apache-superset
Low
12 months ago
sigstore has insufficient validation of integration timestamp during verification
pypi
sigstore
Moderate
12 months ago
Apache Superset: Error verbosity exposes metadata in analytics databases
pypi
apache-superset
High
12 months ago
Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled
pypi
apache-superset
Low
12 months ago
Apache Superset: Improper SQL authorisation, parse not checking for specific postgres functions
pypi
apache-superset
Moderate
12 months ago
Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality
pypi
mobsf
Moderate
12 months ago
Synapse Matrix has a partial room state leak via Sliding Sync
pypi
matrix-synapse
High
12 months ago
Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders
pypi
matrix-synapse
High
12 months ago
Synapse allows a a malformed invite to break the invitee's `/sync`
pypi
matrix-synapse
High
12 months ago
Synapse allows unsupported content types to lead to memory exhaustion
pypi
matrix-synapse
Moderate
12 months ago
Synapse's unauthenticated writes to the media repository allow planting of problematic content
pypi
matrix-synapse
High
12 months ago
Synapse denial of service through media disk space consumption
pypi
matrix-synapse
High
12 months ago
Denial of service (DoS) via deformation `multipart/form-data` boundary
pypi
python-multipart
Moderate
12 months ago
Python package "zhmcclient" stores passwords in clear text in its HMC and API logs
pypi
zhmcclient
Moderate
12 months ago
check-jsonschema default caching for remote schemas allows for cache confusion
pypi
check-jsonschema
Low
12 months ago
Password Policy Bypass Vulnerability in Fides Webserver User Accept Invite API
pypi
ethyca-fides
High
12 months ago
MLflow's excessive directory permissions allow local privilege escalation
pypi
mlflow
Moderate
12 months ago
OpenStack Neutron can use an incorrect ID during policy enforcement
pypi
neutron
High
12 months ago
virtualenv allows command injection through activation scripts for a virtual environment
pypi
virtualenv
High
about 1 year ago
Deserialization of Untrusted Data in Hugging Face Transformers
pypi
transformers
High
about 1 year ago
Deserialization of Untrusted Data in Hugging Face Transformers
pypi
transformers
High
about 1 year ago
Deserialization of Untrusted Data in Hugging Face Transformers
pypi
transformers
Moderate
about 1 year ago
Sentry improper error handling leaks Application Integration Client Secret
pypi
sentry
High
about 1 year ago
Litestar allows unbounded resource consumption (DoS vulnerability)
pypi
starlite, litestar
Moderate
about 1 year ago
django CMS Attributes Field Cross-site Scripting
pypi
djangocms-attributes-field
Moderate
about 1 year ago
Django Filer Unrestricted Upload of File with Dangerous Type
pypi
django-filer
High
about 1 year ago
HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through
pypi
lxml-html-clean
Moderate
about 1 year ago
aiohttp allows request smuggling due to incorrect parsing of chunk extensions
pypi
aiohttp
Moderate
about 1 year ago
aiohttp has a memory leak when middleware is enabled when requesting a resource with a non-allowed method
pypi
aiohttp
Critical
about 1 year ago
cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes
pypi
cobbler
Moderate
about 1 year ago
Generation of Error Message Containing Sensitive Information in janeczku/calibre-web
pypi
calibreweb
High
about 1 year ago
Apache Airflow: Sensitive configuration values are not masked in the logs by default
pypi
airflow
Moderate
about 1 year ago
wasm3 uncontrolled memory allocation vulnerability
cargo, pypi, swift
wasm3, pywasm3, github.com/shareup/wasm-interpreter-apple
Low
about 1 year ago
Apache Airflow vulnerable to Insertion of Sensitive Information Into Sent Data
pypi
apache-airflow
High
about 1 year ago
changedetection.io path traversal using file URI scheme without supplying hostname
pypi
changedetection.io
Moderate
about 1 year ago
Gradio vulnerable to arbitrary file read with File and UploadButton components
pypi
gradio
Critical
about 1 year ago
codechecker authentication method confusion vulnerability allows logging in as the built-in root user from an external service
pypi
codechecker
Critical
about 1 year ago
codechecker vulnerable to authentication bypass when using specifically crafted URLs
pypi
codechecker
Moderate
about 1 year ago
OctoPrint has API key access in settings without reauthentication
pypi
OctoPrint
Moderate
about 1 year ago
Access control vulnerable to user data deletion by anonynmous users
pypi
Zope, AccessControl
Critical
about 1 year ago
Waitress has request processing race condition in HTTP pipelining with invalid first request
pypi
waitress
High
about 1 year ago
Waitress vulnerable to DoS leading to high CPU usage/resource exhaustion
pypi
waitress
Moderate
about 1 year ago
MPXJ has a Potential Path Traversal Vulnerability
nuget, pypi, rubygems, maven
MPXJ.Net, net.sf.mpxj-for-vb, net.sf.mpxj-for-csharp, net.sf.mpxj, mpxj, net.sf.mpxj:mpxj
High
about 1 year ago
pyLoad vulnerable to remote code execution by download to /.pyload/scripts using /flashgot API
pypi
pyload-ng
Moderate
about 1 year ago
Werkzeug possible resource exhaustion when parsing file data in forms
pypi
werkzeug
Moderate
about 1 year ago
The Snowflake Connector for Python stores sensitive data in logs
pypi
snowflake-connector-python
High
about 1 year ago
curl_cffi bundles a version of libcurl affected by High Severity vulnerability
pypi
curl-cffi
Moderate
about 1 year ago
Exiv2 has a denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder
pypi
exiv2
Filter by Severity
Filter by Package
tensorflow
433
tensorflow-cpu
409
tensorflow-gpu
394
apache-airflow
89
Django
89
salt
65
ansible
64
apache-superset
61
mlflow
55
Plone
54
django
48
nova
48
vyper
44
gradio
44
matrix-synapse
43
rdiffweb
42
plone
41
picklescan
39
moin
35
keystone
32
vllm
31
opencv-python
31
opencv-contrib-python
31
Pillow
28
pillow
28
open-webui
27
pyload-ng
24
glance
21
ethyca-fides
20
aim
20
neutron
19
langchain
19
transformers
19
cobbler
18
mindsdb
18
mercurial
18
calibreweb
17
notebook
17
cryptography
17
OctoPrint
17
paddlepaddle
16
pgadmin4
16
lollms
16
PaddlePaddle
16
h2o
15
aiohttp
15
urllib3
14
modoboa
14
zenml
14
litellm
14
pyftpdlib
14
mobsf
14
vantage6
14
roundup
13
twisted
12
sentry
12
wagtail
12
swift
12
nautobot
12
horizon
11
onionshare-cli
11
waitress
11
label-studio
11
ckan
11
ai.h2o:h2o-core
11
trytond
10
opencv-python-headless
10
Flask-AppBuilder
10
kiwitcms
9
changedetection.io
9
keras
9
opencv-contrib-python-headless
9
cinder
9
ryu
9
zope
9
agentscope
9
lief
9
llama-index
9
dbgpt
8
aubio
8
ipython
8
llama-index-core
8
trac
8
Zope
8
pip
8
copyparty
8
indico
8
tornado
8
bentoml
8
python-keystoneclient
8
numpy
8
Zope2
8
requests
7
scrapy
7
jupyter-server
7
codechecker
7
executorch
7
inventree
7
matrix-sydent
7
web2py
7
pysaml2
7
yt-dlp
6
mailman
6
lxml
6
torchserve
6
OpenEXR
6
tuf
6
mage-ai
6
Moin
6
dtale
6
graphite-web
6
ansible-core
6
snowflake-connector-python
6
apache-airflow-providers-apache-hive
6
Jinja2
6
Mezzanine
6
langflow
6
torch
6
whoogle-search
6
Weblate
5
pypdf
5
nltk
5
langchain-community
5
oauthenticator
5
grpcio
5
onnx
5
open-webui
5
keylime
5
bleach
5
grpc
5
pretix
5
python-gnupg
5
mitmproxy
5
lmdb
5
esphome
5
saleor
5
jupyterlab
5
werkzeug
5
composio-core
5
fschat
5
omero-web
5
jupyterhub
5
ray
5
starlette
5
feedparser
5
mayan-edms
5
Products.CMFPlone
5
homeassistant
5
ait-core
5
langchain-experimental
5
weblate
5
Werkzeug
5
jwcrypto
4
bottle
4
llamafactory
4
flask-cors
4
Flask-Security-Too
4
flask
4
Pygments
4
software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
4
litestar
4
motioneye
4
FreeTAKServer-UI
4
paramiko
4
setuptools
4
PyPDF2
4
streamlit
4
aws-iot-device-sdk-v2
4
bbot
4
pyspark
4
xml2rfc
4
tripleo-heat-templates
4
skops
4
buildbot
4
Keystone
4
nvflare
4
octoprint
4
langchain-core
4
barbican
4
datasette
4
Radicale
4
jinja2
4
authlib
4
Scrapy
4
RestrictedPython
4
InvokeAI
4
reportlab
4
flask-appbuilder
4
qutebrowser
4
python-ldap
4
pywasm3
4
indy-node
4
dbt-core
4
GitPython
4
httpie
4
awsiotsdk
4
koji
4
pytorch-lightning
4
pandasai
4
Nova
4
Filter by Repository
https://github.com/tensorflow/tensorflow
433
https://github.com/django/django
121
https://github.com/apache/airflow
105
https://github.com/ansible/ansible
59
https://github.com/python-pillow/Pillow
52
https://github.com/vyperlang/vyper
44
https://github.com/saltstack/salt
42
https://github.com/ikus060/rdiffweb
42
https://github.com/mmaitre314/picklescan
39
https://github.com/gradio-app/gradio
39
https://github.com/openstack/nova
38
https://github.com/plone/Products.CMFPlone
37
https://github.com/mlflow/mlflow
36
https://github.com/opencv/opencv
32
https://github.com/matrix-org/synapse
32
https://github.com/PaddlePaddle/Paddle
31
https://github.com/openstack/keystone
28
https://github.com/vllm-project/vllm
25
https://github.com/langchain-ai/langchain
25
https://github.com/run-llama/llama_index
24
https://github.com/pyload/pyload
24
https://github.com/ethyca/fides
20
https://github.com/huggingface/transformers
19
https://github.com/vantage6/vantage6
17
https://github.com/mindsdb/mindsdb
17
https://github.com/pyca/cryptography
16
https://github.com/MobSF/Mobile-Security-Framework-MobSF
15
https://github.com/aio-libs/aiohttp
15
https://github.com/cobbler/cobbler
15
https://github.com/apache/superset
14
https://github.com/urllib3/urllib3
14
https://github.com/pgadmin-org/pgadmin4
14
https://github.com/dpgaspar/Flask-AppBuilder
14
https://github.com/twisted/twisted
14
https://github.com/janeczku/calibre-web
14
https://github.com/zenml-io/zenml
13
https://github.com/modoboa/modoboa
13
https://github.com/h2oai/h2o-3
13
https://github.com/OctoPrint/OctoPrint
13
https://github.com/nautobot/nautobot
12
https://github.com/openstack/glance
12
https://github.com/getsentry/sentry
12
https://github.com/wagtail/wagtail
12
https://github.com/parisneo/lollms
11
https://github.com/open-webui/open-webui
11
https://github.com/Pylons/waitress
11
https://github.com/onionshare/onionshare
11
https://github.com/scrapy/scrapy
11
https://github.com/HumanSignal/label-studio
10
https://github.com/ckan/ckan
10
https://github.com/WeblateOrg/weblate
10
https://github.com/jupyter/notebook
10
https://github.com/lief-project/LIEF
9
https://github.com/element-hq/synapse
9
https://github.com/keras-team/keras
9
https://github.com/BerriAI/litellm
9
https://github.com/giampaolo/pyftpdlib
9
https://github.com/zopefoundation/Zope
9
https://github.com/openstack/horizon
9
https://github.com/faucetsdn/ryu
9
https://github.com/aimhubio/aim
9
https://github.com/ipython/ipython
8
https://github.com/tornadoweb/tornado
8
https://github.com/pallets/werkzeug
8
https://github.com/numpy/numpy
8
https://github.com/octoprint/octoprint
8
https://github.com/9001/copyparty
8
https://github.com/openstack/neutron
8
https://github.com/kiwitcms/Kiwi
8
https://github.com/dgtlmoon/changedetection.io
8
https://github.com/jupyter-server/jupyter_server
7
https://github.com/indico/indico
7
https://github.com/py-pdf/pypdf
7
https://github.com/pypa/pip
7
https://github.com/pytorch/executorch
7
https://github.com/aubio/aubio
7
https://github.com/Ericsson/codechecker
7
https://sourceforge.net/projects/sourceforge.net
7
https://github.com/openstack/cinder
7
https://github.com/openstack/swift
7
https://github.com/pytorch/pytorch
7
https://github.com/pallets/jinja
7
https://github.com/modelscope/agentscope
6
https://github.com/man-group/dtale
6
https://github.com/psf/requests
6
https://github.com/matrix-org/sydent
6
https://github.com/jupyterlab/jupyterlab
6
https://github.com/benbusby/whoogle-search
6
https://github.com/roundup-tracker/roundup
6
https://github.com/lxml/lxml
6
https://github.com/corydolphin/flask-cors
6
https://github.com/snowflakedb/snowflake-connector-python
6
https://github.com/graphite-project/graphite-web
6
https://github.com/keylime/keylime
6
https://github.com/yt-dlp/yt-dlp
6
https://github.com/inventree/InvenTree
5
https://github.com/tryton/trytond
5
https://github.com/onnx/onnx
5
https://github.com/jupyterhub/oauthenticator
5
https://github.com/mitmproxy/mitmproxy
5
https://github.com/esphome/esphome
5
https://github.com/bentoml/BentoML
5
https://github.com/pytorch/serve
5
https://github.com/TeamSeri0us/pocs
5
https://github.com/encode/starlette
5
https://github.com/home-assistant/core
5
https://github.com/ComposioHQ/composio
5
https://github.com/mozilla/bleach
5
https://github.com/gitpython-developers/GitPython
5
https://github.com/hwchase17/langchain
5
https://github.com/ome/omero-web
5
https://github.com/ray-project/ray
5
https://github.com/Exiv2/exiv2
5
https://github.com/django-helpdesk/django-helpdesk
4
https://github.com/Kozea/Radicale
4
https://github.com/python-ldap/python-ldap
4
https://github.com/NVIDIA/NVFlare
4
https://github.com/jupyterhub/jupyterhub
4
https://github.com/hiyouga/LLaMA-Factory
4
https://github.com/web2py/web2py
4
https://github.com/berriai/litellm
4
https://github.com/ietf-tools/xml2rfc
4
https://github.com/aws/aws-iot-device-sdk-java-v2
4
https://github.com/jhpyle/docassemble
4
https://github.com/FreeTAKTeam/UI
4
https://github.com/wasm3/wasm3
4
https://github.com/nltk/nltk
4
https://github.com/frappe/frappe
4
https://github.com/mlc-ai/xgrammar
4
https://github.com/latchset/jwcrypto
4
https://github.com/streamlit/streamlit
4
https://github.com/hyperledger/indy-node
4
https://github.com/zopefoundation/RestrictedPython
4
https://github.com/AcademySoftwareFoundation/openexr
4
https://github.com/litestar-org/litestar
4
https://github.com/pypa/setuptools
4
https://github.com/Cog-Creators/Red-DiscordBot
4
https://github.com/qutebrowser/qutebrowser
4
https://github.com/eosphoros-ai/DB-GPT
4
https://github.com/blacklanternsecurity/bbot
4
https://github.com/rohe/pysaml2
4
https://github.com/bottlepy/bottle
4
https://github.com/AcademySoftwareFoundation/MaterialX
4
https://github.com/ronf/asyncssh
4
https://github.com/langflow-ai/langflow
4
https://github.com/simonw/datasette
4
https://github.com/pallets/flask
4
https://github.com/saleor/saleor
4
https://github.com/pretix/pretix
4
https://github.com/grpc/grpc
4
https://github.com/dbt-labs/dbt-core
4
https://github.com/jpadilla/pyjwt
3
https://github.com/openstack/python-keystoneclient
3
https://github.com/eventlet/eventlet
3
https://github.com/moinwiki/moin-1.9
3
https://github.com/ankitects/anki
3
https://github.com/gventuri/pandas-ai
3
https://github.com/astral-sh/uv
3
https://github.com/theupdateframework/python-tuf
3
https://github.com/benoitc/gunicorn
3
https://github.com/aws/sagemaker-python-sdk
3
https://github.com/langchain-ai/langgraph
3
https://github.com/Kludex/python-multipart
3
https://github.com/aws/aws-sam-cli
3
https://github.com/furlongm/openvpn-monitor
3
https://github.com/langroid/langroid
3
https://github.com/djblets/djblets
3
https://github.com/mpdavis/python-jose
3
https://github.com/IdentityPython/pysaml2
3
https://github.com/impredicative/bitlyshortener
3
https://github.com/andialbrecht/sqlparse
3
https://github.com/Flask-Middleware/flask-security
3
https://github.com/pyinstaller/pyinstaller
3
https://github.com/dlitz/pycrypto
3
https://github.com/openstack/octavia
3
https://github.com/khoj-ai/khoj
3
https://github.com/openstack/ironic
3
https://github.com/chatchat-space/Langchain-Chatchat
3
https://github.com/Project-MONAI/MONAI
3
https://github.com/adamghill/django-unicorn
3
https://github.com/poezio/slixmpp
3
https://github.com/pyca/pyopenssl
3
https://github.com/ansible/ansible-runner
3
https://github.com/lepture/mistune
3
https://github.com/geyang/ml-logger
3
https://github.com/certifi/python-certifi
3
https://github.com/python/cpython
3
https://github.com/pygments/pygments
3
https://github.com/theupdateframework/tuf
3
https://github.com/sosreport/sos
3
https://github.com/Gerapy/Gerapy
3
https://github.com/micropython/micropython
3
https://github.com/zauberzeug/nicegui
3
https://github.com/trentm/python-markdown2
3
https://github.com/authlib/authlib
3
https://github.com/yaml/pyyaml
3
https://github.com/stephenmcd/mezzanine
3
https://github.com/DavidOsipov/PostQuantum-Feldman-VSS
3
https://github.com/GeoNode/geonode
3