pypi
735,275 packages · pypi.org
Critical Security Advisories in pypi Clear Filters
Critical
2 days ago
Apache Pyfory python is vulnerable to deserialization of untrusted data
pypi
pyfury, pyfory
Critical
11 days ago
H2O affected by a deserialization vulnerability
pypi, maven
h2o, ai.h2o:h2o-core
Critical
18 days ago
mcp-kubernetes-server has an OS Command Injection vulnerability
pypi
mcp-kubernetes-server
Critical
23 days ago
Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check
pypi
picklescan
Critical
23 days ago
Picklescan is Vulnerable to Unsafe Globals Check Bypass through Subclass Imports
pypi
picklescan
Critical
28 days ago
internetarchive Vulnerable to Directory Traversal in File.download()
pypi
internetarchive
Critical
29 days ago
Pixar OpenUSD Sdf_PathNode Module Use-After-Free Vulnerability Leading to Potential Remote Code Execution
pypi
usd-core
Critical
30 days ago
DeepDiff Class Pollution in Delta class leading to DoS, Remote Code Execution, and more
pypi
deepdiff
Critical
2 months ago
pyLoad CNL Blueprint allows Path Traversal through `dlc_path` which leads to Remote Code Execution (RCE)
pypi
pyload-ng
Critical
2 months ago
num2words subjected to phishing attack, two versions published containing malware
pypi
num2words
Critical
2 months ago
smolagents has Sandbox Escape Vulnerability in the local_python_executor.py Module
pypi
smolagents
Critical
3 months ago
Apache Airflow Providers Snowflake package allows for Special Element Injection via CopyFromExternalStageToSnowflakeOperator
pypi
apache-airflow-providers-snowflake
Critical
4 months ago
rfc3161-client has insufficient verification for timestamp response signatures
pypi
rfc3161-client
Critical
4 months ago
Salt vulnerable to directory traversal attack in file receiving method
pypi
salt
Critical
5 months ago
vLLM Allows Remote Code Execution via PyNcclPipe Communication Service
pypi
vllm
Critical
5 months ago
Browser Use allows bypassing `allowed_domains` by putting a decoy domain in http auth username portion of a URL
pypi
browser-use
Critical
5 months ago
CVE-2025-24357 Malicious model remote code execution fix bypass with PyTorch < 2.6.0
pypi
vllm
Critical
6 months ago
PyTorch: `torch.load` with `weights_only=True` leads to remote code execution
pypi
torch
Critical
6 months ago
TigerVNC accessible via the network and not just via a UNIX socket as intended
pypi
jupyter-remote-desktop-proxy
Critical
6 months ago
BentoML's runner server Vulnerable to Remote Code Execution (RCE) via Insecure Deserialization
pypi
bentoml
Critical
6 months ago
LNbits Lightning Network Payment System Vulnerable to Server-Side Request Forgery via LNURL Authentication Callback
pypi
lnbits
Critical
6 months ago
BentoML Allows Remote Code Execution (RCE) via Insecure Deserialization
pypi
bentoml
Critical
6 months ago
pgAdmin 4 Vulnerable to Cross-Site Scripting (XSS) via Query Result Rendering
pypi
pgadmin4
Critical
7 months ago
vLLM deserialization vulnerability in vllm.distributed.GroupCoordinator.recv_object
pypi
vllm
Critical
7 months ago
vLLM allows Remote Code Execution by Pickle Deserialization via AsyncEngineRPCServer() RPC server entrypoints
pypi
vllm
Critical
7 months ago
llama-index-packs-finchat SQL Injection vulnerability
pypi
llama-index-packs-finchat
Critical
7 months ago
LlamaIndex Retrievers Integration: DuckDBRetriever SQL Injection
pypi
llama-index-retrievers-duckdb-retriever
Critical
7 months ago
DB-GPT Absolute Path Traversal in knowledge/{space_name}/document/upload
pypi
dbgpt
Critical
7 months ago
DB-GPT is vulnerable to SQL Injection attacks from unauthenticated users
pypi
dbgpt
Critical
7 months ago
H2O Deserialization of Untrusted Data Vulnerability
maven, pypi
ai.h2o:h2o-core, h2o
Critical
7 months ago
Qiskit allows arbitrary code execution decoding QPY format versions < 13
pypi
qiskit, qiskit-terra
Critical
7 months ago
LTI JupyterHub Authenticator does not properly validate JWT Signature
pypi
jupyterhub-ltiauthenticator
Critical
8 months ago
PandasAI interactive prompt function Remote Code Execution (RCE)
pypi
pandasai
Critical
8 months ago
Django-Unicorn Class Pollution Vulnerability, Leading to XSS, DoS and Authentication Bypass
pypi
django-unicorn
Critical
9 months ago
Sentry's improper authentication on SAML SSO process allows user impersonation
pypi
sentry
Critical
9 months ago
Rasa Allows Remote Code Execution via Remote Model Loading
pypi
rasa, rasa-pro
Critical
11 months ago
cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes
pypi
cobbler
Critical
11 months ago
codechecker authentication method confusion vulnerability allows logging in as the built-in root user from an external service
pypi
codechecker
Critical
11 months ago
codechecker vulnerable to authentication bypass when using specifically crafted URLs
pypi
codechecker
Critical
11 months ago
Waitress has request processing race condition in HTTP pipelining with invalid first request
pypi
waitress
Critical
12 months ago
changedetection.io has a Server Side Template Injection using Jinja2 which allows Remote Command Execution
pypi
changedetection.io
Critical
about 1 year ago
LangChain Experimental Eval Injection vulnerability
pypi
langchain-experimental
Critical
about 1 year ago
H2O.ai H2O vulnerable to deserialization attacks via a JDBC Connection URL
pypi, maven
h2o, ai.h2o:h2o-core
Critical
about 1 year ago
LlamaIndex includes an exec call for `import {cls_name}`
pypi
llama-index-core
Critical
about 1 year ago
TorchServe vulnerable to bypass of allowed_urls configuration
pypi
torchserve
Critical
about 1 year ago
Fiona affected by CVE-2023-45853 related to MiniZip madler-zlib
pypi
fiona
Critical
about 1 year ago
langchain-experimental vulnerable to Arbitrary Code Execution
pypi
langchain-experimental
Critical
over 1 year ago
Gradio was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py
pypi
Gradio
Critical
over 1 year ago
litellm vulnerable to remote code execution based on using eval unsafely
pypi
litellm
Critical
over 1 year ago
pytorch-lightning vulnerable to Arbitrary File Write via /v1/runs API endpoint
pypi
lightning
Critical
over 1 year ago
vanna vulnerable to remote code execution caused by prompt injection
pypi
vanna
Critical
over 1 year ago
Apache Submarine Server Core Incorrect Authorization vulnerability
pypi, maven
apache-submarine, org.apache.submarine:submarine-server-core
Critical
over 1 year ago
Jupyter Server Proxy has a reflected XSS issue in host parameter
pypi
jupyter-server-proxy
Critical
over 1 year ago
document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection
pypi
document-merge-service
Filter by Severity
Filter by Package
salt
17
Django
14
mlflow
14
langchain
12
apache-airflow
10
ansible
9
rdiffweb
8
paddlepaddle
7
vllm
7
pyload-ng
7
mercurial
6
tensorflow-gpu
6
pillow
6
executorch
5
dbgpt
5
bentoml
5
tensorflow
5
tensorflow-cpu
5
Pillow
4
calibreweb
4
langchain-experimental
4
ray
4
gradio
4
h2o
4
ait-core
4
aim
4
cobbler
4
apache-airflow-providers-apache-hive
4
apache-submarine
3
twisted
3
SQLAlchemy
3
ai.h2o:h2o-core
3
picklescan
3
agentscope
3
PaddlePaddle
3
modoboa
3
torchserve
3
nvflare
3
dulwich
3
mitmproxy
3
llama-index-core
3
Plone
3
pyyaml
3
vyper
3
llama-index
3
lmdb
3
pandasai
3
django-anymail
2
lightning
2
GitPython
2
whoogle-search
2
pysaml2
2
codechecker
2
torch
2
plone
2
waitress
2
reportlab
2
pgadmin4
2
consoleme
2
litellm
2
jupyter-server-proxy
2
lollms
2
graphite-web
2
web2py
2
InvokeAI
2
quokka
2
ctx
2
Twisted
2
scalyr-agent-2
2
gerapy
2
Radicale
2
python-jose
2
apache-superset
2
python-keystoneclient
2
vanna
2
pytorch-lightning
2
svglib
1
roundup
1
pymysql
1
zodb3
1
mcp-kubernetes-server
1
ladon
1
TkEasyGUI
1
pycsw
1
frigate
1
document-merge-service
1
zbar
1
org.apache.iotdb:iotdb-grafana-connector
1
ibis-framework
1
neutron
1
pywebdav
1
paramiko
1
murano
1
usd-core
1
piccolo
1
libvcs
1
nnabla
1
diffoscope
1
llama-hub
1
sickrage
1
owlmixin
1
ckan
1
kerberos
1
pymatgen
1
apache-airflow-providers-snowflake
1
swauth
1
python-jwt
1
org.eclipse.jgit:org.eclipse.jgit
1
wmagent
1
ecdsa
1
recurly
1
pysha3
1
python-scciclient
1
cbpi4
1
keras
1
tendenci
1
sentry
1
Pygments
1
apache-airflow-providers-apache-sqoop
1
nova
1
pyfury
1
matrix-sydent
1
Gradio
1
toui
1
AsyncSSH
1
libtaxii
1
limnoria
1
backend.ai
1
pipreqs
1
dask
1
rpc.py
1
alerta-server
1
Shinken
1
APKLeaks
1
jupyterhub-firstuseauthenticator
1
os-vif
1
eve
1
django-piston
1
koji
1
jupyter-remote-desktop-proxy
1
django-s3file
1
numpy
1
ReviewBoard
1
scikit-learn
1
tablib
1
joblib
1
llama-cpp-python
1
searchor
1
splunk-sdk
1
OctoBot
1
django-unicorn
1
org.apache.submarine:submarine-server-core
1
django_make_app
1
openstack-magnum
1
pwntools
1
keylime
1
tuf
1
lookatme
1
notebook
1
jsonpickle
1
lxdui
1
pydash
1
psd-tools
1
python-swiftclient
1
agpt
1
Lektor
1
MindsDB
1
reqmon
1
LinOTP
1
vncauthproxy
1
distributed
1
qiskit-terra
1
superset
1
browser-use
1
api-res-py
1
deepdiff
1
django
1
Products.SQLAlchemyDA
1
apache-airflow-providers-google
1
transmute-core
1
plotai
1
docutils
1
clickhouse-driver
1
apache-airflow-providers-mysql
1
MISP-maltego
1
requests-kerberos
1
localstack
1
DIRAC
1
PyYAML
1
pgAdmin4
1
rasa
1
TurboGears
1
httpx
1
binderhub
1
onefuzz
1
mocodo
1
ops-cli
1
zenml
1
impacket
1
label-studio
1
Filter by Repository
https://github.com/apache/airflow
16
https://github.com/django/django
15
https://github.com/mlflow/mlflow
14
https://github.com/saltstack/salt
13
https://github.com/langchain-ai/langchain
12
https://github.com/python-pillow/Pillow
9
https://github.com/PaddlePaddle/Paddle
9
https://github.com/ikus060/rdiffweb
8
https://github.com/ansible/ansible
8
https://github.com/run-llama/llama_index
7
https://github.com/pyload/pyload
7
https://github.com/tensorflow/tensorflow
6
https://github.com/vllm-project/vllm
5
https://github.com/pytorch/executorch
5
https://github.com/twisted/twisted
5
https://github.com/ray-project/ray
4
https://github.com/janeczku/calibre-web
4
https://github.com/gradio-app/gradio
4
https://github.com/bentoml/BentoML
4
https://github.com/cobbler/cobbler
4
https://github.com/hwchase17/langchain
4
https://github.com/TeamSeri0us/pocs
3
https://github.com/mitmproxy/mitmproxy
3
https://github.com/mmaitre314/picklescan
3
https://github.com/eosphoros-ai/DB-GPT
3
https://github.com/pgadmin-org/pgadmin4
3
https://github.com/github/securitylab
3
https://github.com/pytorch/serve
3
https://github.com/NVIDIA/NVFlare
3
https://github.com/vyperlang/vyper
3
https://github.com/modoboa/modoboa
3
https://github.com/h2oai/h2o-3
3
https://github.com/sqlalchemy/sqlalchemy
3
https://github.com/NASA-AMMOS/AIT-Core
3
https://github.com/yaml/pyyaml
3
https://github.com/pytorch/pytorch
3
https://github.com/parisneo/lollms
2
https://github.com/graphite-project/graphite-web
2
https://github.com/dask/distributed
2
https://github.com/rochacbruno/quokka
2
https://github.com/openstack/python-keystoneclient
2
https://github.com/jelmer/dulwich
2
https://github.com/Gerapy/Gerapy
2
https://github.com/web2py/web2py
2
https://github.com/jupyterhub/jupyter-server-proxy
2
https://github.com/modelscope/agentscope
2
https://github.com/benbusby/whoogle-search
2
https://github.com/aimhubio/aim
2
https://github.com/Pylons/waitress
2
https://github.com/Kozea/Radicale
2
https://github.com/Ericsson/codechecker
2
https://github.com/mpdavis/python-jose
2
https://github.com/BerriAI/litellm
2
https://github.com/invoke-ai/invokeai
2
https://github.com/anymail/django-anymail
2
https://github.com/apache/submarine
2
https://github.com/gventuri/pandas-ai
2
https://github.com/rohe/pysaml2
2
https://github.com/scalyr/scalyr-agent-2
2
https://github.com/gitpython-developers/GitPython
2
https://github.com/lightning-ai/pytorch-lightning
2
https://github.com/tankywoo/simiki
1
https://github.com/theupdateframework/tuf
1
https://github.com/microsoft/onefuzz
1
https://github.com/piccolo-orm/piccolo
1
https://github.com/Styria-Digital/django-rest-framework-jwt
1
https://github.com/SAP/cloud-pysec
1
https://github.com/pyeve/eve
1
https://github.com/invoke-ai/InvokeAI
1
https://github.com/Toblerity/Fiona
1
https://github.com/apache/fory
1
https://github.com/datahub-project/datahub
1
https://github.com/significant-gravitas/autogpt
1
https://github.com/mubarakalmehairbi/ToUI
1
https://github.com/abetlen/llama-cpp-python
1
https://github.com/keylime/keylime
1
https://github.com/trailofbits/rfc3161-client
1
https://github.com/davedoesdev/python-jwt
1
https://github.com/zopefoundation/Products.SQLAlchemyDA
1
https://github.com/lektor/lektor
1
https://github.com/dpgaspar/Flask-AppBuilder
1
https://github.com/hyperledger/indy-node
1
https://github.com/TaleLin/lin-cms-flask
1
https://github.com/warner/python-ecdsa
1
https://github.com/laowantong/mocodo
1
https://github.com/anthraxx/diffoscope
1
https://github.com/ome/omero-web
1
https://github.com/Gallopsled/pwntools
1
https://github.com/ProgVal/Limnoria
1
https://github.com/openstack/swift
1
https://github.com/twangboy/salt
1
https://github.com/deepset-ai/haystack
1
https://github.com/osuosl/twisted_vncauthproxy
1
https://github.com/miurahr/py7zr
1
https://github.com/mozilla/bleach
1
https://github.com/paramiko/paramiko
1
https://github.com/ckan/ckan
1
https://github.com/figlief/ctx
1
https://github.com/feiskyer/mcp-kubernetes-server
1
https://github.com/illagrenan/django-make-app
1
https://github.com/frostming/rediswrapper
1
https://github.com/adamghill/django-unicorn
1
https://github.com/localstack/localstack
1
https://github.com/wger-project/wger
1
https://github.com/jupyterhub/binderhub
1
https://github.com/0FuzzingQ/vuln
1
https://github.com/dwisiswant0/apkleaks
1
https://github.com/simonw/datasette-indieauth
1
https://github.com/recurly/recurly-client-python
1
https://bitbucket.org/jakobsg/ladon
1
https://github.com/zwczou/weixin-python
1
https://github.com/joblib/joblib
1
https://github.com/onionshare/onionshare
1
https://github.com/mymarilyn/clickhouse-driver
1
https://github.com/psd-tools/psd-tools
1
https://github.com/DIRACGrid/DIRAC
1
https://github.com/vcs-python/libvcs
1
https://github.com/OnShift/turbogears
1
https://github.com/plone/Products.CMFPlone
1
https://github.com/tadashi-aikawa/owlmixin
1
https://github.com/rakeshrkz7/as_api_res
1
https://github.com/bentoml/bentoml
1
https://github.com/numpy/numpy
1
https://github.com/jjjake/internetarchive
1
https://github.com/dmwm/WMCore
1
https://github.com/openstack/octavia
1
https://github.com/openstack/nova
1
https://github.com/mljar/plotai
1
https://github.com/tendenci/tendenci
1
https://bitbucket.org/web.archive.org/web
1
https://github.com/ronf/asyncssh
1
https://sourceforge.net/projects/sourceforge.net
1
https://github.com/rossant/ipycache
1
https://github.com/dexter2206/ymlref
1
https://github.com/encode/httpx
1
https://github.com/toastdriven/django-tastypie
1
https://github.com/plone/plone.app.contenttypes
1
https://github.com/pytorchlightning/pytorch-lightning
1
https://github.com/deeplook/svglib
1
https://github.com/matrix-org/sydent
1
https://github.com/ibis-project/ibis
1
https://github.com/libgit2/libgit2
1
https://github.com/sarathsp06/exotel-py
1
https://github.com/Netflix/consoleme
1
https://github.com/dgtlmoon/changedetection.io
1
https://github.com/bndr/pipreqs
1
https://github.com/MISP/MISP-maltego
1
https://github.com/apache/superset
1
https://github.com/urllib3/urllib3
1
https://github.com/aubio/aubio
1
https://github.com/fief-dev/fief
1
https://github.com/toumorokoshi/transmute-core
1
https://github.com/Drakkar-Software/OctoBot
1
https://github.com/Netflix/security-bulletins
1
https://github.com/SecureAuthCorp/impacket
1
https://github.com/bbengfort/confire
1
https://github.com/openstack/swauth
1
https://github.com/LinOTP/LinOTP
1
https://github.com/git-big-picture/git-big-picture
1
https://github.com/naparuba/shinken
1
https://github.com/bayuncao/vul-cve-6
1
https://github.com/apple/ccs-pykerberos
1
https://github.com/dlitz/pycrypto
1
https://bitbucket.org/birkenfeld/pygments-main
1
https://github.com/SickRage/SickRage
1
https://github.com/Aaron911/PoC
1
https://github.com/fusionbox/django-widgy
1
https://github.com/bottlepy/bottle
1
https://github.com/thanethomson/MLAlchemy
1
https://github.com/sony/nnabla
1
https://github.com/jupyterhub/firstuseauthenticator
1
https://github.com/embedchain/embedchain
1
https://github.com/marshmallow-code/apispec
1
https://bitbucket.org/jespern/django-piston
1
https://github.com/openstack/murano
1
https://github.com/openstack/os-vif
1
https://github.com/PixarAnimationStudios/OpenUSD
1
https://github.com/getsentry/sentry
1
https://github.com/MrBitBucket/reportlab-mirror
1
https://github.com/nameko/nameko
1
https://github.com/tooxie/shiva-server
1
https://github.com/MagicStack/asyncpg
1
https://github.com/blakeblackshear/frigate
1
https://github.com/python-rope/rope
1
https://github.com/alerta/alerta
1
https://github.com/apragacz/django-rest-registration
1
https://github.com/apache/arrow
1
https://github.com/cookiecutter/cookiecutter
1
https://github.com/savon-noir/python-libnmap
1
https://github.com/ArjunSharda/Searchor
1
https://github.com/langroid/langroid
1
https://github.com/qdrant/qdrant
1
https://github.com/PyMySQL/PyMySQL
1
https://github.com/geopython/pycsw
1
https://github.com/run-llama/llama-hub
1
https://github.com/python-poetry/poetry-core
1
https://github.com/codingjoe/django-s3file
1
https://github.com/Stranger6667/pyanyapi
1
https://github.com/arrayfire/arrayfire-rust
1