pypi
761,655 packages · pypi.org
Low Security Advisories in pypi Clear Filters
Low
5 days ago
Calibre-Web Has a Stored Cross-Site Scripting (XSS) Vulnerability via the 'username' Field During User Creation
pypi
calibreweb
Low
11 days ago
Overhang Tutor Discloses Sensitive Information due to Improper Cache-Control
pypi
tutor
Low
13 days ago
OMERO.web uses jquery-form library, which may be vulnerable to XSS attack
pypi
omero-web
Low
about 1 month ago
Weblate leaks the IP of project member inviting user to be reviewer in Audit log
pypi
weblate
Low
2 months ago
DataChain Vulnerable to Deserialization of Untrusted Data from Environment Variables
pypi
datachain
Low
2 months ago
JupyterLab LaTeX typesetter links did not enforce `noopener` attribute
pypi
jupyterlab
Low
3 months ago
Fides has a Lack of Brute-Force Protections on Authentication Endpoints
pypi
ethyca-fides
Low
3 months ago
Fides' Admin UI User Password Change Does Not Invalidate Current Session
pypi
ethyca-fides
Low
3 months ago
MobSF Path Traversal in GET /download/<filename> using absolute filenames
pypi
mobsf
Low
3 months ago
Exiv2 has quadratic performance in ICC profile parsing in JpegBase::readMetadata
pypi
Exiv2
Low
3 months ago
Exiv2 Segmentation Faults in Exiv2::EpsImage::writeMetadata() via crafted EPS file
pypi
Exiv2
Low
4 months ago
MaterialX Null Pointer Dereference in MaterialXCore Shader Generation due to Unchecked implGraphOutput
pypi
MaterialX
Low
4 months ago
MaterialX Null Pointer Dereference in getShaderNodes due to Unchecked nodeGraph->getOutput return
pypi
MaterialX
Low
5 months ago
AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections
pypi
aiohttp
Low
5 months ago
Transformers's Improper Input Validation vulnerability can be exploited through username injection
pypi
transformers
Low
6 months ago
pyspur Incomplete Filtering of Special Elements allowed by SingleLLMCallNode function
pypi
pyspur
Low
6 months ago
Upsonic is vulnerable to Path Traversal attack through its os.path.join function
pypi
upsonic
Low
6 months ago
Upsonic has vulnerability in Pickle Handler component that can lead to deserialization
pypi
upsonic
Low
6 months ago
vantage6 lacks brute-force protection on change password functionality
pypi
vantage6
Low
6 months ago
Potential Timing Side-Channel Vulnerability in vLLM’s Chunk-Based Prefix Caching
pypi
vllm
Low
7 months ago
Vyper's `concat()` builtin may elide side-effects for zero-length arguments
pypi
vyper
Low
7 months ago
markdownify allows large headline prefixes such as <h9999999>, which causes memory consumption
pypi
markdownify
Low
8 months ago
VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext
pypi
weblate
Low
9 months ago
Django TomSelect incomplete escaping of dangerous characters in widget attributes
pypi
django-tomselect
Low
9 months ago
copyparty renders unsanitized filenames as HTML when user uploads empty files
pypi
copyparty
Low
10 months ago
AugAssign evaluation order causing OOB write within the object in Vyper
pypi
vyper
Low
10 months ago
vLLM uses Python 3.12 built-in hash() which leads to predictable hash collisions in prefix cache
pypi
vllm
Low
11 months ago
Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution
pypi
strawberry-graphql
Low
11 months ago
Apache Airflow Fab Provider Insufficient Session Expiration vulnerability
pypi
apache-airflow-providers-fab
Low
12 months ago
sigstore has insufficient validation of integration timestamp during verification
pypi
sigstore
Low
12 months ago
Apache Superset: Improper SQL authorisation, parse not checking for specific postgres functions
pypi
apache-superset
Low
about 1 year ago
Password Policy Bypass Vulnerability in Fides Webserver User Accept Invite API
pypi
ethyca-fides
Low
about 1 year ago
Apache Airflow vulnerable to Insertion of Sensitive Information Into Sent Data
pypi
apache-airflow
Low
about 1 year ago
Lord of Large Language Models (LoLLMs) Server path traversal vulnerability in lollms_file_system.py
pypi
lollms
Low
about 1 year ago
Gradio's dropdown component pre-process step does not limit the values to those in the dropdown list
pypi
gradio
Low
about 1 year ago
In Gradio, the `enable_monitoring` flag set to `False` does not disable monitoring
pypi
gradio
Low
about 1 year ago
open-webui allows enumeration of file names and traversal of directories by observing the error messages
pypi
open-webui
Low
over 1 year ago
Timing-Based Username Enumeration Vulnerability in Fides Webserver Authentication
pypi
ethyca-fides
Low
over 1 year ago
LTI 1.3 Grade Pass Back Implementation has Missing Authorization Vulnerability
pypi
lti-consumer-xblock
Low
over 1 year ago
Apache Airflow Providers FAB Insufficient Session Expiration vulnerability
pypi
apache-airflow-providers-fab
Low
over 1 year ago
[PUNCIA] [CWE-319] Cleartext Transmission of Sensitive Information via HTTP urls in `API_URLS`
pypi
puncia
Low
over 1 year ago
Sentry's Python SDK unintentionally exposes environment variables to subprocesses
pypi
sentry-sdk
Low
over 1 year ago
dbt has an implicit override for built-in materializations from installed packages
pypi
dbt-core
Low
over 1 year ago
yt-dlp has dependency on potentially malicious third-party code in Douyu extractors
pypi
yt-dlp
Low
over 1 year ago
Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js
pypi
ethyca-fides
Low
over 1 year ago
Apache Airflow does not return the "Cache-Control" header for dynamic content
pypi
apache-airflow
Low
over 1 year ago
Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability
pypi
ethyca-fides
Low
over 1 year ago
vantage6 collaboration admins can extend their influence by expanding the collaboration
pypi
vantage6
Low
over 1 year ago
Improper Certificate Validation vulnerability in Apache Airflow FTP Provider
pypi
apache-airflow-providers-ftp
Filter by Severity
Filter by Package
tensorflow
105
tensorflow-cpu
102
tensorflow-gpu
97
vyper
12
ethyca-fides
9
nova
8
ansible
5
zenml
4
cryptography
4
vantage6
4
django
3
apache-airflow
3
nautobot
3
gradio
3
aiohttp
3
langchain
3
langchain-chatchat
3
matrix-synapse
3
weblate
3
apache-airflow-providers-fab
2
vllm
2
ceph-deploy
2
keystone
2
python-keystoneclient
2
transformers
2
vantage6-server
2
Zope
2
salt
2
glance
2
Exiv2
2
dbt-core
2
MaterialX
2
Flask-Security-Too
2
upsonic
2
open-webui
2
Weblate
2
plone
2
OctoPrint
2
freewvs
2
guarddog
2
horizon
2
wagtail
2
tuf
2
Nova
2
changedetection.io
2
nemo_toolkit
1
case-utils
1
ml-logger
1
com.github.tomakehurst:wiremock-jre8
1
cdo-local-uuid
1
saleor
1
hyper-bump-it
1
uv
1
spotipy
1
PyDrive2
1
kiwitcms
1
pdf2zh
1
net.sf.mpxj
1
copyparty
1
yt-dlp
1
Zope2
1
vng-api-common-utrecht
1
amundsen-frontend
1
reflex
1
aws-encryption-sdk-cli
1
vng-api-common
1
lief
1
django-registration
1
personnummer
1
puncia
1
datasette-graphql
1
golismero
1
plone.restapi
1
org.wiremock:wiremock-standalone
1
djangorestframework
1
flask
1
rdiffweb
1
django-tomselect
1
gradio_pdf
1
apache-libcloud
1
neutron
1
commonground-api-common
1
apache-superset
1
pyspur
1
net.sf.mpxj:mpxj
1
tqdm
1
aim
1
qiskit-ibm-runtime
1
Ansible
1
com.github.tomakehurst:wiremock-jre8-standalone
1
plone.namedfile
1
litestar
1
ipython
1
lollms
1
bitlyshortener
1
strawberry-graphql
1
qutebrowser
1
cloudtoken
1
flask-appbuilder
1
omero-web
1
django-ses
1
mpxj
1
tutor
1
RPLY
1
lti-consumer-xblock
1
datachain
1
SafeURL-Python
1
net.sf.mpxj-for-csharp
1
loggerhead
1
openapi-python-client
1
sentry
1
calibreweb
1
sickchill
1
fgr
1
cabot
1
org.wiremock:wiremock
1
apache-airflow-providers-ftp
1
jupyterlab
1
cryptoauthlib
1
anki
1
mysql-connector-python
1
mlflow
1
ms-swift
1
wiremock
1
oslo.utils
1
dynamodb-encryption-sdk
1
mobsf
1
Flask-AppBuilder
1
datasette
1
configobj
1
Keystone
1
ansible-core
1
Werkzeug
1
streamlit
1
openstack-heat
1
pyxdg
1
ironic
1
djangorestframework-simplejwt
1
xmpp-http-upload
1
markdownify
1
sentry-sdk
1
langchain-core
1
pypop-genomics
1
swift
1
PyJWT
1
webssh
1
certifi
1
torch
1
aworld
1
notebook
1
Pillow
1
net.sf.mpxj-for-vb
1
sigstore
1
Filter by Repository
https://github.com/tensorflow/tensorflow
105
https://github.com/vyperlang/vyper
12
https://github.com/openstack/nova
10
https://github.com/ethyca/fides
9
https://github.com/vantage6/vantage6
6
https://github.com/apache/airflow
6
https://github.com/ansible/ansible
6
https://github.com/WeblateOrg/weblate
5
https://github.com/pyca/cryptography
4
https://github.com/aio-libs/aiohttp
3
https://github.com/zenml-io/zenml
3
https://github.com/nautobot/nautobot
3
https://github.com/openstack/keystone
3
https://github.com/matrix-org/synapse
3
https://github.com/chatchat-space/Langchain-Chatchat
3
https://github.com/django/django
3
https://github.com/gradio-app/gradio
2
https://github.com/huggingface/transformers
2
https://github.com/saltstack/salt
2
https://github.com/vllm-project/vllm
2
https://github.com/DataDog/guarddog
2
https://github.com/ceph/ceph-deploy
2
https://github.com/schokokeksorg/freewvs
2
https://github.com/dbt-labs/dbt-core
2
https://github.com/zopefoundation/Zope
2
https://github.com/Upsonic/Upsonic
2
https://github.com/wagtail/wagtail
2
https://github.com/langchain-ai/langchain
2
https://github.com/openstack/horizon
2
https://github.com/octoprint/octoprint
2
https://github.com/Flask-Middleware/flask-security
2
https://github.com/AcademySoftwareFoundation/MaterialX
2
https://github.com/theupdateframework/python-tuf
2
https://github.com/dpgaspar/Flask-AppBuilder
2
https://github.com/Exiv2/exiv2
2
https://github.com/dan1hc/fgr
1
https://github.com/ankitects/anki
1
https://github.com/plone/plone.namedfile
1
https://github.com/sigstore/sigstore-python
1
https://github.com/kiwitcms/Kiwi
1
https://github.com/arachnys/cabot
1
https://github.com/pallets/flask
1
https://github.com/qutebrowser/qutebrowser
1
https://github.com/alex/rply
1
https://github.com/certifi/python-certifi
1
https://github.com/aws/aws-dynamodb-encryption-python
1
https://github.com/ipython/ipython
1
https://github.com/openedx/xblock-lti-consumer
1
https://github.com/geyang/ml-logger
1
https://github.com/inclusionAI/AWorld
1
https://github.com/alexlancaster/pypop
1
https://github.com/amundsen-io/amundsenfrontendlibrary
1
https://github.com/getsentry/sentry-python
1
https://github.com/PySpur-Dev/pyspur
1
https://github.com/openstack/glance
1
https://github.com/triaxtec/openapi-python-client
1
https://github.com/litestar-org/litestar
1
https://github.com/openstack/ironic
1
https://github.com/matthewwithanm/python-markdownify
1
https://github.com/impredicative/bitlyshortener
1
https://github.com/simonw/datasette
1
https://github.com/MicrochipTech/cryptoauthlib
1
https://github.com/yt-dlp/yt-dlp
1
https://github.com/encode/django-rest-framework
1
https://github.com/DiffSK/configobj
1
https://github.com/streamlit/streamlit
1
https://github.com/plone/plone.restapi
1
https://github.com/strawberry-graphql/strawberry
1
https://github.com/saleor/saleor
1
https://github.com/open-webui/open-webui
1
https://github.com/fog/fog
1
https://github.com/iterative/datachain
1
https://github.com/maykinmedia/commonground-api-common
1
https://github.com/ARPSyndicate/puncia
1
https://github.com/NVIDIA/NeMo
1
https://github.com/apache/superset
1
https://github.com/IncludeSecurity/safeurl-python
1
https://github.com/dgtlmoon/changedetection.io
1
https://github.com/astral-sh/uv
1
https://github.com/joniles/mpxj
1
https://github.com/mlflow/mlflow
1
https://github.com/wiremock/wiremock
1
https://github.com/9001/copyparty
1
https://github.com/fai1424/Vulnerability-Research
1
https://github.com/ubernostrum/django-registration
1
https://github.com/huashengdun/webssh
1
https://github.com/aws/aws-encryption-sdk-cli
1
https://github.com/personnummer/python
1
https://github.com/Qiskit/qiskit-ibm-runtime
1
https://github.com/horazont/xmpp-http-upload
1
https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID
1
https://github.com/SickChill/sickchill
1
https://github.com/getsentry/sentry
1
https://github.com/ParisNeo/lollms
1
https://github.com/freddyaboulton/gradio-pdf
1
https://github.com/OmenApps/django-tomselect
1
https://github.com/openstack/python-keystoneclient
1
https://github.com/modelscope/ms-swift
1
https://github.com/jpadilla/pyjwt
1
https://github.com/pallets/werkzeug
1
https://github.com/MobSF/Mobile-Security-Framework-MobSF
1
https://github.com/openstack/neutron
1
https://github.com/lief-project/LIEF
1
https://github.com/reflex-dev/reflex
1
https://github.com/jupyter/notebook
1
https://github.com/plannigan/hyper-bump-it
1
https://github.com/takluyver/pyxdg
1
https://github.com/pytorch/pytorch
1
https://github.com/django-ses/django-ses
1
https://github.com/python-pillow/Pillow
1
https://github.com/PinkDraconian/PoC-Langchain-RCE
1
https://bitbucket.org/atlassian/cloudtoken
1
https://github.com/dmdhrumilmistry/CVEs
1
https://github.com/simonw/datasette-graphql
1
https://github.com/tqdm/tqdm
1
https://github.com/jupyterlab/jupyterlab
1
https://github.com/iterative/PyDrive2
1
https://github.com/ikus060/rdiffweb
1