pypi
735,275 packages · pypi.org
Low Security Advisories in pypi Clear Filters
Low
about 24 hours ago
DataChain Vulnerable to Deserialization of Untrusted Data from Environment Variables
pypi
datachain
Low
7 days ago
JupyterLab LaTeX typesetter links did not enforce `noopener` attribute
pypi
jupyterlab
Low
25 days ago
Fides has a Lack of Brute-Force Protections on Authentication Endpoints
pypi
ethyca-fides
Low
25 days ago
Fides' Admin UI User Password Change Does Not Invalidate Current Session
pypi
ethyca-fides
Low
about 1 month ago
MobSF Path Traversal in GET /download/<filename> using absolute filenames
pypi
mobsf
Low
about 1 month ago
Exiv2 has quadratic performance in ICC profile parsing in JpegBase::readMetadata
pypi
Exiv2
Low
about 1 month ago
Exiv2 Segmentation Faults in Exiv2::EpsImage::writeMetadata() via crafted EPS file
pypi
Exiv2
Low
2 months ago
MaterialX Null Pointer Dereference in MaterialXCore Shader Generation due to Unchecked implGraphOutput
pypi
MaterialX
Low
2 months ago
MaterialX Null Pointer Dereference in getShaderNodes due to Unchecked nodeGraph->getOutput return
pypi
MaterialX
Low
3 months ago
AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections
pypi
aiohttp
Low
3 months ago
Transformers's Improper Input Validation vulnerability can be exploited through username injection
pypi
transformers
Low
3 months ago
pyspur Incomplete Filtering of Special Elements allowed by SingleLLMCallNode function
pypi
pyspur
Low
4 months ago
Upsonic has vulnerability in Pickle Handler component that can lead to deserialization
pypi
upsonic
Low
4 months ago
Upsonic is vulnerable to Path Traversal attack through its os.path.join function
pypi
upsonic
Low
4 months ago
vantage6 lacks brute-force protection on change password functionality
pypi
vantage6
Low
4 months ago
Potential Timing Side-Channel Vulnerability in vLLM’s Chunk-Based Prefix Caching
pypi
vllm
Low
5 months ago
Vyper's `concat()` builtin may elide side-effects for zero-length arguments
pypi
vyper
Low
5 months ago
markdownify allows large headline prefixes such as <h9999999>, which causes memory consumption
pypi
markdownify
Low
6 months ago
VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext
pypi
weblate
Low
6 months ago
Django TomSelect incomplete escaping of dangerous characters in widget attributes
pypi
django-tomselect
Low
7 months ago
copyparty renders unsanitized filenames as HTML when user uploads empty files
pypi
copyparty
Low
8 months ago
vLLM uses Python 3.12 built-in hash() which leads to predictable hash collisions in prefix cache
pypi
vllm
Low
9 months ago
Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution
pypi
strawberry-graphql
Low
9 months ago
Apache Airflow Fab Provider Insufficient Session Expiration vulnerability
pypi
apache-airflow-providers-fab
Low
10 months ago
sigstore has insufficient validation of integration timestamp during verification
pypi
sigstore
Low
10 months ago
Apache Superset: Improper SQL authorisation, parse not checking for specific postgres functions
pypi
apache-superset
Low
10 months ago
Password Policy Bypass Vulnerability in Fides Webserver User Accept Invite API
pypi
ethyca-fides
Low
11 months ago
Apache Airflow vulnerable to Insertion of Sensitive Information Into Sent Data
pypi
apache-airflow
Low
12 months ago
Lord of Large Language Models (LoLLMs) Server path traversal vulnerability in lollms_file_system.py
pypi
lollms
Low
12 months ago
Gradio's dropdown component pre-process step does not limit the values to those in the dropdown list
pypi
gradio
Low
12 months ago
In Gradio, the `enable_monitoring` flag set to `False` does not disable monitoring
pypi
gradio
Low
12 months ago
open-webui allows enumeration of file names and traversal of directories by observing the error messages
pypi
open-webui
Low
about 1 year ago
Timing-Based Username Enumeration Vulnerability in Fides Webserver Authentication
pypi
ethyca-fides
Low
about 1 year ago
LTI 1.3 Grade Pass Back Implementation has Missing Authorization Vulnerability
pypi
lti-consumer-xblock
Low
about 1 year ago
Apache Airflow Providers FAB Insufficient Session Expiration vulnerability
pypi
apache-airflow-providers-fab
Low
about 1 year ago
[PUNCIA] [CWE-319] Cleartext Transmission of Sensitive Information via HTTP urls in `API_URLS`
pypi
puncia
Low
about 1 year ago
Sentry's Python SDK unintentionally exposes environment variables to subprocesses
pypi
sentry-sdk
Low
about 1 year ago
dbt has an implicit override for built-in materializations from installed packages
pypi
dbt-core
Low
about 1 year ago
yt-dlp has dependency on potentially malicious third-party code in Douyu extractors
pypi
yt-dlp
Low
over 1 year ago
Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js
pypi
ethyca-fides
Low
over 1 year ago
Apache Airflow does not return the "Cache-Control" header for dynamic content
pypi
apache-airflow
Low
over 1 year ago
Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability
pypi
ethyca-fides
Low
over 1 year ago
vantage6 collaboration admins can extend their influence by expanding the collaboration
pypi
vantage6
Low
over 1 year ago
Improper Certificate Validation vulnerability in Apache Airflow FTP Provider
pypi
apache-airflow-providers-ftp
Low
over 1 year ago
Improper Privilege Management in djangorestframework-simplejwt
pypi
djangorestframework-simplejwt
Low
over 1 year ago
PyPop C extensions possible vulnerability: missing arguments and redundant null pointers
pypi
pypop-genomics
Low
over 1 year ago
tuf's Metadata API: Targets.get_delegated_role() is missing input validation
pypi
tuf
Low
over 1 year ago
commonground-api-common unexploitable privilege escalation in JWT authentication middleware
pypi
vng-api-common-utrecht, vng-api-common, commonground-api-common
Low
over 1 year ago
Vyper's external calls can overflow return data to return input buffer
pypi
vyper
Filter by Severity
Filter by Package
tensorflow
105
tensorflow-cpu
102
tensorflow-gpu
98
vyper
12
ethyca-fides
9
nova
8
ansible
5
cryptography
4
zenml
4
vantage6
4
django
3
gradio
3
aiohttp
3
langchain
3
apache-airflow
3
nautobot
3
matrix-synapse
3
Exiv2
2
tuf
2
horizon
2
apache-airflow-providers-fab
2
vllm
2
vantage6-server
2
keystone
2
ceph-deploy
2
Zope
2
salt
2
glance
2
transformers
2
dbt-core
2
Nova
2
upsonic
2
wagtail
2
MaterialX
2
Flask-Security-Too
2
python-keystoneclient
2
Weblate
2
plone
2
OctoPrint
2
weblate
2
freewvs
2
guarddog
2
notebook
1
Pillow
1
sigstore
1
nemo_toolkit
1
case-utils
1
ml-logger
1
com.github.tomakehurst:wiremock-jre8
1
cdo-local-uuid
1
saleor
1
hyper-bump-it
1
kiwitcms
1
PyDrive2
1
copyparty
1
yt-dlp
1
Zope2
1
vng-api-common-utrecht
1
amundsen-frontend
1
aws-encryption-sdk-cli
1
vng-api-common
1
django-registration
1
lief
1
personnummer
1
puncia
1
golismero
1
datasette-graphql
1
org.wiremock:wiremock-standalone
1
plone.restapi
1
djangorestframework
1
flask
1
rdiffweb
1
django-tomselect
1
gradio_pdf
1
neutron
1
apache-libcloud
1
apache-superset
1
commonground-api-common
1
pyspur
1
tqdm
1
aim
1
qiskit-ibm-runtime
1
Ansible
1
com.github.tomakehurst:wiremock-jre8-standalone
1
plone.namedfile
1
ipython
1
loggerhead
1
lollms
1
bitlyshortener
1
strawberry-graphql
1
qutebrowser
1
cloudtoken
1
flask-appbuilder
1
django-ses
1
RPLY
1
lti-consumer-xblock
1
datachain
1
pyquest
1
SafeURL-Python
1
litestar
1
openapi-python-client
1
sentry
1
open-webui
1
sickchill
1
fgr
1
cabot
1
org.wiremock:wiremock
1
apache-airflow-providers-ftp
1
jupyterlab
1
cryptoauthlib
1
anki
1
mysql-connector-python
1
mlflow
1
ms-swift
1
wiremock
1
oslo.utils
1
dynamodb-encryption-sdk
1
mobsf
1
Flask-AppBuilder
1
configobj
1
Keystone
1
ansible-core
1
Werkzeug
1
streamlit
1
openstack-heat
1
pyxdg
1
ironic
1
djangorestframework-simplejwt
1
changedetection.io
1
xmpp-http-upload
1
markdownify
1
sentry-sdk
1
langchain-core
1
pypop-genomics
1
langchain-chatchat
1
swift
1
PyJWT
1
webssh
1
certifi
1
torch
1
aworld
1
Filter by Repository
https://github.com/tensorflow/tensorflow
105
https://github.com/vyperlang/vyper
12
https://github.com/openstack/nova
10
https://github.com/ethyca/fides
9
https://github.com/vantage6/vantage6
6
https://github.com/apache/airflow
6
https://github.com/ansible/ansible
6
https://github.com/WeblateOrg/weblate
4
https://github.com/pyca/cryptography
4
https://github.com/aio-libs/aiohttp
3
https://github.com/zenml-io/zenml
3
https://github.com/nautobot/nautobot
3
https://github.com/openstack/keystone
3
https://github.com/matrix-org/synapse
3
https://github.com/django/django
3
https://github.com/dbt-labs/dbt-core
2
https://github.com/huggingface/transformers
2
https://github.com/gradio-app/gradio
2
https://github.com/saltstack/salt
2
https://github.com/openstack/horizon
2
https://github.com/DataDog/guarddog
2
https://github.com/vllm-project/vllm
2
https://github.com/octoprint/octoprint
2
https://github.com/schokokeksorg/freewvs
2
https://github.com/zopefoundation/Zope
2
https://github.com/langchain-ai/langchain
2
https://github.com/ceph/ceph-deploy
2
https://github.com/Upsonic/Upsonic
2
https://github.com/wagtail/wagtail
2
https://github.com/Exiv2/exiv2
2
https://github.com/AcademySoftwareFoundation/MaterialX
2
https://github.com/theupdateframework/python-tuf
2
https://github.com/Flask-Middleware/flask-security
2
https://github.com/dpgaspar/Flask-AppBuilder
2
https://github.com/iterative/datachain
1
https://github.com/ankitects/anki
1
https://github.com/alex/rply
1
https://github.com/plone/plone.namedfile
1
https://github.com/dan1hc/fgr
1
https://github.com/certifi/python-certifi
1
https://github.com/sigstore/sigstore-python
1
https://github.com/kiwitcms/Kiwi
1
https://github.com/arachnys/cabot
1
https://github.com/pallets/flask
1
https://github.com/ipython/ipython
1
https://github.com/inclusionAI/AWorld
1
https://github.com/geyang/ml-logger
1
https://github.com/openedx/xblock-lti-consumer
1
https://github.com/alexlancaster/pypop
1
https://github.com/amundsen-io/amundsenfrontendlibrary
1
https://github.com/getsentry/sentry-python
1
https://github.com/PySpur-Dev/pyspur
1
https://github.com/openstack/glance
1
https://github.com/triaxtec/openapi-python-client
1
https://github.com/litestar-org/litestar
1
https://github.com/openstack/ironic
1
https://github.com/matthewwithanm/python-markdownify
1
https://github.com/impredicative/bitlyshortener
1
https://github.com/MicrochipTech/cryptoauthlib
1
https://github.com/yt-dlp/yt-dlp
1
https://github.com/qutebrowser/qutebrowser
1
https://github.com/encode/django-rest-framework
1
https://github.com/DiffSK/configobj
1
https://github.com/streamlit/streamlit
1
https://github.com/plone/plone.restapi
1
https://github.com/strawberry-graphql/strawberry
1
https://github.com/saleor/saleor
1
https://github.com/open-webui/open-webui
1
https://github.com/fog/fog
1
https://github.com/ikus060/rdiffweb
1
https://github.com/maykinmedia/commonground-api-common
1
https://github.com/apache/superset
1
https://github.com/ARPSyndicate/puncia
1
https://github.com/NVIDIA/NeMo
1
https://github.com/IncludeSecurity/safeurl-python
1
https://github.com/dgtlmoon/changedetection.io
1
https://github.com/fluture-js/fluture-node
1
https://github.com/freddyaboulton/gradio-pdf
1
https://github.com/mlflow/mlflow
1
https://github.com/wiremock/wiremock
1
https://github.com/9001/copyparty
1
https://github.com/ubernostrum/django-registration
1
https://github.com/huashengdun/webssh
1
https://github.com/aws/aws-encryption-sdk-cli
1
https://github.com/chatchat-space/Langchain-Chatchat
1
https://github.com/personnummer/python
1
https://github.com/Qiskit/qiskit-ibm-runtime
1
https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID
1
https://github.com/horazont/xmpp-http-upload
1
https://github.com/SickChill/sickchill
1
https://github.com/getsentry/sentry
1
https://github.com/aws/aws-dynamodb-encryption-python
1
https://github.com/MobSF/Mobile-Security-Framework-MobSF
1
https://github.com/OmenApps/django-tomselect
1
https://github.com/openstack/python-keystoneclient
1
https://github.com/modelscope/ms-swift
1
https://github.com/jpadilla/pyjwt
1
https://github.com/pallets/werkzeug
1
https://bitbucket.org/atlassian/cloudtoken
1
https://github.com/openstack/neutron
1
https://github.com/lief-project/LIEF
1
https://github.com/jupyter/notebook
1
https://github.com/plannigan/hyper-bump-it
1
https://github.com/takluyver/pyxdg
1
https://github.com/pytorch/pytorch
1
https://github.com/django-ses/django-ses
1
https://github.com/python-pillow/Pillow
1
https://github.com/PinkDraconian/PoC-Langchain-RCE
1
https://github.com/dmdhrumilmistry/CVEs
1
https://github.com/simonw/datasette-graphql
1
https://github.com/tqdm/tqdm
1
https://github.com/jupyterlab/jupyterlab
1
https://github.com/iterative/PyDrive2
1
https://github.com/ParisNeo/lollms
1