pypi
753,157 packages · pypi.org
Moderate Security Advisories in pypi Clear Filters
Moderate
11 days ago
AstrBot has an arbitrary file read vulnerability in function _encode_image_bs64
pypi
AstrBot
Moderate
14 days ago
Apache Doris-MCP-Server: Improper Access Control results in bypassing a "read-only" mode
pypi
doris-mcp-server
Moderate
15 days ago
OctoPrint vulnerable to XSS in Action Commands Notification and Prompt
pypi
octoprint
Moderate
19 days ago
cryptidy allows code execution via untrusted data due to pickle.loads
pypi
cryptidy
Moderate
20 days ago
Apache Airflow's create action can upsert existing Pools/Connections/Variables
pypi
apache-airflow
Moderate
20 days ago
Apache Airflow `/api/v2/dagReports` executes DAG Python in API
pypi
apache-airflow
Moderate
20 days ago
Apache Airflow has a command injection vulnerability in "example_dag_decorator"
pypi
apache-airflow
Moderate
20 days ago
OpenUSD File Parsing Use-After-Free Remote Code Execution Vulnerability
pypi
usd-core
Moderate
21 days ago
FastMCP vulnerable to windows command injection in FastMCP Cursor installer via server_name
pypi
fastmcp
Moderate
21 days ago
Keras is vulnerable to arbitrary local file loading and Server-Side Request Forgery
pypi
keras
Moderate
27 days ago
pypdf possibly loops infinitely when reading DCT inline images without EOF marker
pypi
pypdf
Moderate
27 days ago
Scapy Session Loading Vulnerable to Arbitrary Code Execution via Untrusted Pickle Deserialization
pypi
scapy
Moderate
28 days ago
Hugging Face Smolagents XPath injection vulnerability in the search_item_ctrl_f function
pypi
smolagents
Moderate
28 days ago
Nautobot Single Source of Truth (SSoT) has an unauthenticated ServiceNow configuration URL
pypi
nautobot-ssot
Moderate
29 days ago
Taguette vulnerable to cross-site scripting via tag name, tag description, document name and document description
pypi
taguette
Moderate
about 1 month ago
Mammoth is vulnerable to Directory Traversal
nuget, pypi, maven, npm
Mammoth, mammoth, org.zwobble.mammoth:mammoth
Moderate
about 1 month ago
python-ldap is Vulnerable to Improper Encoding or Escaping of Output and Improper Null Termination
pypi
python-ldap
Moderate
about 1 month ago
python-ldap has sanitization bypass in ldap.filter.escape_filter_chars
pypi
python-ldap
Moderate
about 1 month ago
BBOT's git_clone.py can expose users' GitHub API keys to an attacker-controlled webserver
pypi
bbot
Moderate
about 1 month ago
Python Social Auth - Django has unsafe account association
pypi
social-auth-app-django
Moderate
about 1 month ago
Synapse's invalid device keys degrade federation functionality
pypi
matrix-synapse
Moderate
about 1 month ago
vLLM: Resource-Exhaustion (DoS) through Malicious Jinja Template in OpenAI-Compatible Server
pypi
vllm
Moderate
about 1 month ago
python-socketio vulnerable to arbitrary Python code execution (RCE) through malicious pickle deserialization in certain multi-server deployments
pypi
python-socketio
Moderate
about 1 month ago
clearml is vulnerable to Path Traversal through its `safe_extract` function
pypi
clearml
Moderate
about 1 month ago
ZenML is vulnerable to Path Traversal through its `PathMaterializer` class
pypi
zenml
Moderate
about 2 months ago
SPDK is vulnerable to buffer overflow in the NVMe-oF target component
pypi
spdk
Moderate
about 2 months ago
mkdocs-include-markdown-plugin susceptible to unvalidated input colliding with substitution placeholders
pypi
mkdocs-include-markdown-plugin
Moderate
about 2 months ago
Apache Airflow: Connection sensitive details exposed to users with READ permissions
pypi
apache-airflow
Moderate
about 2 months ago
Llama Stack could potentially allow for remote code execution
pypi
llama-stack
Moderate
about 2 months ago
pip's fallback tar extraction doesn't check symbolic links point to extraction directory
pypi
pip
Moderate
about 2 months ago
Hugging Face Transformers vulnerable to Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer
pypi
transformers
Moderate
2 months ago
mcp-kubernetes-server has a Command Injection vulnerability
pypi
mcp-kubernetes-server
Moderate
2 months ago
Hugging Face Transformers library has Regular Expression Denial of Service
pypi
transformers
Moderate
2 months ago
Hugging Face Transformers is vulnerable to ReDoS through its MarianTokenizer
pypi
transformers
Moderate
2 months ago
Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods
pypi
flask-appbuilder
Moderate
2 months ago
Infrahub: Deleted and expired API tokens can still authenticate
pypi
infrahub-server
Moderate
2 months ago
Indico may disclose unauthorized user details access via legacy API
pypi
indico
Moderate
2 months ago
SGLang Remote Code Execution Vulnerability via Unsafe Deserialization in update_weights_from_tensor
pypi
sglang
Moderate
2 months ago
copyparty: Sharing a single file does not fully restrict access to other files in source folder
pypi
copyparty
Moderate
2 months ago
Fides Webserver API Rate Limiting Vulnerability in Proxied Environments
pypi
ethyca-fides
Moderate
3 months ago
MobSF Vulnerable to Arbitrary File Write (AR-Slip) via Absolute Path in .a Extraction
pypi
mobsf
Moderate
3 months ago
Local Deep Research's API keys are stored in plain text
pypi
local-deep-research
Moderate
3 months ago
Eventlet affected by HTTP request smuggling in unparsed trailers
pypi
eventlet
Moderate
3 months ago
Picklescan is missing detection when calling built-in python library asyncio.unix_events._UnixSubprocessTransport._start
pypi
picklescan
Moderate
3 months ago
Picklescan is missing detection when calling built-in python cProfile.run
pypi
picklescan
Moderate
3 months ago
Picklescan is missing detection when calling built-in python cProfile.runctx
pypi
picklescan
Moderate
3 months ago
Picklescan is missing detection when calling built-in python doctest.debug_script
pypi
picklescan
Moderate
3 months ago
Picklescan is missing detection when calling built-in python idlelib.pyshell.ModifiedInterpreter.runcode
pypi
picklescan
Moderate
3 months ago
Picklescan is missing detection when calling built-in python idlelib.pyshell.ModifiedInterpreter.runcommand
pypi
picklescan
Moderate
3 months ago
Picklescan is missing detection when calling built-in python idlelib.run.Executive.runcode
pypi
picklescan
Moderate
3 months ago
Picklescan is missing detection when calling built-in python lib2to3.pgen2.pgen.ParserGenerator.make_label
pypi
picklescan
Moderate
3 months ago
Picklescan is missing detection when calling built-in python ensurepip._run_pip
pypi
picklescan
Moderate
3 months ago
Picklescan is missing detection when calling pytorch function torch.utils.bottleneck.__main__.run_autograd_prof
pypi
picklescan
Moderate
3 months ago
Picklescan has a missing detection when calling built-in python library idlelib.calltip.get_entity
pypi
picklescan
Moderate
3 months ago
Picklescan has a missing detection when calling built-in python idlelib.calltip.Calltip
pypi
picklescan
Moderate
3 months ago
Picklescan has a missing detection when calling built-in python code.InteractiveInterpreter
pypi
picklescan
Moderate
3 months ago
Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.fetch_completions
pypi
picklescan
Moderate
3 months ago
Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.get_entity
pypi
picklescan
Moderate
3 months ago
Picklescan has a missing detection when calling built-in python idlelib.debugobj.ObjectTreeItem
pypi
picklescan
Moderate
3 months ago
Picklescan has a missing detection when calling built-in python lib2to3.pgen2.grammar.Grammar.loads
pypi
picklescan
Moderate
3 months ago
Picklescan has a missing detection when calling built-in python profile.Profile.runctx
pypi
picklescan
Moderate
3 months ago
Picklescan has a missing detection when calling built-in python profile.Profile.run
pypi
picklescan
Moderate
3 months ago
Picklescan has a missing detection when calling built-in python trace.Trace.runctx
pypi
picklescan
Moderate
3 months ago
Picklescan has a missing detection when calling built-in python trace.Trace.run
pypi
picklescan
Moderate
3 months ago
mitmproxy binaries embed a vulnerable python-hyper/h2 dependency
pypi
mitmproxy
Moderate
3 months ago
Picklescan missing detection when calling pytorch function torch.utils._config_module.load_config
pypi
picklescan
Moderate
3 months ago
Picklescan missing detection when calling pytorch function torch.jit.unsupported_tensor_ops.execWrapper
pypi
picklescan
Moderate
3 months ago
Picklescan missing detection when calling pytorch function torch.utils.data.datapipes.utils.decoder.basichandlers
pypi
picklescan
Moderate
3 months ago
Picklescan missing detection when calling pytorch function torch.utils.collect_env.run
pypi
picklescan
Moderate
3 months ago
Picklescan missing detection when calling pytorch function torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression
pypi
picklescan
Moderate
3 months ago
Picklescan missing detection when calling pytorch function torch._dynamo.guards.GuardBuilder.get
pypi
picklescan
Moderate
3 months ago
Picklescan missing detection when calling pytorch function torch.utils.bottleneck.__main__.run_cprofile
pypi
picklescan
Moderate
3 months ago
Copier's safe template has filesystem write access outside destination path
pypi
copier
Moderate
3 months ago
Apache Superset data query improperly discloses database schema information to low-privileged guest user
pypi
apache-superset
Moderate
3 months ago
Apache Superset allows authenticated users to discover metadata about datasources they don't have permission to access
pypi
apache-superset
Moderate
3 months ago
Apache Superset has bypass of `DISALLOWED_SQL_FUNCTIONS` that allows execution of blocked SQL functions
pypi
apache-superset
Moderate
3 months ago
Apache Superset's chart visualization has a stored Cross-Site Scripting (XSS) vulnerability
pypi
apache-superset
Moderate
3 months ago
OMERO.web displays unecessary user information when requesting password reset
pypi
omero-web
Moderate
3 months ago
TinyScientist has Path Traversal Vulnerability in PDF Review Function (CWE-22)
pypi
tiny-scientist
Moderate
3 months ago
ExecuTorch integer overflow vulnerability leads to code execution
pypi
executorch
Filter by Severity
Filter by Package
tensorflow
200
tensorflow-cpu
185
tensorflow-gpu
177
apache-airflow
47
apache-superset
45
Django
39
picklescan
34
plone
29
nova
29
moin
27
ansible
26
Plone
23
django
20
gradio
20
matrix-synapse
20
salt
17
rdiffweb
16
vyper
15
glance
14
keystone
13
transformers
12
roundup
12
vllm
11
notebook
10
aiohttp
10
PaddlePaddle
10
OctoPrint
10
calibreweb
9
pyftpdlib
9
horizon
9
urllib3
9
open-webui
9
neutron
8
mlflow
8
opencv-contrib-python
8
pyload-ng
8
onionshare-cli
8
modoboa
8
opencv-python
8
ckan
8
zenml
7
twisted
7
mobsf
7
cinder
6
aim
6
requests
6
swift
6
lxml
6
wagtail
6
Mezzanine
6
indico
6
Flask-AppBuilder
6
vantage6
6
pgadmin4
6
mage-ai
5
jupyter-server
5
trac
5
mindsdb
5
Pillow
5
copyparty
5
cobbler
5
cryptography
5
pypdf
5
mayan-edms
5
ethyca-fides
5
web2py
5
trytond
5
jinja2
4
sentry
4
codechecker
4
pillow
4
pip
4
label-studio
4
dtale
4
matrix-sydent
4
ansible-core
4
zope
4
Scrapy
4
snowflake-connector-python
4
tornado
4
jwcrypto
4
PyPDF2
4
OpenEXR
4
lollms
4
lief
4
Products.CMFPlone
4
flask-cors
4
paddlepaddle
4
python-ldap
4
mailman
4
omero-web
4
composio-core
4
waitress
4
Jinja2
3
barbican
3
FreeTAKServer-UI
3
opencv-python-headless
3
buildbot
3
AccessControl
3
bleach
3
ajenti
3
streamlit
3
numpy
3
micropython-io
3
flask-appbuilder
3
Keystone
3
werkzeug
3
ipython
3
scrapy
3
eventlet
3
micropython-copy
3
fava
3
feedparser
3
aws-sam-cli
3
tuf
3
datasette
3
wasmtime
3
changedetection.io
3
saleor
3
markdown2
3
graphite-web
3
wasmtime
3
opencv-contrib-python-headless
3
frappe
3
inventree
3
pysaml2
3
nautobot
3
whoogle-search
3
Moin
3
jupyterhub
3
mercurial
3
litellm
3
homeassistant
2
dompurify
2
Products.PluggableAuthService
2
uv
2
tripleo-heat-templates
2
langchain-community
2
PostQuantum-Feldman-VSS
2
ujson
2
jupyterlab
2
invenio-communities
2
social-auth-app-django
2
zope2
2
ms-swift
2
pydantic
2
xgrammar
2
lmdeploy
2
archivy
2
html5lib
2
khoj
2
Red-DiscordBot
2
python-cjson
2
Zope
2
ubi-reader
2
keras
2
pymongo
2
fastmcp
2
mistune
2
asyncssh
2
kiwitcms
2
Zope2
2
starlette
2
sosreport
2
pretix
2
aiosmtpd
2
ipsilon
2
openzeppelin-cairo-contracts
2
CherryMusic
2
wasm3
2
yt-dlp
2
xml2rfc
2
bbot
2
python-keystoneclient
2
in-toto
2
pycares
2
httpie
2
httplib2
2
django-cms
2
ml-logger
2
dagster
2
langflow
2
Roundup
2
parlai
2
pypickle
2
python-apt
2
scancodeio
2
weblate
2
llama-index
2
octoprint
2
langchain-core
2
wagtail-2fa
2
fastapi-admin
2
torchserve
2
MaterialX
2
libosdp
2
keylime
2
ryu
2
llama-index-core
2
ansible-runner
2
Filter by Repository
https://github.com/tensorflow/tensorflow
200
https://github.com/django/django
50
https://github.com/apache/airflow
44
https://github.com/mmaitre314/picklescan
34
https://github.com/ansible/ansible
26
https://github.com/plone/Products.CMFPlone
20
https://github.com/openstack/nova
18
https://github.com/matrix-org/synapse
16
https://github.com/ikus060/rdiffweb
16
https://github.com/gradio-app/gradio
16
https://github.com/vyperlang/vyper
15
https://github.com/saltstack/salt
14
https://github.com/PaddlePaddle/Paddle
14
https://github.com/huggingface/transformers
12
https://github.com/openstack/keystone
11
https://github.com/aio-libs/aiohttp
10
https://github.com/vllm-project/vllm
10
https://github.com/dpgaspar/Flask-AppBuilder
9
https://github.com/OctoPrint/OctoPrint
9
https://github.com/urllib3/urllib3
9
https://github.com/ckan/ckan
8
https://github.com/pyload/pyload
8
https://github.com/apache/superset
8
https://github.com/onionshare/onionshare
8
https://github.com/modoboa/modoboa
8
https://github.com/openstack/glance
8
https://github.com/python-pillow/Pillow
7
https://github.com/zenml-io/zenml
7
https://github.com/py-pdf/pypdf
7
https://github.com/janeczku/calibre-web
7
https://github.com/opencv/opencv
7
https://github.com/openstack/horizon
7
https://github.com/jupyter/notebook
7
https://github.com/scrapy/scrapy
7
https://github.com/MobSF/Mobile-Security-Framework-MobSF
7
https://github.com/lxml/lxml
6
https://github.com/psf/requests
6
https://github.com/run-llama/llama_index
6
https://github.com/roundup-tracker/roundup
6
https://github.com/wagtail/wagtail
6
https://github.com/pallets/jinja
6
https://github.com/giampaolo/pyftpdlib
6
https://github.com/vantage6/vantage6
6
https://github.com/twisted/twisted
6
https://github.com/indico/indico
5
https://github.com/pgadmin-org/pgadmin4
5
https://github.com/langchain-ai/langchain
5
https://github.com/9001/copyparty
5
https://github.com/ethyca/fides
5
https://github.com/mlflow/mlflow
5
https://github.com/lief-project/LIEF
4
https://github.com/pallets/werkzeug
4
https://github.com/getsentry/sentry
4
https://github.com/man-group/dtale
4
https://github.com/HumanSignal/label-studio
4
https://github.com/snowflakedb/snowflake-connector-python
4
https://github.com/ComposioHQ/composio
4
https://github.com/corydolphin/flask-cors
4
https://github.com/pyca/cryptography
4
https://github.com/jupyter-server/jupyter_server
4
https://github.com/Ericsson/codechecker
4
https://github.com/Pylons/waitress
4
https://github.com/openstack/cinder
4
https://github.com/cobbler/cobbler
4
https://github.com/pypa/pip
4
https://github.com/latchset/jwcrypto
4
https://github.com/matrix-org/sydent
4
https://github.com/python-ldap/python-ldap
4
https://github.com/element-hq/synapse
4
https://github.com/tornadoweb/tornado
4
https://github.com/beancount/fava
3
https://github.com/graphite-project/graphite-web
3
https://github.com/dgtlmoon/changedetection.io
3
https://github.com/nautobot/nautobot
3
https://github.com/WeblateOrg/weblate
3
https://github.com/saleor/saleor
3
https://github.com/stephenmcd/mezzanine
3
https://github.com/streamlit/streamlit
3
https://github.com/FreeTAKTeam/UI
3
https://github.com/micropython/micropython
3
https://github.com/zopefoundation/AccessControl
3
https://github.com/benbusby/whoogle-search
3
https://github.com/khoj-ai/khoj
3
https://github.com/mozilla/bleach
3
https://github.com/mindsdb/mindsdb
3
https://gitlab.com/mayan-edms/mayan-edms
3
https://github.com/Cog-Creators/Red-DiscordBot
3
https://github.com/jupyterlab/jupyterlab
3
https://github.com/AcademySoftwareFoundation/openexr
3
https://github.com/mlc-ai/xgrammar
3
https://github.com/openstack/swift
3
https://github.com/eventlet/eventlet
3
https://github.com/ipython/ipython
3
https://github.com/Exiv2/exiv2
3
https://github.com/ome/omero-web
3
https://github.com/BerriAI/litellm
3
https://github.com/aws/aws-sam-cli
3
https://github.com/bytecodealliance/wasmtime
3
https://github.com/frappe/frappe
3
https://sourceforge.net/projects/sourceforge.net
3
https://github.com/simonw/datasette
3
https://github.com/aimhubio/aim
3
https://github.com/numpy/numpy
3
https://github.com/octoprint/octoprint
3
https://github.com/openstack/neutron
2
https://github.com/facebookresearch/ParlAI
2
https://github.com/djblets/djblets
2
https://github.com/python-social-auth/social-app-django
2
https://github.com/html5lib/html5lib-python
2
https://github.com/dagster-io/dagster
2
https://github.com/tryton/trytond
2
https://github.com/mongodb/mongo-python-driver
2
https://github.com/XML-Security/signxml
2
https://github.com/keylime/keylime
2
https://github.com/web2py/web2py
2
https://github.com/ansible/ansible-runner
2
https://github.com/goToMain/libosdp
2
https://github.com/inveniosoftware/invenio-communities
2
https://github.com/blacklanternsecurity/bbot
2
https://github.com/astral-sh/uv
2
https://github.com/SiCKRAGE/SiCKRAGE
2
https://github.com/fastapi-admin/fastapi-admin
2
https://github.com/lepture/mistune
2
https://github.com/bbangert/beaker
2
https://github.com/jupyterhub/jupyterhub
2
https://github.com/jrspruitt/ubi_reader
2
https://github.com/nexB/scancode.io
2
https://github.com/IdentityPython/pysaml2
2
https://github.com/encode/starlette
2
https://github.com/geyang/ml-logger
2
https://github.com/wasm3/wasm3
2
https://github.com/faucetsdn/ryu
2
https://github.com/open-webui/open-webui
2
https://github.com/pretix/pretix
2
https://github.com/yt-dlp/yt-dlp
2
https://github.com/adamghill/django-unicorn
2
https://github.com/sosreport/sos
2
https://github.com/zopefoundation/Zope
2
https://github.com/ethereum/eth-abi
2
https://github.com/OpenZeppelin/cairo-contracts
2
https://github.com/archivy/archivy
2
https://github.com/modelscope/ms-swift
2
https://github.com/saghul/pycares
2
https://github.com/moinwiki/moin-1.9
2
https://github.com/httplib2/httplib2
2
https://github.com/trentm/python-markdown2
2
https://github.com/plone/Products.ATContentTypes
2
https://github.com/aio-libs/aiosmtpd
2
https://github.com/cure53/DOMPurify
2
https://github.com/DavidOsipov/PostQuantum-Feldman-VSS
2
https://github.com/theupdateframework/tuf
2
https://github.com/jhpyle/docassemble
2
https://github.com/InternLM/lmdeploy
2
https://github.com/AcademySoftwareFoundation/MaterialX
2
https://github.com/labd/wagtail-2fa
2
https://github.com/erdogant/pypickle
2
https://github.com/home-assistant/core
2
https://github.com/devsnd/cherrymusic
2
https://github.com/ronf/asyncssh
2
https://github.com/jlowin/fastmcp
2
https://github.com/ietf-tools/xml2rfc
2
https://github.com/inventree/InvenTree
2
https://github.com/httpie/httpie
2
https://github.com/keras-team/keras
2
https://github.com/parisneo/lollms
2
https://github.com/rennf93/fastapi-guard
1
https://github.com/pyradius/pyrad
1
https://gitlab.com/m2crypto/m2crypto
1
https://github.com/jupyter/jupyter_server
1
https://github.com/418sec/huntr
1
https://github.com/nitely/spirit
1
https://github.com/CybercentreCanada/assemblyline
1
https://github.com/sehmaschine/django-grappelli
1
https://github.com/Flask-Middleware/flask-security
1
https://github.com/Pylons/webob
1
https://github.com/sqlfluff/sqlfluff
1
https://github.com/bayuncao/vul-cve-20
1
https://github.com/ciur/papermerge
1
https://github.com/ray-project/ray
1
https://github.com/openexr/openexr
1
https://github.com/celery/celery
1
https://github.com/collective/collective.task
1
https://github.com/Backblaze/B2_Command_Line_Tool
1
https://github.com/openstack/python-openstackclient
1
https://github.com/shenhav12/CVE-2024-25169-Mezzanine-v6.0.0
1
https://github.com/calix2/pyVulApp
1
https://github.com/kiwitcms/Kiwi
1
https://github.com/nonebot/nonebot2
1
https://github.com/in-toto/docs
1
https://github.com/crossbario/autobahn-python
1
https://github.com/Cog-Creators/Red-Dashboard
1
https://github.com/reviewboard/reviewboard
1
https://github.com/rochacbruno/quokka
1
https://github.com/in-toto/in-toto
1
https://github.com/python-hyper/h2
1
https://github.com/cetinpy/CVE-2024-50633
1
https://github.com/huggingface/text-generation-inference
1
https://github.com/Netflix/security_monkey
1
https://github.com/Clinical-Genomics/cg
1