OSV - Open Source Vulnerabilities

GHSA-vxqx-rh46-q2pg

PyPI/litestar

Litestar's FileStore key canonicalization collisions allow response cache mixup/poisoning (ASCII ord + Unicode NFKD)

13 hours ago

Fix available
Severity - 6.5 (Medium)

GHSA-93ph-p7v4-hwh4

PyPI/litestar

Litestar's AllowedHosts has a validation bypass due to unescaped regex metacharacters in configured host patterns

13 hours ago

Fix available
Severity - 6.5 (Medium)

GHSA-2p2x-hpg8-cqp2

PyPI/litestar

Litestar's CORS origin allowlist has a bypass due to unescaped regex metacharacters in allowed origins

13 hours ago

Fix available
Severity - 7.4 (High)

MAL-2026-818

PyPI/thecorrectjames

Malicious code in thecorrectjames (PyPI)

14 hours ago

No fix available

MAL-2026-817

PyPI/ctf-pipline-test

Malicious code in ctf-pipline-test (PyPI)

15 hours ago

No fix available

MAL-2026-814

PyPI/http-notifier-test

Malicious code in http-notifier-test (PyPI)

21 hours ago

No fix available

MAL-2026-815

PyPI/skydeo

Malicious code in skydeo (PyPI)

21 hours ago

No fix available

MAL-2026-813

PyPI/teligram

Malicious code in teligram (PyPI)

yesterday

No fix available

MAL-2026-812

PyPI/hardixx-code

Malicious code in hardixx-code (PyPI)

yesterday

No fix available

MAL-2026-811

PyPI/grokwrapper

Malicious code in grokwrapper (PyPI)

yesterday

No fix available

MAL-2026-809

PyPI/ccxt-bullish

Malicious code in ccxt-bullish (PyPI)

yesterday

No fix available

MAL-2026-810

PyPI/thread-pipeline-test

Malicious code in thread-pipeline-test (PyPI)

yesterday

No fix available

GHSA-4jqp-9qjv-57m2

PyPI/keylime

Keylime Missing Authentication for Critical Function and Improper Authentication

3 days ago

Fix available
Severity - 9.4 (Critical)

GHSA-4f84-67cv-qrv3

PyPI/dydx-v4-client

A single post-release of dydx-v4-client contained obfuscated multi-stage loader

3 days ago

Fix available
Severity - 9.3 (Critical)

GHSA-vf6j-c56p-cq58

PyPI/mcp-salesforce-connector

MCP-Salesforce's arbitrary attribute access leads to disclosure of Salesforce auth token

3 days ago

Fix available
Severity - 8.7 (High)

GHSA-wjp5-868j-wqv7

PyPI/pydantic-ai
PyPI/pydantic-ai-slim

Pydantic AI has Stored XSS via Path Traversal in Web UI CDN URL

3 days ago

Fix available
Severity - 7.1 (High)