Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
MAL-2025-191476
  • PyPI/atlassian-praz
 Malicious code in atlassian-praz (PyPI) 6 hours ago
  • No fix available
MAL-2025-191475
  • PyPI/atlassian-exp
 Malicious code in atlassian-exp (PyPI) 7 hours ago
  • No fix available
GHSA-xv5p-fjw5-vrj6
  • PyPI/fugue
 Fugue is Vulnerable to Remote Code Execution by Pickle Deserialization via FlaskRPCServer 15 hours ago
  • No fix available
  • Severity - 8.8 (High)
GHSA-j4gv-6x9v-v23g
  • PyPI/omero-web
 OMERO.web uses jquery-form library, which may be vulnerable to XSS attack yesterday
  • Fix available
  • Severity - 1.3 (Low)
GHSA-m449-cwjh-6pw7
  • PyPI/pypdf
 pypdf's LZWDecode streams be manipulated to exhaust RAM yesterday
  • Fix available
  • Severity - 6.6 (Medium)
GHSA-j842-xgm4-wf88
  • PyPI/mlx
 MLX has Wild Pointer Dereference in load_gguf() 4 days ago
  • Fix available
  • Severity - 5.5 (Medium)
GHSA-w6vg-jg77-2qg6
  • PyPI/mlx
 MLX has heap-buffer-overflow in load() 4 days ago
  • Fix available
  • Severity - 5.5 (Medium)
GHSA-69j4-grxj-j64p
  • PyPI/vllm
 vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs` 5 days ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-pmqf-x6x8-p7qw
  • PyPI/vllm
 vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs 5 days ago
  • Fix available
  • Severity - 8.3 (High)
GHSA-mrw7-hf4f-83pf
  • PyPI/vllm
 vLLM deserialization vulnerability leading to DoS and potential RCE 5 days ago
  • Fix available
  • Severity - 8.8 (High)
GHSA-6qv9-48xg-fc7f
  • PyPI/langchain-core
 LangChain Vulnerable to Template Injection via Attribute Access in Prompt Templates 5 days ago
  • Fix available
  • Severity - 8.3 (High)
GHSA-7xcv-9j6c-2fmc
  • PyPI/modular
 Modular Max Serve has Unsafe Deserialization vulnerability 18 Nov
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-frfh-8v73-gjg4
  • PyPI/joserfc
 joserfc has Possible Uncontrolled Resource Consumption Vulnerability Triggered by Logging Arbitrarily Large JWT Token Payloads 18 Nov
  • Fix available
  • Severity - 9.2 (Critical)
GHSA-hcqg-5g63-7j9h
  • PyPI/keystone
 OpenStack Keystone allows /v3/ec2tokens or /v3/s3tokens request with valid AWS Signature to provide Keystone authorization. 17 Nov
  • Fix available
  • Severity - 7.5 (High)
GHSA-4m32-cjv7-f425
  • PyPI/astrbot
 AstrBot is vulnerable to RCE with hard-coded JWT signing keys 14 Nov
  • Fix available
  • Severity - 9.8 (Critical)
GHSA-4jvf-wx3f-2x8q
  • PyPI/aws-advanced-python-wrapper
 AWS Advanced Python Wrapper: Privilege Escalation in Aurora PostgreSQL instance 13 Nov
  • Fix available
  • Severity - 8.6 (High)
Load more...