OSV - Open Source Vulnerabilities

GHSA-7xcv-9j6c-2fmc

PyPI/modular

Modular Max Serve has Unsafe Deserialization vulnerability

9 hours ago

Fix available
Severity - 9.3 (Critical)

GHSA-frfh-8v73-gjg4

PyPI/joserfc

joserfc has Possible Uncontrolled Resource Consumption Vulnerability Triggered by Logging Arbitrarily Large JWT Token Payloads

12 hours ago

Fix available
Severity - 9.2 (Critical)

GHSA-hcqg-5g63-7j9h

PyPI/keystone

OpenStack Keystone allows /v3/ec2tokens or /v3/s3tokens request with valid AWS Signature to provide Keystone authorization.

yesterday

Fix available
Severity - 7.5 (High)

GHSA-4m32-cjv7-f425

PyPI/astrbot

AstrBot is vulnerable to RCE with hard-coded JWT signing keys

4 days ago

Fix available
Severity - 9.8 (Critical)

GHSA-4jvf-wx3f-2x8q

PyPI/aws-advanced-python-wrapper

AWS Advanced Python Wrapper: Privilege Escalation in Aurora PostgreSQL instance

5 days ago

Fix available
Severity - 8.6 (High)

GHSA-cvf4-f829-762v

PyPI/pgadmin4

pgAdmin is affected by an LDAP injection vulnerability

5 days ago

Fix available
Severity - 7.5 (High)

GHSA-g4r8-3qmh-pmch

PyPI/pgadmin4

pgAdmin has vulnerability in LDAP authentication mechanism that allows bypassing TLS certificate verification

5 days ago

Fix available
Severity - 7.5 (High)

GHSA-rm79-x4g6-hvg5

PyPI/pgadmin4

pgAdmin 4 has command injection vulnerability on Windows systems

5 days ago

Fix available
Severity - 6.8 (Medium)

GHSA-w2p4-p4rh-qcm3

PyPI/pgadmin4

pgAdmin4 vulnerable to Remote Code Execution (RCE) when running in server mode

5 days ago

Fix available
Severity - 9.1 (Critical)

GHSA-rrx3-2x4g-mq2h

PyPI/bugsink

Bugsink is vulnerable to unauthenticated remote DoS via crafted Brotli input (via CPU)

6 days ago

Fix available
Severity - 7.5 (High)

GHSA-fc2v-vcwj-269v

PyPI/bugsink

Bugsink is vulnerable to unauthenticated remote DoS via crafted Brotli input

6 days ago

Fix available
Severity - 7.5 (High)

GHSA-4c3j-3h7v-22q9

PyPI/changedetection-io

changedetection.io: Stored XSS in Watch update via API

6 days ago

Fix available
Severity - 3.5 (Low)

MAL-2025-112503

PyPI/llmboost-hub

Malicious code in llmboost-hub (PyPI)

11 Nov

No fix available

GHSA-f83h-ghpp-7wcc

PyPI/pdfminer-six

Insecure Deserialization (pickle) in pdfminer.six CMap Loader — Local Privesc

07 Nov

No fix available
Severity - 7.8 (High)

GHSA-wf5f-4jwr-ppcp

PyPI/pdfminer-six

Arbitrary Code Execution in pdfminer.six via Crafted PDF Input

07 Nov

Fix available
Severity - 8.6 (High)

GHSA-vm2f-46xc-5jc3

PyPI/astrbot

AstrBot has an arbitrary file read vulnerability in function _encode_image_bs64

07 Nov

No fix available
Severity - 5.7 (Medium)