Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-9gvj-pp9x-gcfr
  • PyPI/picklescan
 Picklescan has pickle parsing logic flaw that leads to malicious pickle file bypass 2 hours ago
  • Fix available
  • Severity - 8.9 (High)
GHSA-pwh4-6r3m-j2rf
  • PyPI/pyload-ng
 PyLoad vulnerable to SQL Injection via API /json/add_package in add_links parameter 2 hours ago
  • Fix available
  • Severity - 7.8 (High)
GHSA-674p-xv2x-rf3g
  • PyPI/litestar
 Litestar has potential log injection in exception logging 3 hours ago
  • Fix available
  • Severity - 3.7 (Low)
GHSA-rrgf-hcr9-jq6h
  • PyPI/tiny-scientist
 TinyScientist has Path Traversal Vulnerability in PDF Review Function (CWE-22) 12 hours ago
  • No fix available
  • Severity - 6.7 (Medium)
GHSA-pwq7-2gvj-vg9v
  • PyPI/keras
 Keras safe mode bypass vulnerability 16 hours ago
  • Fix available
  • Severity - 8.6 (High)
GHSA-33r8-vrx9-rmcv
  • PyPI/executorch
 ExecuTorch integer overflow vulnerability leads to code execution 4 days ago
  • No fix available
  • Severity - 5.9 (Medium)
GHSA-8qf3-x8v5-2pj8
  • PyPI/uv
 uv allows ZIP payload obfuscation through parsing differentials 4 days ago
  • Fix available
  • Severity - 6.8 (Medium)
GHSA-378x-6p4f-8jgm
  • PyPI/skops
 SKOPS Card.get_model happily allows arbitrary code execution 4 days ago
  • Fix available
  • Severity - 8.4 (High)
GHSA-9356-575x-2w9m
  • PyPI/transformers
 Hugging Face Transformers Regular Expression Denial of Service (ReDoS) vulnerability 5 days ago
  • Fix available
  • Severity - 5.3 (Medium)
MAL-2025-6794
  • PyPI/num2words
 Malicious code in num2words (PyPI) 6 days ago
  • No fix available
GHSA-48rp-jc79-2264
  • PyPI/pyload-ng
 pyLoad CNL Blueprint allows Path Traversal through `dlc_path` which leads to Remote Code Execution (RCE) 04 Aug
  • Fix available
  • Severity - 9.8 (Critical)
GHSA-5662-2rj7-f2v6
  • PyPI/copyparty
 copyparty allows Regex Denial of Service (ReDoS) in the upload listing 04 Aug
  • Fix available
  • Severity - 7.5 (High)
GHSA-qc2h-74x3-4v3w
  • PyPI/materialx
 MaterialX Lack of MTLX Import Depth Limit Leads to DoS (Denial-Of-Service) Via Stack Exhaustion 31 Jul
  • Fix available
  • Severity - 5.5 (Medium)
GHSA-wx6g-fm6f-w822
  • PyPI/materialx
 MaterialX Stack Overflow via Lack of MTLX XML Parsing Recursion Limit 31 Jul
  • Fix available
  • Severity - 5.5 (Medium)
GHSA-jxr6-qrxx-2ph2
  • PyPI/num2words
 num2words subjected to phishing attack, two versions published containing malware 31 Jul
  • No fix available
  • Severity - 9.3 (Critical)
GHSA-x22w-82jp-8rvf
  • PyPI/openexr
 OpenEXR Out-Of-Memory via Unbounded File Header Values 31 Jul
  • Fix available
  • Severity - 4.6 (Medium)
Load more...