OSV - Open Source Vulnerabilities

GHSA-3wwm-hjv7-23r3

PyPI/pyload-ng

Pyload log Injection via API /json/add_package in add_name parameter

11 hours ago

No fix available
Severity - 4.3 (Medium)

GHSA-q78p-g86f-jg6q

PyPI/bugsink

Bugsink path traversal via event_id in ingestion

yesterday

Fix available
Severity - 7.1 (High)

GHSA-mrmq-3q62-6cc8

PyPI/bentoml

BentoML SSRF Vulnerability in File Upload Processing

yesterday

Fix available
Severity - 9.9 (Critical)

MAL-2025-6336

PyPI/testing123kk

Malicious code in testing123kk (PyPI)

yesterday

No fix available

GHSA-9q4r-x2hj-jmvr

PyPI/copyparty

copyparty has DOM-Based XSS vulnerability when displaying multimedia metadata

2 days ago

Fix available
Severity - 5.4 (Medium)

MAL-2025-6328

PyPI/triple-equals

Malicious code in triple-equals (PyPI)

2 days ago

No fix available

GHSA-6v92-r5mx-h5fx

PyPI/smolagents

smolagents has Sandbox Escape Vulnerability in the local_python_executor.py Module

3 days ago

Fix available
Severity - 7.6 (High)

MAL-2025-6248

PyPI/foundry-jupyter-extension

Malicious code in foundry-jupyter-extension (PyPI)

4 days ago

No fix available

GHSA-4v6w-xpmh-gfgp

PyPI/skops

Skops may allow MethodNode to access unexpected object fields through dot notation, leading to arbitrary code execution at load time

5 days ago

Fix available
Severity - 8.7 (High)

GHSA-m7f4-hrc6-fwg3

PyPI/skops

Skops has Inconsistent Trusted Type Validation that Enables Hidden `operator` Methods Execution

5 days ago

Fix available
Severity - 8.7 (High)

GHSA-75jv-vfxf-3865

PyPI/assemblyline-service-client

Assemblyline 4 service client vulnerable to Arbitrary Write through path traversal in Client code

5 days ago

Fix available
Severity - 10.0 (Critical)

GHSA-2g7m-ph9x-7q7m

PyPI/calibreweb

Calibre Web and Autocaliweb have a ReDoS vulnerability

6 days ago

No fix available
Severity - 8.7 (High)

GHSA-qc4j-v7h6-xr5h

PyPI/calibreweb

Calibre Web and Autocaliweb have OS Command Injection vulnerability

6 days ago

No fix available
Severity - 5.9 (Medium)

GHSA-269j-37ww-cmh3

PyPI/mezzanine

Mezzanine CMS vulnerable to Cross-site Scripting

23 Jul

No fix available
Severity - 4.8 (Medium)

GHSA-rrf6-pxg8-684g

PyPI/fastapi-guard

FastAPI Guard has a regex bypass

23 Jul

Fix available
Severity - 7.8 (High)

GHSA-gmvv-rj92-9w35

PyPI/aim

Aim vulnerable to Cross-site Scripting

22 Jul

No fix available
Severity - 5.3 (Medium)