Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-73cv-556c-w3g6
  • PyPI/mcp-pinot-server
 mcp-pinot: Unauthenticated tool invocation via default oauth_enabled=False + host 0.0.0.0 bind 12 hours ago
  • Fix available
  • Severity - 10.0 (Critical)
GHSA-2r68-g678-7qr3
  • PyPI/mcp-memory-service
 mcp-memory-service: OAuth read-only clients can write and delete memories through MCP tools/call 12 hours ago
  • Fix available
  • Severity - 8.1 (High)
GHSA-75mw-h36v-2jv7
  • PyPI/dosage
 Dosage Vulnerable to Stored Cross-Site Scripting (XSS) in HTML/RSS Output Handlers 12 hours ago
  • Fix available
  • Severity - 6.1 (Medium)
GHSA-wphv-vfrh-23q5
  • PyPI/joserfc
 joserfc: b64=false RFC7797 JWS payloads bypass JWSRegistry payload-size limits during deserialization 13 hours ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-4c3c-r6p8-c863
  • PyPI/flawfinder
 Flawfinder output manipulation via untrusted filenames and source text 13 hours ago
  • Fix available
GHSA-5w7q-77mv-v69f
  • PyPI/python-socketio
 python-socketio: Binary attachment accumulation can cause denial of service 13 hours ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-cgwc-pv48-fhj5
  • PyPI/python-engineio
 python-engineio has unbound thread allocation that can cause denial of service 13 hours ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-98x5-vq43-vc5p
  • PyPI/semantic-router
 semantic-router exposed to compromised litellm wheel (CVE-2026-42208) via unbounded transitive pin 13 hours ago
  • Fix available
GHSA-m9gh-vj53-gvh9
  • PyPI/python-engineio
 python-engineio has possible denial of service due to maximum payload size sometimes not being enforced 13 hours ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-m8j6-rc5x-wv36
  • PyPI/nono-py
 nono-py's policy JSON accepts unknown security fields 13 hours ago
  • Fix available
  • Severity - 5.2 (Medium)
GHSA-9j7f-3r4p-pwh6
  • PyPI/nono-py
 nono-py vulnerable to authorization bypass / policy confusion 13 hours ago
  • Fix available
  • Severity - 5.2 (Medium)
MAL-2026-6541
  • PyPI/pdf-converter-pro
 Malicious code in pdf-converter-pro (PyPI) 13 hours ago
  • No fix available
GHSA-f65r-h4g3-3h9h
  • PyPI/backpropagate
  • npm/@mcptoolshop/backpropagate
 Backpropagate: backprop ui --auth and backprop ui --share do not enforce authentication 13 hours ago
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-72w7-mf9g-733p
  • PyPI/nono-py
 nono-py has proxy-only network fallback bypass on older Linux kernels 13 hours ago
  • Fix available
  • Severity - 6.4 (Medium)
GHSA-cg7w-rg45-pc59
  • PyPI/pydantic-ai
  • PyPI/pydantic-ai-slim
 pydantic-ai: SSRF blocklist bypass via IPv4-compatible, SIIT/IVI, and local NAT64 IPv6 addresses (incomplete fix of CVE-2026-46678) 14 hours ago
  • Fix available
  • Severity - 6.8 (Medium)
PYSEC-2026-236
  • PyPI/pyphetools
 Malicious code in pyphetools (PyPI) 17 hours ago
  • No fix available
Load more...