Vulnerability Database
Blog
FAQ
Docs
arrow_forward
search
light_mode
dark_mode
Vulnerabilities
search
All ecosystems
699982
AlmaLinux
5018
Alpaquita
10148
Alpine
4248
Android
3402
Azure Linux
12016
BellSoft Hardened Containers
499
Bitnami
8011
Chainguard
6912
CleanStart
1304
CRAN
14
crates.io
2449
Debian
57857
Echo
5259
GHC
3
GIT
81657
GitHub Actions
53
Go
7065
Hackage
32
Hex
133
Julia
936
Linux
15361
Mageia
5967
Maven
6537
MinimOS
65464
npm
219980
NuGet
1714
opam
16
openEuler
6929
openSUSE
12977
OSS-Fuzz
3924
Packagist
6395
Pub
11
PyPI
20001
Red Hat
20473
Rocky Linux
3364
Root
15480
RubyGems
1972
SUSE
20645
SwiftURL
53
TuxCare
5651
Ubuntu
55507
VSCode
20
Wolfi
4525
ID
Packages
Summary
Published
arrow_upward
Attributes
MAL-2026-5681
PyPI/trongap
Malicious code in trongap (PyPI)
5 hours ago
No fix available
MAL-2026-5680
PyPI/bittensor-burn-message
Malicious code in bittensor-burn-message (PyPI)
6 hours ago
No fix available
MAL-2026-5679
PyPI/pylogxo
Malicious code in pylogxo (PyPI)
8 hours ago
No fix available
GHSA-wxq4-cc2q-338q
PyPI/wsgidav
WsgiDAV encoded dot segments can escape filesystem share roots
9 hours ago
Fix available
Severity - 7.1 (High)
GHSA-4mj9-pf4r-cqrc
PyPI/kolibri
Kolibri has Unauthenticated Server-Side Request Forgery (SSRF) in RemoteFacilityUserViewset
12 hours ago
Fix available
Severity - 5.8 (Medium)
GHSA-9663-mqmp-p9mm
PyPI/zeroconf
python-zeroconf: Unbounded TC-deferred queue allows LAN-local memory exhaustion via spoofed-source flood
16 hours ago
Fix available
Severity - 6.5 (Medium)
GHSA-9gw6-46qc-99vr
PyPI/meta-ads-mcp
Meta Ads MCP: Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token
16 hours ago
Fix available
Severity - 9.1 (Critical)
GHSA-qq6c-99pv-prvf
PyPI/pdm
PDM: Project-Controlled
`
.pdm-plugins
`
Content Executes Before CLI Parsing
16 hours ago
Fix available
Severity - 8.4 (High)
MAL-2026-5649
PyPI/bibip-bip
Malicious code in bibip-bip (PyPI)
17 hours ago
No fix available
MAL-2026-5545
PyPI/acme-widget-layout-utils
Malicious code in acme-widget-layout-utils (PyPI)
yesterday
No fix available
MAL-2026-5532
PyPI/icinga
Malicious code in icinga (PyPI)
yesterday
No fix available
GHSA-78v8-vpjp-cjqh
PyPI/pdm
PDM wheel installation leads to Path Traversal via overridden write_to_fs
yesterday
Fix available
Severity - 7.1 (High)
GHSA-ghq2-5c67-fprm
PyPI/pdm
PDM: Project-Local State and Config Writes Follow Symlinks
yesterday
Fix available
Severity - 6.8 (Medium)
MAL-2026-5531
PyPI/telegramlite
Malicious code in telegramlite (PyPI)
yesterday
No fix available
GHSA-3qmc-cj7q-62hv
PyPI/litestar
Litestar: AllowedHostsMiddleware bypasses host validation via client-controlled X-Forwarded-Host header
yesterday
Fix available
Severity - 5.9 (Medium)
GHSA-542p-wvx7-72m4
PyPI/litestar
Litestar has HTML Injection Through its CSRF Token
yesterday
Fix available
Severity - 8.1 (High)
Load more...
PyPI - OSV