Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
MAL-2026-1438
  • PyPI/pymnemonic
 Malicious code in pymnemonic (PyPI) 7 hours ago
  • No fix available
MAL-2026-1436
  • PyPI/do-not-install-this-package-004
 Malicious code in do-not-install-this-package-004 (PyPI) 12 hours ago
  • No fix available
MAL-2026-1437
  • PyPI/flowpeek
 Malicious code in flowpeek (PyPI) 12 hours ago
  • No fix available
MAL-2026-1433
  • PyPI/kvstore-pb2-grpc
 Malicious code in kvstore-pb2-grpc (PyPI) 20 hours ago
  • No fix available
MAL-2026-1432
  • PyPI/dgl-cu117
 Malicious code in dgl-cu117 (PyPI) 20 hours ago
  • No fix available
MAL-2026-1435
  • PyPI/python-anchor
 Malicious code in python-anchor (PyPI) 20 hours ago
  • No fix available
MAL-2026-1434
  • PyPI/my-super-lib
 Malicious code in my-super-lib (PyPI) 20 hours ago
  • No fix available
MAL-2026-1431
  • PyPI/ariadne-federation
 Malicious code in ariadne-federation (PyPI) 20 hours ago
  • No fix available
GHSA-5cxw-w2xg-2m8h
  • PyPI/fickling
 fickling's `platform` module subprocess invocation evades `check_safety()` with `LIKELY_SAFE` 2 days ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-r48f-3986-4f9c
  • PyPI/fickling
 fickling modules linecache, difflib and gc are missing from the unsafe modules blocklist 2 days ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-44vg-5wv2-h2hg
  • PyPI/simpleeval
 SimpleEval: Objects (including modules) can leak dangerous modules through to direct access inside the sandbox 2 days ago
  • Fix available
  • Severity - 8.7 (High)
MAL-2026-1422
  • PyPI/fastapi-middleware-cors
 Malicious code in fastapi-middleware-cors (PyPI) 2 days ago
  • No fix available
GHSA-752w-5fwx-jx9f
  • PyPI/pyjwt
 PyJWT accepts unknown `crit` header extensions 2 days ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-cwxj-rr6w-m6w7
  • PyPI/scrapy
 Scrapy: Arbitrary Module Import via Referrer-Policy Header in RefererMiddleware 2 days ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-f38f-5xpm-9r7c
  • PyPI/cairosvg
 CairoSVG vulnerable to Exponential DoS via recursive <use> element amplification 2 days ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-4g4c-mfqg-pj8r
  • PyPI/magic-wormhole
 Magic Wormhole: "wormhole receive" allows arbitrary local file overwrite 2 days ago
  • Fix available
  • Severity - 8.2 (High)
Load more...