OSV - Open Source Vulnerabilities

GHSA-cx3h-4qpv-8hc9

PyPI/tornado

Tornado has out-of-bounds memory access via C extension

21 minutes ago

Fix available
Severity - 3.7 (Low)

GHSA-248m-82v9-q6g6

PyPI/pypdf

pypdf: Possible long runtimes for zero-only width values in cross-reference streamsuntimes for zero-only width values in cross-reference streams

22 minutes ago

Fix available
Severity - 5.1 (Medium)

GHSA-cj93-chg6-vgv8

PyPI/pypdf

pypdf: Possible large memory usage for large offsets for layout mode text

23 minutes ago

Fix available
Severity - 4.8 (Medium)

MAL-2026-5698

PyPI/nagios-xi

Malicious code in nagios-xi (PyPI)

3 hours ago

No fix available

MAL-2026-5684

PyPI/jec

Malicious code in jec (PyPI)

5 hours ago

No fix available

MAL-2026-5683

PyPI/trongapy

Malicious code in trongapy (PyPI)

11 hours ago

No fix available

MAL-2026-5681

PyPI/trongap

Malicious code in trongap (PyPI)

19 hours ago

No fix available

MAL-2026-5680

PyPI/bittensor-burn-message

Malicious code in bittensor-burn-message (PyPI)

19 hours ago

No fix available

MAL-2026-5679

PyPI/pylogxo

Malicious code in pylogxo (PyPI)

21 hours ago

No fix available

GHSA-wxq4-cc2q-338q

PyPI/wsgidav

WsgiDAV encoded dot segments can escape filesystem share roots

22 hours ago

Fix available
Severity - 7.1 (High)

GHSA-4mj9-pf4r-cqrc

PyPI/kolibri

Kolibri has Unauthenticated Server-Side Request Forgery (SSRF) in RemoteFacilityUserViewset

yesterday

Fix available
Severity - 5.8 (Medium)

GHSA-9663-mqmp-p9mm

PyPI/zeroconf

python-zeroconf: Unbounded TC-deferred queue allows LAN-local memory exhaustion via spoofed-source flood

yesterday

Fix available
Severity - 6.5 (Medium)

GHSA-9gw6-46qc-99vr

PyPI/meta-ads-mcp

Meta Ads MCP: Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token

yesterday

Fix available
Severity - 9.1 (Critical)

GHSA-qq6c-99pv-prvf

PyPI/pdm

PDM: Project-Controlled `.pdm-plugins` Content Executes Before CLI Parsing

yesterday

Fix available
Severity - 8.4 (High)

MAL-2026-5649

PyPI/bibip-bip

Malicious code in bibip-bip (PyPI)

yesterday

No fix available

MAL-2026-5545

PyPI/acme-widget-layout-utils

Malicious code in acme-widget-layout-utils (PyPI)

yesterday

No fix available