OSV - Open Source Vulnerabilities

MAL-2026-5681

PyPI/trongap

Malicious code in trongap (PyPI)

5 hours ago

No fix available

MAL-2026-5680

PyPI/bittensor-burn-message

Malicious code in bittensor-burn-message (PyPI)

6 hours ago

No fix available

MAL-2026-5679

PyPI/pylogxo

Malicious code in pylogxo (PyPI)

8 hours ago

No fix available

GHSA-wxq4-cc2q-338q

PyPI/wsgidav

WsgiDAV encoded dot segments can escape filesystem share roots

9 hours ago

Fix available
Severity - 7.1 (High)

GHSA-4mj9-pf4r-cqrc

PyPI/kolibri

Kolibri has Unauthenticated Server-Side Request Forgery (SSRF) in RemoteFacilityUserViewset

12 hours ago

Fix available
Severity - 5.8 (Medium)

GHSA-9663-mqmp-p9mm

PyPI/zeroconf

python-zeroconf: Unbounded TC-deferred queue allows LAN-local memory exhaustion via spoofed-source flood

16 hours ago

Fix available
Severity - 6.5 (Medium)

GHSA-9gw6-46qc-99vr

PyPI/meta-ads-mcp

Meta Ads MCP: Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token

16 hours ago

Fix available
Severity - 9.1 (Critical)

GHSA-qq6c-99pv-prvf

PyPI/pdm

PDM: Project-Controlled `.pdm-plugins` Content Executes Before CLI Parsing

16 hours ago

Fix available
Severity - 8.4 (High)

MAL-2026-5649

PyPI/bibip-bip

Malicious code in bibip-bip (PyPI)

17 hours ago

No fix available

MAL-2026-5545

PyPI/acme-widget-layout-utils

Malicious code in acme-widget-layout-utils (PyPI)

yesterday

No fix available

MAL-2026-5532

PyPI/icinga

Malicious code in icinga (PyPI)

yesterday

No fix available

GHSA-78v8-vpjp-cjqh

PyPI/pdm

PDM wheel installation leads to Path Traversal via overridden write_to_fs

yesterday

Fix available
Severity - 7.1 (High)

GHSA-ghq2-5c67-fprm

PyPI/pdm

PDM: Project-Local State and Config Writes Follow Symlinks

yesterday

Fix available
Severity - 6.8 (Medium)

MAL-2026-5531

PyPI/telegramlite

Malicious code in telegramlite (PyPI)

yesterday

No fix available

GHSA-3qmc-cj7q-62hv

PyPI/litestar

Litestar: AllowedHostsMiddleware bypasses host validation via client-controlled X-Forwarded-Host header

yesterday

Fix available
Severity - 5.9 (Medium)

GHSA-542p-wvx7-72m4

PyPI/litestar

Litestar has HTML Injection Through its CSRF Token

yesterday

Fix available
Severity - 8.1 (High)