OSV - Open Source Vulnerabilities

MAL-2026-2502

PyPI/databasenaps

Malicious code in databasenaps (PyPI)

2 hours ago

No fix available

MAL-2026-2501

PyPI/databaselooks

Malicious code in databaselooks (PyPI)

3 hours ago

No fix available

GHSA-693f-pf34-72c5

PyPI/praisonai

PraisonAI Has Path Traversal in FileTools

7 hours ago

Fix available
Severity - 9.2 (Critical)

GHSA-r9x3-wx45-2v7f

PyPI/praisonai

PraisonAI recipe registry publish path traversal allows out-of-root file write

7 hours ago

Fix available
Severity - 7.1 (High)

GHSA-4rx4-4r3x-6534

PyPI/praisonai

PraisonAI recipe registry pull path traversal writes files outside the chosen output directory

7 hours ago

Fix available
Severity - 7.3 (High)

GHSA-jfxc-v5g9-38xr

PyPI/praisonai

PraisonAI Vulnerable to Arbitrary File Write / Path Traversal in Action Orchestrator

7 hours ago

Fix available
Severity - 9.0 (Critical)

GHSA-4ph2-f6pf-79wv

PyPI/praisonai

PraisonAI Has Arbitrary File Write (Zip Slip) in Templates Extraction

7 hours ago

Fix available
Severity - 8.1 (High)

GHSA-hv3w-m4g2-5x77

PyPI/strawberry-graphql

strawberry-graphql: Denial of Service via unbounded WebSocket subscriptions

13 hours ago

Fix available
Severity - 7.5 (High)

GHSA-vpwc-v33q-mq89

PyPI/strawberry-graphql

strawberry-graphql: Authentication bypass via legacy graphql-ws WebSocket subprotocol

13 hours ago

Fix available
Severity - 7.5 (High)

GHSA-jmrh-xmgh-x9j4

PyPI/changedetection-io

changedetection.io Vulnerable to Authentication Bypass via Decorator Ordering

13 hours ago

Fix available
Severity - 9.8 (Critical)

GHSA-cjg8-h5qc-hrjv

PyPI/kedro-datasets

kedro-datasets has a path traversal vulnerability in PartitionedDataset that allows arbitrary file write

13 hours ago

Fix available
Severity - 6.5 (Medium)

GHSA-q6vj-wxvf-5m8c

PyPI/openexr

OpenEXR has heap-buffer-overflow via signed integer underflow in ImfContextInit.cpp

13 hours ago

Fix available
Severity - 6.5 (Medium)

GHSA-57cw-j6vp-2p9m

PyPI/openexr

OpenEXR has use after free in PyObject_StealAttrString

13 hours ago

Fix available
Severity - 5.5 (Medium)

GHSA-vh63-9mqx-wmjr

PyPI/openexr

OpenEXR has buffer overflow in PyOpenEXR_old's channels() and channel()

13 hours ago

Fix available
Severity - 5.5 (Medium)

GHSA-3h9h-qfvw-98hq

PyPI/openexr

OpenEXR Makes Use of Uninitialized Memory

13 hours ago

Fix available
Severity - 2.0 (Low)

MAL-2026-2494

PyPI/databasetapes

Malicious code in databasetapes (PyPI)

yesterday

No fix available