OSV - Open Source Vulnerabilities

GHSA-4f84-67cv-qrv3

PyPI/dydx-v4-client

A single post-release of dydx-v4-client contained obfuscated multi-stage loader

12 hours ago

Fix available
Severity - 9.3 (Critical)

GHSA-vf6j-c56p-cq58

PyPI/mcp-salesforce-connector

MCP-Salesforce's arbitrary attribute access leads to disclosure of Salesforce auth token

13 hours ago

Fix available
Severity - 8.7 (High)

GHSA-wjp5-868j-wqv7

PyPI/pydantic-ai
PyPI/pydantic-ai-slim

Pydantic AI has Stored XSS via Path Traversal in Web UI CDN URL

13 hours ago

Fix available
Severity - 7.1 (High)

GHSA-2ww3-72rp-wpp4

NuGet/Microsoft.SemanticKernel.Core
PyPI/semantic-kernel

Semantic Kernel has Arbitrary File Write via AI Agent Function Calling in .NET SDK

13 hours ago

Fix available
Severity - 9.9 (Critical)

GHSA-2jrp-274c-jhv3

PyPI/pydantic-ai
PyPI/pydantic-ai-slim

Pydantic AI has Server-Side Request Forgery (SSRF) in URL Download Handling

13 hours ago

Fix available
Severity - 8.6 (High)

PYSEC-2026-1

PyPI/dydx-v4-client

A single post-release of dydx-v4-client contained obfuscated multi-stage loader

17 hours ago

No fix available

MAL-2026-803

PyPI/moveworks-pipeline-test

Malicious code in moveworks-pipeline-test (PyPI)

20 hours ago

No fix available

MAL-2026-790

PyPI/p7zip-full

Malicious code in p7zip-full (PyPI)

22 hours ago

No fix available

MAL-2026-774

PyPI/adminbypasser

Malicious code in adminbypasser (PyPI)

yesterday

No fix available

GHSA-9ffm-fxg3-xrhh

PyPI/nicegui

NiceGUI's Path Traversal via Unsanitized FileUpload.name Enables Arbitrary File Write

yesterday

Fix available
Severity - 7.5 (High)

GHSA-3p7x-94q9-jq9x

PyPI/pgadmin4

pgadmin4 affected by a Restore restriction bypass via key disclosure vulnerability

yesterday

Fix available
Severity - 7.4 (High)

GHSA-v82v-c5x8-w282

PyPI/nicegui

NiceGUI's XSS vulnerability in ui.markdown() allows arbitrary JavaScript execution through unsanitized HTML content

yesterday

Fix available
Severity - 6.1 (Medium)

MAL-2026-763

PyPI/web3-meme-tool

Malicious code in web3-meme-tool (PyPI)

yesterday

No fix available

MAL-2026-762

PyPI/metadata-checker

Malicious code in metadata-checker (PyPI)

yesterday

No fix available

GHSA-rf8c-3f5p-xv45

PyPI/web2py

web2py has an Open Redirect Vulnerability

yesterday

Fix available
Severity - 5.1 (Medium)

MAL-2026-759

PyPI/pipelinepoision-test

Malicious code in pipelinepoision-test (PyPI)

yesterday

No fix available