OSV - Open Source Vulnerabilities

GHSA-q3m2-crgq-5p3q

PyPI/ironic

OpenStack Ironic fails to restrict paths used for file:// image URLs

19 hours ago

Fix available
Severity - 2.8 (Low)

PYSEC-2025-38

PyPI/ironic

See record for full details

21 hours ago

Fix available

GHSA-8j24-cjrq-gr2m

PyPI/django

Django has a denial-of-service possibility in strip_tags()

yesterday

Fix available
Severity - 5.3 (Medium)

PYSEC-2025-37

PyPI/django

See record for full details

yesterday

Fix available

GHSA-9pcc-gvx5-r5wm

PyPI/vllm

Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration

2 days ago

No fix available
Severity - 8.0 (High)

MAL-2025-3603

PyPI/testveriftest1asdlaaaaa

Malicious code in testveriftest1asdlaaaaa (PyPI)

3 days ago

No fix available

MAL-2025-3602

PyPI/testveriftest1asdlaaaa

Malicious code in testveriftest1asdlaaaa (PyPI)

3 days ago

No fix available

GHSA-2544-hpcq-6g27

PyPI/mezzanine

Mezzanine CMS Cross-Site Scripting (XSS) vulnerability

3 days ago

No fix available
Severity - 6.1 (Medium)

GHSA-pw95-88fg-3j6f

PyPI/langroid

Langroid Allows XXE Injection via XMLToolMessage

3 days ago

Fix available
Severity - 7.8 (High)

GHSA-c5vg-26p8-q8cr

PyPI/mobsf

Mobile Security Framework (MobSF) Allows Web Server Resource Exhaustion via ZIP of Death Attack

3 days ago

No fix available
Severity - 6.8 (Medium)

GHSA-x39x-9qw5-ghrf

PyPI/browser-use

Browser Use allows bypassing `allowed_domains` by putting a decoy domain in http auth username portion of a URL

3 days ago

Fix available
Severity - 9.3 (Critical)

GHSA-mwfg-948f-2cc5

PyPI/mobsf

Mobile Security Framework (MobSF) Allows Stored Cross Site Scripting (XSS) via malicious SVG Icon Upload

3 days ago

Fix available
Severity - 6.9 (Medium)

MAL-2025-3600

PyPI/hello-wordl

Malicious code in hello-wordl (PyPI)

4 days ago

No fix available

MAL-2025-3565

PyPI/soultracker

Malicious code in soultracker (PyPI)

01 May

No fix available

GHSA-vc6m-hm49-g9qg

PyPI/vllm

phi4mm: Quadratic Time Complexity in Input Token Processing leads to denial of service

29 Apr

Fix available
Severity - 6.5 (Medium)

GHSA-hj4w-hm2g-p6w5

PyPI/vllm

vLLM Vulnerable to Remote Code Execution via Mooncake Integration

29 Apr

Fix available
Severity - 10.0 (Critical)