Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-w5g8-5849-vj76
  • PyPI/nicegui
 NiceGUI's unvalidated chunk size parameter in media routes can cause memory exhaustion 4 hours ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-cxqh-p2w9-fmr7
  • PyPI/pymupdf
 PyMuPDF has a path traversal in _main_.py 5 hours ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-2mhw-8qcg-gr96
  • PyPI/skia-python
 skia-python vendors vulnerable libfreetype because of pinned cibuildwheel version 5 hours ago
  • Fix available
  • Severity - 8.1 (High)
GHSA-q485-cg9q-xq2r
  • PyPI/pyload-ng
 Improper Authentication and Origin Validation Error in pyload-ng 5 hours ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-37g4-qqqv-7m99
  • PyPI/intake
 Intake has a Command Injection via shell() Expansion in Parameter Defaults 5 hours ago
  • No fix available
  • Severity - 8.8 (High)
GHSA-g2j9-7rj2-gm6c
  • PyPI/langflow
 Langflow has an Arbitrary File Write (RCE) via v2 API 5 hours ago
  • Fix available
  • Severity - 9.9 (Critical)
MAL-2026-1933
  • PyPI/libavcodec-extra
 Malicious code in libavcodec-extra (PyPI) 6 hours ago
  • No fix available
GHSA-f4rq-2259-hv29
  • PyPI/tinytag
 Denial of service via non-terminating SYLT frame parsing loop in tinytag 6 hours ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-f964-whrq-44h8
  • PyPI/ormar
 ormar Pydantic Validation Bypass via __pk_only__ and __excluded__ Kwargs Injection in Model Constructor 7 hours ago
  • Fix available
  • Severity - 7.1 (High)
GHSA-469j-vmhf-r6v7
  • PyPI/nltk
 NLTK has a Downloader Path Traversal Vulnerability (AFO) - Arbitrary File Overwrite 10 hours ago
  • No fix available
  • Severity - 8.1 (High)
GHSA-jm6w-m3j8-898g
  • PyPI/nltk
 Unauthenticated remote shutdown in nltk.app.wordnet_app 11 hours ago
  • No fix available
  • Severity - 7.5 (High)
GHSA-fhff-qmm8-h2fp
  • PyPI/mlflow
 Arbitrary file write via tar traversal in mlflow 23 hours ago
  • Fix available
  • Severity - 8.1 (High)
GHSA-gfwx-w7gr-fvh7
  • PyPI/nltk
 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in nltk yesterday
  • No fix available
  • Severity - 6.1 (Medium)
MAL-2026-1577
  • PyPI/ropie
 Malicious code in ropie (PyPI) yesterday
  • No fix available
GHSA-3rcm-vjrc-p45j
  • PyPI/justhtml
 JustHTML has a Sanitizer Bypass (in Markdown) yesterday
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-qvc2-mg72-jjhx
  • PyPI/justhtml
 JustHTML Affected by Mutation XSS via Literal Text Serialization in Raw Text Elements (style/script) yesterday
  • Fix available
  • Severity - 5.3 (Medium)
Load more...