Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-frv4-x25r-588m
  • PyPI/giskard-agents
 Giskard Agents have Server-side template injection via ChatWorkflow.chat() using non-sandboxed Jinja2 Environment 7 hours ago
  • Fix available
  • Severity - 7.7 (High)
GHSA-46j8-vpx8-6p72
  • PyPI/homeassistant
 Home Assistant has stored XSS in history-graphs 8 hours ago
  • Fix available
  • Severity - 1.1 (Low)
GHSA-r584-6283-p7xc
  • PyPI/homeassistant
 Home Assistant has stored XSS in Map-card through malicious device name 8 hours ago
  • Fix available
  • Severity - 1.1 (Low)
GHSA-m959-cc7f-wv43
  • PyPI/cryptography
 cryptography has incomplete DNS name constraint enforcement on peer names 9 hours ago
  • Fix available
  • Severity - 1.7 (Low)
GHSA-qh6h-p6c9-ff54
  • PyPI/langchain-core
 LangChain Core has Path Traversal vulnerabilites in legacy `load_prompt` functions 9 hours ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-8c4j-f57c-35cf
  • PyPI/langflow
  • PyPI/langflow-base
 Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check 9 hours ago
  • Fix available
  • Severity - 8.7 (High)
GHSA-58r7-4wr5-hfx8
  • PyPI/changedetection-io
 Changedetection.io Discloses Environment Variables via jq env Builtin in Include Filters 10 hours ago
  • Fix available
  • Severity - 8.3 (High)
GHSA-vphc-468g-8rfp
  • PyPI/adx-mcp-server
 Azure Data Explorer MCP Server: KQL Injection in multiple tools allows MCP client to execute arbitrary Kusto queries 10 hours ago
  • No fix available
  • Severity - 8.3 (High)
GHSA-m74m-f7cr-432x
  • PyPI/pyload-ng
 pyLoad: Server-Side Request Forgery via Download Link Submission Enables Cloud Metadata Exfiltration 11 hours ago
  • No fix available
  • Severity - 9.3 (Critical)
PYSEC-2026-3
  • PyPI/telnyx
 Two telnyx versions published containing credential harvesting malware 12 hours ago
  • No fix available
MAL-2026-2270
  • PyPI/copytrading
 Malicious code in copytrading (PyPI) 12 hours ago
  • No fix available
MAL-2026-2273
  • PyPI/trustwallet
 Malicious code in trustwallet (PyPI) 12 hours ago
  • No fix available
MAL-2026-2271
  • PyPI/metamask-api
 Malicious code in metamask-api (PyPI) 12 hours ago
  • No fix available
MAL-2026-2269
  • PyPI/claude-lite
 Malicious code in claude-lite (PyPI) 12 hours ago
  • No fix available
MAL-2026-2272
  • PyPI/solana-api
 Malicious code in solana-api (PyPI) 12 hours ago
  • No fix available
MAL-2026-2268
  • PyPI/gemini-ai-api
 Malicious code in gemini-ai-api (PyPI) 12 hours ago
  • No fix available
Load more...