Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-rh4j-5rhw-hr54
  • PyPI/vllm
 vllm: Malicious model to RCE by torch.load in hf_model_weights_iterator 6 hours ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-gvvw-rr8m-fj76
  • PyPI/uniapi
 uniapi version 1.0.7 contained an information harvesting script. 15 hours ago
  • No fix available
PYSEC-2025-2
  • PyPI/uniapi
 uniapi version 1.0.7 contained an information harvesting script. 3 days ago
  • No fix available
GHSA-3wwr-3g9f-9gc7
  • PyPI/asteval
 ASTEVAL Allows Maliciously Crafted Format Strings to Lead to Sandbox Escape 3 days ago
  • Fix available
  • Severity - 8.4 (High)
GHSA-vp47-9734-prjw
  • PyPI/asteval
 ASTEVAL Allows Malicious Tampering of Exposed AST Nodes Leads to Sandbox Escape 4 days ago
  • Fix available
  • Severity - 8.4 (High)
GHSA-gmj9-h825-chq2
  • PyPI/restrictedpython
 try/except* clauses could allow bypass RestrictedPython via type confusion bug in the CPython interpreter 4 days ago
  • Fix available
  • Severity - 7.9 (High)
GHSA-w2gf-jxc9-pf2q
  • PyPI/duckdb
 sniff_csv provides filesystem access even when enable_external_access is disabled in duckdb 6 days ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-f8c8-4pm7-w885
  • PyPI/codechecker
 Cross-Site Request Forgery in CodeChecker API 6 days ago
  • Fix available
  • Severity - 8.2 (High)
GHSA-fcr8-4r9f-r66m
  • PyPI/nbgrader
 nbgrader's `frame-ancestors: self` grants all users access to formgrader 17 Jan
  • Fix available
  • Severity - 8.6 (High)
GHSA-3wg7-r7q5-r2jf
  • PyPI/indico
 Indico Insecure Access 16 Jan
  • Fix available
  • Severity - 6.9 (Medium)
MAL-2025-128
  • PyPI/pyqubee
 Malicious code in pyqubee (PyPI) 16 Jan
  • No fix available
GHSA-7pq6-v88g-wf3w
  • PyPI/sentry
 Sentry's improper authentication on SAML SSO process allows user impersonation 15 Jan
  • Fix available
  • Severity - 9.1 (Critical)
GHSA-qcgg-j2x8-h9g8
  • PyPI/django
 Django has a potential denial-of-service vulnerability in IPv6 validation 14 Jan
  • Fix available
  • Severity - 5.8 (Medium)
PYSEC-2025-1
  • PyPI/django
 See record for full details 14 Jan
  • Fix available
GHSA-vgf2-gvx8-xwc3
  • PyPI/vyper
 Vyper Does Not Check the Success of Certain Precompile Calls 14 Jan
  • No fix available
  • Severity - 2.3 (Low)
GHSA-j2jg-fq62-7c3h
  • PyPI/gradio
 Gradio Blocked Path ACL Bypass Vulnerability 14 Jan
  • Fix available
  • Severity - 9.1 (Critical)
Load more...