Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-r7w7-9xr2-qq2r
  • PyPI/langchain-openai
 langchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding 7 hours ago
  • Fix available
  • Severity - 3.1 (Low)
GHSA-fv5p-p927-qmxr
  • PyPI/langchain-text-splitters
 LangChain Text Splitters: HTMLHeaderTextSplitter.split_text_from_url SSRF Redirect Bypass 8 hours ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-jj8c-mmj3-mmgv
  • PyPI/authlib
 Authlib: Cross-site request forging when using cache 8 hours ago
  • Fix available
  • Severity - 5.4 (Medium)
MAL-2026-2821
  • PyPI/robase-quick-install
 Malicious code in robase-quick-install (PyPI) 8 hours ago
  • No fix available
GHSA-x284-j5p8-9c5p
  • PyPI/pypdf
 pypdf: Manipulated FlateDecode image dimensions can exhaust RAM 9 hours ago
  • Fix available
  • Severity - 6.8 (Medium)
GHSA-4pxv-j86v-mhcw
  • PyPI/pypdf
 pypdf: Possible long runtimes for wrong size values in incremental mode 9 hours ago
  • Fix available
  • Severity - 6.8 (Medium)
GHSA-7gw9-cf7v-778f
  • PyPI/pypdf
 pypdf: Manipulated FlateDecode predictor parameters can exhaust RAM 9 hours ago
  • Fix available
  • Severity - 6.8 (Medium)
GHSA-33qf-q99x-wpm8
  • PyPI/homeassistant-cli
 Home Assistant Command-line Interface: Handling of user-supplied Jinja2 templates 9 hours ago
  • Fix available
  • Severity - 5.6 (Medium)
GHSA-v92g-xgxw-vvmm
  • PyPI/mako
 Mako: Path traversal via double-slash URI prefix in TemplateLookup 9 hours ago
  • Fix available
  • Severity - 6.3 (Medium)
MAL-2026-2820
  • PyPI/chainutils
 Malicious code in chainutils (PyPI) 9 hours ago
  • No fix available
GHSA-ffgh-3jrf-8wvh
  • PyPI/weblate
 Weblate: Prefix-Based Repository Boundary Check Bypass via Symlink/Junction Path Prefix Collision 9 hours ago
  • Fix available
  • Severity - 5.0 (Medium)
GHSA-f8hv-g549-hwg2
  • PyPI/weblate
 Weblate: SSRF via the webhook add-on using unprotected fetch_url() 10 hours ago
  • Fix available
  • Severity - 4.1 (Medium)
GHSA-3382-gw9x-477v
  • PyPI/weblate
 Weblate: Privilege escalation in the user API endpoint 10 hours ago
  • Fix available
  • Severity - 8.8 (High)
GHSA-xrwr-fcw6-fmq8
  • PyPI/weblate
 Weblate: SSRF via Project-Level Machinery Configuration 10 hours ago
  • Fix available
  • Severity - 5.0 (Medium)
GHSA-hv99-mxm5-q397
  • PyPI/weblate
 Weblate: Arbitrary File Read via Symlink 10 hours ago
  • Fix available
  • Severity - 7.7 (High)
GHSA-5fhx-9jwj-867m
  • PyPI/weblate
 Weblate: Authenticated SSRF via redirect bypass of ALLOWED_ASSET_DOMAINS in screenshot URL uploads 10 hours ago
  • Fix available
  • Severity - 5.0 (Medium)
Load more...