Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
MAL-2026-189
  • PyPI/oncecall
 Malicious code in oncecall (PyPI) 10 hours ago
  • No fix available
GHSA-h4rm-mm56-xf63
  • PyPI/fickling
 Fickling vulnerable to detection bypass due to "builtins" blindness yesterday
  • Fix available
  • Severity - 8.9 (High)
GHSA-q5qq-mvfm-j35x
  • PyPI/fickling
 Fickling has Static Analysis Bypass via Incomplete Dangerous Module Blocklist yesterday
  • Fix available
  • Severity - 8.9 (High)
GHSA-p523-jq9w-64x9
  • PyPI/fickling
 Fickling Blocklist Bypass: cProfile.run() yesterday
  • Fix available
  • Severity - 8.9 (High)
GHSA-4f6g-68pf-7vhv
  • PyPI/pypdf
 pypdf has possible long runtimes for malformed startxref yesterday
  • Fix available
  • Severity - 2.7 (Low)
GHSA-4xc4-762w-m6cg
  • PyPI/pypdf
 pypdf has possible long runtimes for missing /Root object with large /Size values yesterday
  • Fix available
  • Severity - 2.7 (Low)
GHSA-fg6f-75jq-6523
  • PyPI/authlib
 Authlib has 1-click Account Takeover vulnerability 2 days ago
  • Fix available
  • Severity - 5.7 (Medium)
GHSA-mcmc-2m55-j8jj
  • PyPI/vllm
 vLLM introduced enhanced protection for CVE-2025-62164 2 days ago
  • Fix available
  • Severity - 8.8 (High)
GHSA-mp55-g7pj-rvm2
  • PyPI/nicegui
 NiceGUI has Redis connection leak via tab storage causes service degradation 2 days ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-mhpg-c27v-6mxr
  • PyPI/nicegui
 NiceGUI apps which use `ui.sub_pages` vulnerable to zero-click XSS 2 days ago
  • Fix available
  • Severity - 7.2 (High)
GHSA-m7j5-rq9j-6jj9
  • PyPI/nicegui
 NiceGUI apps are vulnerable to XSS which uses `ui.sub_pages` and render arbitrary user-provided links 2 days ago
  • Fix available
  • Severity - 6.1 (Medium)
GHSA-7grm-h62g-5m97
  • PyPI/nicegui
 NiceGUI is vulnerable to XSS via Unescaped URL in ui.navigate.history.push() / replace() 2 days ago
  • Fix available
  • Severity - 6.1 (Medium)
GHSA-87hc-h4r5-73f7
  • PyPI/werkzeug
 Werkzeug safe_join() allows Windows special device names with compound extensions 2 days ago
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-9726-w42j-3qjr
  • PyPI/picklescan
 picklescan has Arbitrary file read using `io.FileIO` 2 days ago
  • Fix available
  • Severity - 8.8 (High)
MAL-2026-163
  • PyPI/do-not-install-this-package-002
 Malicious code in do-not-install-this-package-002 (PyPI) 2 days ago
  • No fix available
MAL-2026-162
  • PyPI/btcli-security
 Malicious code in btcli-security (PyPI) 2 days ago
  • No fix available
Load more...