Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
MAL-2026-2547
  • PyPI/ixosmonitoring
 Malicious code in ixosmonitoring (PyPI) 1 hour ago
  • No fix available
MAL-2026-2548
  • PyPI/ks-hex2pcap
 Malicious code in ks-hex2pcap (PyPI) 1 hour ago
  • No fix available
MAL-2026-2549
  • PyPI/python-aickerso
 Malicious code in python-aickerso (PyPI) 2 hours ago
  • No fix available
MAL-2026-2546
  • PyPI/hex2pcap
 Malicious code in hex2pcap (PyPI) 2 hours ago
  • No fix available
GHSA-55v6-g8pm-pw4c
  • PyPI/rembg
 rembg server is vulnerable to Server-Side Request Forgery (SSRF) and a weak default CORS configuration 12 hours ago
  • Fix available
  • Severity - 4.3 (Medium)
MAL-2026-2544
  • PyPI/roboat-utilities
 Malicious code in roboat-utilities (PyPI) 12 hours ago
  • No fix available
MAL-2026-2543
  • PyPI/robase
 Malicious code in robase (PyPI) 12 hours ago
  • No fix available
MAL-2026-2542
  • PyPI/databasetrace
 Malicious code in databasetrace (PyPI) 12 hours ago
  • No fix available
GHSA-m5gr-86j6-99jp
  • PyPI/gramps-webapi
 gramps-webapi: Zip Slip Path Traversal in Media Archive Import 13 hours ago
  • Fix available
  • Severity - 9.1 (Critical)
GHSA-3crg-w4f6-42mx
  • PyPI/pypdf
 pypdf: Manipulated XMP metadata entity declarations can exhaust RAM 13 hours ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-3wqj-33cg-xc48
  • PyPI/rembg
 Rembg has a Path Traversal via Custom Model Loading 14 hours ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-8647-755q-fw9p
  • PyPI/ajenti-plugin-core
 ajenti.plugin.core has race conditions in 2FA 14 hours ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-vj8v-p5vw-m6v5
  • PyPI/xrootd
 xrootd has path traversal in directory listing that allows access to the parent directory via trailing ".." pattern 14 hours ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-3mcx-6wxm-qr8v
  • PyPI/ajenti-plugin-core
 ajenti.plugin.core has password bypass when 2FA is activated 14 hours ago
  • Fix available
  • Severity - 9.1 (Critical)
GHSA-pjjw-68hj-v9mw
  • PyPI/uv
 uv vulnerable to arbitrary file deletion through RECORD entries 14 hours ago
  • Fix available
  • Severity - 2.1 (Low)
GHSA-8x8f-54wf-vv92
  • PyPI/praisonai
  • PyPI/praisonaiagents
 PraisonAI Browser Server allows unauthenticated WebSocket clients to hijack connected extension sessions 14 hours ago
  • Fix available
  • Severity - 9.1 (Critical)
Load more...