OSV - Open Source Vulnerabilities

GHSA-62cr-6wp5-q43h

PyPI/copyparty

Copyparty vulnerable to reflected XSS via setck parameter

3 hours ago

Fix available
Severity - 5.4 (Medium)

GHSA-g8gc-6c4h-jg86

PyPI/wger

wger: IDOR in nutritional_values endpoints exposes private dietary data via direct ORM lookup

3 hours ago

No fix available
Severity - 4.3 (Medium)

GHSA-42cr-w2gr-m54q

PyPI/wger

wger: IDOR via user-unscoped cache keys on routine API actions exposes workout data

3 hours ago

No fix available
Severity - 3.1 (Low)

GHSA-xf68-8hjw-7mpm

PyPI/wger

wger: IDOR in RepetitionsConfig and MaxRepetitionsConfig API leak other users' workout data

3 hours ago

No fix available
Severity - 4.3 (Medium)

GHSA-x7hp-r3qg-r3cj

PyPI/pypdf

pypdf: Manipulated FlateDecode XFA streams can exhaust RAM

6 hours ago

Fix available
Severity - 6.6 (Medium)

GHSA-wppc-7cq7-cgfv

PyPI/weblate

Weblate: Missing access control for the AddonViewSet API exposes all addon configurations

6 hours ago

Fix available
Severity - 4.3 (Medium)

MAL-2026-1049

PyPI/flycord

Malicious code in flycord (PyPI)

10 hours ago

No fix available

GHSA-24p2-j2jr-386w

PyPI/psd-tools

psd-tools: Compression module has unguarded zlib decompression, missing dimension validation, and hardening gaps

10 hours ago

Fix available
Severity - 6.8 (Medium)

GHSA-vjqx-cfc4-9h6v

PyPI/mcp-server-git

mcp-server-git : Path traversal in git_add allows staging files outside repository boundaries

10 hours ago

Fix available
Severity - 6.4 (Medium)

MAL-2026-1048

PyPI/edx-salesforce

Malicious code in edx-salesforce (PyPI)

12 hours ago

No fix available

MAL-2026-1044

PyPI/awareness-demo-pkg

Malicious code in awareness-demo-pkg (PyPI)

15 hours ago

No fix available

GHSA-mhr3-j7m5-c7c9

PyPI/langgraph-checkpoint

LangGraph: BaseCache Deserialization of Untrusted Data may lead to Remote Code Execution

yesterday

Fix available
Severity - 6.6 (Medium)

GHSA-76rv-2r9v-c5m6

PyPI/zae-limiter

zae-limiter: DynamoDB hot partition throttling enables per-entity Denial of Service

yesterday

Fix available
Severity - 4.3 (Medium)

MAL-2026-1035

PyPI/neural-compressor-jax

Malicious code in neural-compressor-jax (PyPI)

yesterday

No fix available

GHSA-fq4f-4738-rqxm

PyPI/rucio-webui

Rucio WebUI has a Stored Cross-site Scripting (XSS) Vulnerability in its Custom RSE Attribute

yesterday

Fix available
Severity - 6.1 (Medium)

GHSA-8wpv-6x3f-3rm5

PyPI/rucio-webui

Rucio WebUI has a Stored Cross-site Scripting (XSS) vulnerability its Identity Name

yesterday

Fix available
Severity - 6.1 (Medium)