OSV - Open Source Vulnerabilities

MAL-2026-2028

PyPI/pipinpeace-bind

Malicious code in pipinpeace-bind (PyPI)

13 hours ago

No fix available

MAL-2026-2029

PyPI/pipinpeace-reverse

Malicious code in pipinpeace-reverse (PyPI)

13 hours ago

No fix available

MAL-2026-2026

PyPI/pipinpeace-env

Malicious code in pipinpeace-env (PyPI)

14 hours ago

No fix available

MAL-2026-2020

PyPI/aiolrucache

Malicious code in aiolrucache (PyPI)

yesterday

No fix available

MAL-2026-2017

PyPI/thisismytest

Malicious code in thisismytest (PyPI)

yesterday

No fix available

MAL-2026-2016

PyPI/qyrm-pipinject4

Malicious code in qyrm-pipinject4 (PyPI)

yesterday

No fix available

MAL-2026-2013

PyPI/nump

Malicious code in nump (PyPI)

yesterday

No fix available

GHSA-r7mc-x6x7-cqxx

PyPI/pyload-ng

pyLoad SETTINGS Permission Users Can Achieve Remote Code Execution via Unrestricted Reconnect Script Configuration

2 days ago

No fix available
Severity - 7.5 (High)

MAL-2026-2006

PyPI/mangrove-sdk

Malicious code in mangrove-sdk (PyPI)

2 days ago

No fix available

GHSA-ph9w-r52h-28p7

PyPI/langflow

langflow: /profile_pictures/{folder_name}/{file_name} endpoint file reading

2 days ago

Fix available
Severity - 8.7 (High)

MAL-2026-2005

PyPI/efghr-honeybee-sdk

Malicious code in efghr-honeybee-sdk (PyPI)

2 days ago

No fix available

MAL-2026-2004

PyPI/flyio-token-client-efgh

Malicious code in flyio-token-client-efgh (PyPI)

2 days ago

No fix available

GHSA-7grx-3xcx-2xv5

PyPI/langflow

langflow has Unauthenticated IDOR on Image Downloads

2 days ago

No fix available
Severity - 7.5 (High)

GHSA-v856-2rf8-9f28

PyPI/pydicom

pydicom has a path traversal in FileSet/DICOMDIR ReferencedFileID allows file access outside the File-set root

2 days ago

Fix available
Severity - 7.8 (High)

MAL-2026-2000

PyPI/cfgmgr-sync

Malicious code in cfgmgr-sync (PyPI)

2 days ago

No fix available

MAL-2026-1999

PyPI/cfgmgr-syn

Malicious code in cfgmgr-syn (PyPI)

2 days ago

No fix available