Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
MAL-2026-3023
  • PyPI/test-pkg-jie
 Malicious code in test-pkg-jie (PyPI) 1 hour ago
  • No fix available
MAL-2026-3022
  • PyPI/jie-utility-package
 Malicious code in jie-utility-package (PyPI) 2 hours ago
  • No fix available
MAL-2026-3015
  • PyPI/lyroxcoder
 Malicious code in lyroxcoder (PyPI) 9 hours ago
  • No fix available
MAL-2026-3002
  • PyPI/lyrox
 Malicious code in lyrox (PyPI) 19 hours ago
  • No fix available
MAL-2026-3001
  • PyPI/process-support
 Malicious code in process-support (PyPI) 21 hours ago
  • No fix available
MAL-2026-3000
  • PyPI/xinference
 Malicious code in xinference (PyPI) 22 hours ago
  • No fix available
GHSA-vrx2-77f2-ww34
  • PyPI/justhtml
 justhtml has sanitization bypass in custom policies and programmatic DOM 22 hours ago
  • Fix available
  • Severity - 6.0 (Medium)
MAL-2026-2999
  • PyPI/pypdf-fork
 Malicious code in pypdf-fork (PyPI) 23 hours ago
  • No fix available
GHSA-73h3-mf4w-8647
  • PyPI/poetry
 Poetry has Path Traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4 yesterday
  • Fix available
  • Severity - 0.6 (Low)
GHSA-vfmq-68hx-4jfw
  • PyPI/lxml
 lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files yesterday
  • Fix available
  • Severity - 7.5 (High)
GHSA-7jqv-fw35-gmx9
  • PyPI/nbconvert
 nbconvert has an Arbitrary File Read via Path Traversal in HTMLExporter Image Embedding 2 days ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-4c99-qj7h-p3vg
  • PyPI/nbconvert
 nbconvert has an Arbitrary File Write via Path Traversal in Cell Attachment Filenames 2 days ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-grp3-h8m8-45p7
  • PyPI/glances
 Glances has CQL Injection in its Cassandra Export Module via Unsanitized Config Values 2 days ago
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-g5pq-48mj-jvw8
  • PyPI/glances
 Glances has SSRF in IP Plugin via public_api leading to credential leakage 2 days ago
  • Fix available
  • Severity - 7.3 (High)
GHSA-gfc2-9qmw-w7vh
  • PyPI/glances
 Glances: Cross-Origin Information Disclosure via Unauthenticated REST API (/api/4) due to Permissive CORS 2 days ago
  • Fix available
  • Severity - 7.1 (High)
GHSA-6w67-hwm5-92mq
  • PyPI/lmdeploy
 LMDeploy has Server-Side Request Forgery (SSRF) via Vision-Language Image Loading 2 days ago
  • No fix available
  • Severity - 7.5 (High)
Load more...