OSV - Open Source Vulnerabilities

GHSA-73jv-44c3-j5p2

PyPI/ajenti-panel

Ajenti has an authorization bypass during custom package installation

8 hours ago

Fix available
Severity - 7.2 (High)

GHSA-9cqf-439c-j96r

PyPI/kedro

Kedro has Arbitrary Code Execution via Malicious Logging Configuration

8 hours ago

Fix available
Severity - 9.8 (Critical)

GHSA-6326-w46w-ppjw

PyPI/kedro

Kedro: Path Traversal in versioned dataset loading via unsanitized version string

8 hours ago

Fix available
Severity - 7.1 (High)

GHSA-436g-fhfc-9g5w

PyPI/dtale

D-Tale: Remote Code Execution through redis/shelf storage

8 hours ago

Fix available
Severity - 5.3 (Medium)

MAL-2026-2433

PyPI/pycolorlib3

Malicious code in pycolorlib3 (PyPI)

15 hours ago

No fix available

MAL-2026-2432

PyPI/nwin64tls

Malicious code in nwin64tls (PyPI)

15 hours ago

No fix available

MAL-2026-2431

PyPI/nwin32tls

Malicious code in nwin32tls (PyPI)

16 hours ago

No fix available

MAL-2026-2430

PyPI/k8s-node-health

Malicious code in k8s-node-health (PyPI)

21 hours ago

No fix available

GHSA-q56x-g2fj-4rj6

PyPI/onnx

ONNX: TOCTOU arbitrary file read/write in save_external_dat

yesterday

Fix available
Severity - 7.1 (High)

GHSA-98f9-fqg5-hvq5

PyPI/praisonai

PraisonAI Has Authentication Bypass via OAuthManager.validate_token()

yesterday

Fix available
Severity - 9.1 (Critical)

GHSA-cfh6-vr3j-qc3g

PyPI/praisonai

PraisonAI Has Missing Authentication in WebSocket Gateway

yesterday

Fix available
Severity - 9.1 (Critical)

GHSA-44c2-3rw4-5gvh

PyPI/praisonaiagents

PraisonAI Has SSRF in FileTools.download_file() via Unvalidated URL

yesterday

Fix available
Severity - 8.6 (High)

GHSA-r4f2-3m54-pp7q

PyPI/praisonai

PraisonAI Has Sandbox Escape via shell=True and Bypassable Blocklist in SubprocessSandbox

yesterday

Fix available
Severity - 8.8 (High)

GHSA-x6m9-gxvr-7jpv

PyPI/praisonai

PraisonAI: SSRF via Unvalidated api_base in passthrough() Fallback

yesterday

Fix available
Severity - 7.7 (High)

GHSA-8w9j-hc3g-3g7f

PyPI/praisonai

PraisonAI Has ReDoS via Unvalidated User-Controlled Regex in MCPToolIndex.search_tools()

yesterday

Fix available
Severity - 6.5 (Medium)

GHSA-9cq8-3v94-434g

PyPI/praisonai

PraisonAI Has Second-Order SQL Injection in `get_all_user_threads`

yesterday

Fix available
Severity - 9.8 (Critical)