Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-36rr-ww3j-vrjv
  • PyPI/keras
 The Keras `Model.load_model` method **silently** ignores `safe_mode=True` and allows arbitrary code execution when a `.h5`/`.hdf5` file is loaded. 4 hours ago
  • Fix available
  • Severity - 8.7 (High)
GHSA-36fq-jgmw-4r9c
  • PyPI/keras
 Keras is vulnerable to Deserialization of Untrusted Data 15 hours ago
  • Fix available
  • Severity - 8.6 (High)
MAL-2025-47452
  • PyPI/secmeasure
 Malicious code in secmeasure (PyPI) yesterday
  • No fix available
MAL-2025-47453
  • PyPI/sisaws
 Malicious code in sisaws (PyPI) yesterday
  • No fix available
MAL-2025-47451
  • PyPI/colorinal
 Malicious code in colorinal (PyPI) yesterday
  • No fix available
MAL-2025-47454
  • PyPI/termncolor
 Malicious code in termncolor (PyPI) yesterday
  • No fix available
GHSA-vv9c-xxg7-wmv7
  • PyPI/invokeai
 InvokeAI has External Control of File Name or Path yesterday
  • No fix available
  • Severity - 8.9 (High)
MAL-2025-47458
  • PyPI/veilcord-tls
 Malicious code in veilcord-tls (PyPI) 2 days ago
  • No fix available
GHSA-4hqq-7q79-932p
  • PyPI/mcp-kubernetes-server
 mcp-kubernetes-server has an OS Command Injection vulnerability 4 days ago
  • No fix available
  • Severity - 3.7 (Low)
GHSA-hjm5-xgj8-vwj6
  • PyPI/mcp-kubernetes-server
 mcp-kubernetes-server has a Command Injection vulnerability 4 days ago
  • No fix available
  • Severity - 3.7 (Low)
GHSA-rcv9-qm8p-9p6j
  • PyPI/transformers
 Hugging Face Transformers library has Regular Expression Denial of Service 5 days ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-59p9-h35m-wg4g
  • PyPI/transformers
 Hugging Face Transformers is vulnerable to ReDoS through its MarianTokenizer 12 Sep
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-vcqx-v2mg-7chx
  • PyPI/mcp-neo4j-cypher
 Neo4j Cypher MCP server is vulnerable to DNS rebinding 11 Sep
  • Fix available
  • Severity - 7.4 (High)
GHSA-765j-9r45-w2q2
  • PyPI/flask-appbuilder
 Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods 11 Sep
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-v2p7-4pv4-3wwh
  • PyPI/infrahub-server
 Infrahub: Deleted and expired API tokens can still authenticate 10 Sep
  • Fix available
  • Severity - 5.5 (Medium)
GHSA-9mv7-3c64-mmqw
  • PyPI/xml2rfc
 xml2rfc is vulnerable to arbitrary file reads through prepped files 10 Sep
  • Fix available
  • Severity - 8.7 (High)
Load more...