OSV - Open Source Vulnerabilities

GHSA-v959-cwq9-7hr6

PyPI/bentoml

BentoML: SSTI via Unsandboxed Jinja2 in Dockerfile Generation

2 hours ago

Fix available
Severity - 8.8 (High)

GHSA-fgv4-6jr3-jgfw

PyPI/bentoml

BentoML: Command Injection in cloud deployment setup script

3 hours ago

Fix available
Severity - 7.8 (High)

GHSA-jjhc-v7c2-5hh6

PyPI/litellm

LiteLLM: Authentication bypass via OIDC userinfo cache key collision

3 hours ago

Fix available
Severity - 9.4 (Critical)

GHSA-53mr-6c8q-9789

PyPI/litellm

LiteLLM: Privilege escalation via unrestricted proxy configuration endpoint

3 hours ago

Fix available
Severity - 8.7 (High)

GHSA-3jr7-6hqp-x679

PyPI/mesop

Mesop: Unbounded Thread Creation in WebSocket Handler Leads to Denial of Service

3 hours ago

Fix available
Severity - 7.5 (High)

GHSA-pq5c-rjhq-qp7p

PyPI/vllm

vLLM: Denial of Service via Unbounded Frame Count in video/jpeg Base64 Processing

3 hours ago

Fix available
Severity - 6.5 (Medium)

GHSA-pf3h-qjgv-vcpr

PyPI/vllm

vLLM: Server-Side Request Forgery (SSRF) in `download_bytes_from_url `

3 hours ago

Fix available
Severity - 5.4 (Medium)

GHSA-vc68-257w-m432

PyPI/openexr

OpenEXR: Heap information disclosure in PXR24 decompression via unchecked decompressed size (undo_pxr24_impl)

3 hours ago

Fix available
Severity - 8.7 (High)

GHSA-h762-rhv3-h25v

PyPI/openexr

OpenEXR: integer overflow to OOB write in uncompress_b44_impl()

3 hours ago

Fix available
Severity - 8.4 (High)

GHSA-8mxq-7xr7-2fxj

PyPI/jupyterhub-ltiauthenticator

LTI JupyterHub Authenticator: Unbounded Memory Growth via Nonce Storage (Denial of Service)

3 hours ago

Fix available
Severity - 5.9 (Medium)

GHSA-qw2m-4pqf-rmpp

PyPI/curl-cffi

curl_cffi: Redirect-based SSRF leads to internal network access in curl_cffi (with TLS impersonation bypass)

3 hours ago

Fix available
Severity - 8.6 (High)

GHSA-3vff-hjqv-m7h8

PyPI/jupyterhub

JupyterHub has an Open Redirect Vulnerability

3 hours ago

Fix available
Severity - 5.1 (Medium)

GHSA-rrvg-cxh4-qhrv

PyPI/oauthenticator

Auth0OAuthenticator has an Authentication Bypass via Unverified Email Claims

3 hours ago

Fix available
Severity - 8.8 (High)

GHSA-3mwp-wvh9-7528

PyPI/vllm

vLLM: Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API Server

9 hours ago

Fix available
Severity - 6.5 (Medium)

MAL-2026-2448

PyPI/supervisors

Malicious code in supervisors (PyPI)

13 hours ago

No fix available

GHSA-73jv-44c3-j5p2

PyPI/ajenti-panel

Ajenti has an authorization bypass during custom package installation

21 hours ago

Fix available
Severity - 7.2 (High)