Vulnerability Database
Blog
FAQ
Docs
Vulnerabilities
search
All ecosystems
313571
AlmaLinux
3768
Alpine
3715
Android
2907
Bitnami
5637
Chainguard
27651
CRAN
10
crates.io
1724
Debian
46784
GHC
3
GIT
29484
GitHub Actions
28
Go
4338
Hackage
23
Hex
37
Linux
13573
Mageia
5637
Maven
5599
MinimOS
1700
npm
27033
NuGet
1446
openSUSE
10078
OSS-Fuzz
3621
Packagist
4729
Pub
10
PyPI
15961
Red Hat
16327
Rocky Linux
1758
RubyGems
1685
SUSE
16442
SwiftURL
35
Ubuntu
46770
Wolfi
15058
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-3qhf-m339-9g5v
PyPI/mcp
MCP Python SDK vulnerability in the FastMCP Server causes validation error, leading to DoS
8 hours ago
Fix available
Severity - 8.7 (High)
GHSA-j975-95f5-7wqh
PyPI/mcp
MCP Python SDK has Unhandled Exception in Streamable HTTP Transport, Leading to Denial of Service
8 hours ago
Fix available
Severity - 8.7 (High)
PYSEC-2025-61
PyPI/pillow
github.com/python-pillow/pillow
See record for full details
3 days ago
Fix available
GHSA-xg8h-j46f-w952
PyPI/pillow
Pillow vulnerability can cause write buffer overflow on BCn encoding
3 days ago
Fix available
Severity - 7.1 (High)
GHSA-v9w6-9hq9-33ch
PyPI/lightrag-hku
HKUDS LightRAG allows Path Traversal via function upload_to_input_dir
27 Jun
Fix available
Severity - 4.8 (Medium)
GHSA-m435-9v6r-v5f6
PyPI/mobsf
MobSF vulnerability allows SSRF due to the allow_redirects=True parameter
27 Jun
Fix available
Severity - 7.5 (High)
GHSA-xj56-p8mm-qmxj
PyPI/llamafactory
LLaMA-Factory allows Code Injection through improper vhead_file safeguards
27 Jun
No fix available
Severity - 8.3 (High)
GHSA-9r64-3wmc-x8m8
PyPI/apache-airflow-providers-snowflake
Apache Airflow Providers Snowflake package allows for Special Element Injection via CopyFromExternalStageToSnowflakeOperator
26 Jun
Fix available
Severity - 9.8 (Critical)
PYSEC-2025-51
PyPI/apache-airflow-providers-snowflake
See record for full details
24 Jun
Fix available
MAL-2025-5239
PyPI/youreallydontwantthispackage2132
Malicious code in youreallydontwantthispackage2132 (PyPI)
24 Jun
No fix available
GHSA-8gff-cf92-72pv
PyPI/pyspur
pyspur Incomplete Filtering of Special Elements allowed by SingleLLMCallNode function
23 Jun
No fix available
Severity - 2.1 (Low)
GHSA-h5gc-rm8j-5gpr
PyPI/langchain-community
LangChain Community SSRF vulnerability exists in RequestsToolkit component
23 Jun
Fix available
Severity - 8.4 (High)
GHSA-hwpg-x5hw-vpv9
PyPI/changedetection-io
ChangeDetection.io XSS in watch overview
23 Jun
Fix available
Severity - 7.0 (High)
GHSA-wxj7-3fx5-pp9m
PyPI/mlflow
MLFlow SSRF via gateway_proxy_handler
23 Jun
Fix available
Severity - 5.8 (Medium)
PYSEC-2025-52
PyPI/mlflow
github.com/mlflow/mlflow
See record for full details
23 Jun
Fix available
GHSA-6qhv-4h7r-2g9m
PyPI/rfc3161-client
rfc3161-client has insufficient verification for timestamp response signatures
20 Jun
Fix available
Severity - 9.3 (Critical)
Load more...
PyPI - OSV