Vulnerabilities

ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-3qhf-m339-9g5v
  • PyPI/mcp
MCP Python SDK vulnerability in the FastMCP Server causes validation error, leading to DoS 8 hours ago
  • Fix available
  • Severity - 8.7 (High)
GHSA-j975-95f5-7wqh
  • PyPI/mcp
MCP Python SDK has Unhandled Exception in Streamable HTTP Transport, Leading to Denial of Service 8 hours ago
  • Fix available
  • Severity - 8.7 (High)
PYSEC-2025-61
  • PyPI/pillow
  • github.com/python-pillow/pillow
See record for full details 3 days ago
  • Fix available
GHSA-xg8h-j46f-w952
  • PyPI/pillow
Pillow vulnerability can cause write buffer overflow on BCn encoding 3 days ago
  • Fix available
  • Severity - 7.1 (High)
GHSA-v9w6-9hq9-33ch
  • PyPI/lightrag-hku
HKUDS LightRAG allows Path Traversal via function upload_to_input_dir 27 Jun
  • Fix available
  • Severity - 4.8 (Medium)
GHSA-m435-9v6r-v5f6
  • PyPI/mobsf
MobSF vulnerability allows SSRF due to the allow_redirects=True parameter 27 Jun
  • Fix available
  • Severity - 7.5 (High)
GHSA-xj56-p8mm-qmxj
  • PyPI/llamafactory
LLaMA-Factory allows Code Injection through improper vhead_file safeguards 27 Jun
  • No fix available
  • Severity - 8.3 (High)
GHSA-9r64-3wmc-x8m8
  • PyPI/apache-airflow-providers-snowflake
Apache Airflow Providers Snowflake package allows for Special Element Injection via CopyFromExternalStageToSnowflakeOperator 26 Jun
  • Fix available
  • Severity - 9.8 (Critical)
PYSEC-2025-51
  • PyPI/apache-airflow-providers-snowflake
See record for full details 24 Jun
  • Fix available
MAL-2025-5239
  • PyPI/youreallydontwantthispackage2132
Malicious code in youreallydontwantthispackage2132 (PyPI) 24 Jun
  • No fix available
GHSA-8gff-cf92-72pv
  • PyPI/pyspur
pyspur Incomplete Filtering of Special Elements allowed by SingleLLMCallNode function 23 Jun
  • No fix available
  • Severity - 2.1 (Low)
GHSA-h5gc-rm8j-5gpr
  • PyPI/langchain-community
LangChain Community SSRF vulnerability exists in RequestsToolkit component 23 Jun
  • Fix available
  • Severity - 8.4 (High)
GHSA-hwpg-x5hw-vpv9
  • PyPI/changedetection-io
ChangeDetection.io XSS in watch overview 23 Jun
  • Fix available
  • Severity - 7.0 (High)
GHSA-wxj7-3fx5-pp9m
  • PyPI/mlflow
MLFlow SSRF via gateway_proxy_handler 23 Jun
  • Fix available
  • Severity - 5.8 (Medium)
PYSEC-2025-52
  • PyPI/mlflow
  • github.com/mlflow/mlflow
See record for full details 23 Jun
  • Fix available
GHSA-6qhv-4h7r-2g9m
  • PyPI/rfc3161-client
rfc3161-client has insufficient verification for timestamp response signatures 20 Jun
  • Fix available
  • Severity - 9.3 (Critical)