Vulnerabilities

ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-8w3f-4r8f-pf53
  • PyPI/pyload-ng
pyLoad vulnerable to XSS through insecure CAPTCHA 15 hours ago
  • Fix available
  • Severity - 9.8 (Critical)
MAL-2025-5847
  • PyPI/vtk-osmesa
Malicious code in vtk-osmesa (PyPI) yesterday
  • No fix available
GHSA-9548-qrrj-x5pj
  • PyPI/aiohttp
AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections yesterday
  • Fix available
  • Severity - 1.7 (Low)
GHSA-q28v-664f-q6wj
  • PyPI/indico
Indico vulnerability allows attackers to bulk dump user details yesterday
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-x8c6-gj59-6rx8
  • PyPI/libp2p
py-libp2p is vulnerable to DoS attacks through use of large RSA keys 2 days ago
  • Fix available
  • Severity - 4.3 (Medium)
GHSA-qxh9-qmf2-rhwc
  • PyPI/roundup
Roundup is vulnerable to XSS through interactions between URLs and issue tracker templates 2 days ago
  • Fix available
  • Severity - 6.4 (Medium)
PYSEC-2025-69
  • PyPI/roundup
See record for full details 2 days ago
  • Fix available
MAL-2025-5837
  • PyPI/test-package-avinav
Malicious code in test-package-avinav (PyPI) 3 days ago
  • No fix available
GHSA-h952-963h-rv99
  • PyPI/executorch
ExecuTorch vulnerable to Heap-based Buffer Overflow attack 4 days ago
  • No fix available
  • Severity - 8.1 (High)
GHSA-37mw-44qp-f5jm
  • PyPI/transformers
Transformers is vulnerable to ReDoS attack through its DonutProcessor class 4 days ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-5hq9-5r78-2gjh
  • PyPI/llama-index
  • PyPI/llama-index-readers-docugami
LlamaIndex vulnerable to data loss through hash collisions in its DocugamiReader class 5 days ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-x698-5hjm-w2m5
  • PyPI/pyload-ng
pyLoad is vulnerable to attacks that bypass localhost restrictions, enabling the creation of arbitrary packages 08 Jul
  • No fix available
  • Severity - 7.5 (High)
GHSA-j47q-rc62-w448
  • PyPI/fastapi-guard
fastapi-guard is vulnerable to ReDoS through inefficient regex 07 Jul
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-q93c-p2mw-p23f
  • PyPI/dagster
Dagster vulnerable to Path Traversal attack through its /logs endpoint 07 Jul
  • Fix available
  • Severity - 4.4 (Medium)
GHSA-2rhq-96q8-4vjq
  • PyPI/llama-index-core
LlamaIndex vulnerable to Path Traversal attack through its encode_image function 07 Jul
  • Fix available
  • Severity - 7.5 (High)
PYSEC-2025-65
  • PyPI/llama-index
  • github.com/run-llama/llama_index
See record for full details 07 Jul
  • Fix available