OSV - Open Source Vulnerabilities

MAL-2025-4700

PyPI/packagemurder

Malicious code in packagemurder (PyPI)

2 days ago

No fix available

MAL-2025-4699

PyPI/cugraph-service-client

Malicious code in cugraph-service-client (PyPI)

2 days ago

No fix available

MAL-2025-4698

PyPI/cugraph-dgl

Malicious code in cugraph-dgl (PyPI)

2 days ago

No fix available

GHSA-v3c8-3pr6-gr7p

PyPI/llama-index

llama_index vulnerable to SQL Injection

2 days ago

Fix available
Severity - 9.8 (Critical)

GHSA-7xr5-9hcq-chf9

PyPI/django

Django Improper Output Neutralization for Logs vulnerability

2 days ago

Fix available
Severity - 4.0 (Medium)

PYSEC-2025-47

PyPI/django

See record for full details

2 days ago

Fix available

GHSA-6vx8-pcwv-xhf4

PyPI/signxml

SignXML's signature verification with HMAC is vulnerable to an algorithm confusion attack

2 days ago

Fix available
Severity - 6.9 (Medium)

GHSA-gmhf-gg8w-jw42

PyPI/signxml

SignXML's signature verification with HMAC is vulnerable to a timing attack

2 days ago

Fix available
Severity - 6.9 (Medium)

GHSA-cq37-g2qp-3c2p

PyPI/astrbot

AstrBot Has Path Traversal Vulnerability in /api/chat/get_file

2 days ago

Fix available
Severity - 7.5 (High)

GHSA-33p9-3p43-82vq

PyPI/jupyter-core

Jupyter Core on Windows Has Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

3 days ago

Fix available
Severity - 7.3 (High)

MAL-2025-4666

PyPI/proto-google-cloud-dlp-v2beta1

Malicious code in proto-google-cloud-dlp-v2beta1 (PyPI)

3 days ago

No fix available

MAL-2025-4665

PyPI/grpc-google-bigtable-v2

Malicious code in grpc-google-bigtable-v2 (PyPI)

3 days ago

No fix available

GHSA-m4jx-m5hg-qrxx

PyPI/django-helpdesk

django-helpdesk Allows Sensitive Data Exposure

31 May

Fix available
Severity - 5.1 (Medium)

PYSEC-2025-44

PyPI/django-helpdesk
github.com/django-helpdesk/django-helpdesk

See record for full details

31 May

Fix available

GHSA-8w7f-8pr9-xgwj

PyPI/apache-superset

Apache Superset: Improper authorization bypass on row level security via SQL Injection

30 May

Fix available
Severity - 7.1 (High)

GHSA-8jw3-6x8j-v96g

PyPI/gradio

Gradio Allows Unauthorized File Copy via Path Manipulation

29 May

Fix available
Severity - 5.3 (Medium)