11x-wagtail-blog (>=0.0.0 <=0.2.0), aa-altcorp (>=0.1.2b0 <=1.1.1) +1647 more potentially affected by CVE-2026-8404 via django (>=5.0.0 <=5.2.14)

django PYPI version =5.0.0, =0.0.0, =0.1.2b0, =0.0.1a1, =0.1.1, =3.1.0b1, =1.0.3, =0.0.1a2, =0.1.0, =0.2.0, =1.0.0, =1.1.0b3, =0.1.0b1, =0.11.1 and more Source cves: CVE-2026-8404 Source advisory: SNYK:PYTHON-DJANGO-17151726...

a-mailx (=0.1.0), a2 (>=0.1.0 <=0.3.17) +360 more potentially affected by CVE-2026-6657 via jupyter-server (>=1.13.2 <=2.17.0)

jupyter-server PYPI version =1.13.2, =0.1.0, =0.14.0.3, =0.3.0, =0.1.0b0, =1.3.4, =0.18.3, =0.1.0, =1.0.1, =0.1.0, =0.14.0 and more Source cves: CVE-2026-6657 Source advisory: SNYK:PYTHON-JUPYTERSERVER-17220130...

1zlab-emp-ide (=0.0.3), 1zlab-homepage (>=0.0.2 <=0.0.3) +11108 more potentially affected by CVE-2026-6873 via django (>=6.0.0 <=6.0.5)

django PYPI version =6.0.0, =0.0.2, =2.2.0, =0.1.0, =0.1.0.1, =0.1.1, =0.2.0, =0.0.4a0, =0.0.7, =0.1.10 and more Source cves: CVE-2026-6873 Source advisory: OSV:PYSEC-2026-199...

1zlab-emp-ide (=0.0.3), 1zlab-homepage (>=0.0.2 <=0.0.3) +11108 more potentially affected by CVE-2026-35193 via django (>=6.0.0 <=6.0.5)

django PYPI version =6.0.0, =0.0.2, =2.2.0, =0.1.0, =0.1.0.1, =0.1.1, =0.2.0, =0.0.4a0, =0.0.7, =0.1.10 and more Source cves: CVE-2026-35193 Source advisory: OSV:PYSEC-2026-197...

aiidalab (>=22.6.0 <=26.5.2), aiidalab-chemshell (>=0.0.1 <=0.1.1) +137 more potentially affected by CVE-2026-42563 via dulwich (>=0.24.1 <=1.0.0)

dulwich PYPI version =0.24.1, =22.6.0, =0.0.1, =0.1.0, =1.3.4, =0.12.0, =0.1.0, =0.2.0, =0.2.0, =0.2.1, =0.2.1, =0.1.0, =0.1.6 - artificial-detection =0.1.0 - attp =0.1.0a0 and more Source cves: CVE-2026-42563 Source advisory: SNYK:PYTHON-DULWICH-17054926...

360solutions-bc-mcp (>=0.5.3 <=0.5.6), 3di-cmd-client (>=0.0.1a0 <=0.0.3) +781 more potentially affected by CVE-2026-48522 via pyjwt (>=2.0.0 <=2.12.1)

pyjwt PYPI version =2.0.0, =0.5.3, =0.0.1a0, =1.1.1, =0.1.0, =0.1.1, =0.1.31, =0.1.0, =1.5.0, =0.1.0, =0.2.9, =0.5.0, =1.89.5, =1.420.4 and more Source cves: CVE-2026-48522 Source advisory: SNYK:PYTHON-PYJWT-17054901...

360solutions-bc-mcp (>=0.5.3 <=0.5.6), 3di-cmd-client (>=0.0.1a0 <=0.0.3) +781 more potentially affected by CVE-2026-48525 via pyjwt (>=2.0.0 <=2.12.1)

pyjwt PYPI version =2.0.0, =0.5.3, =0.0.1a0, =1.1.1, =0.1.0, =0.1.1, =0.1.31, =0.1.0, =1.5.0, =0.1.0, =0.2.9, =0.5.0, =1.89.5, =1.420.4 and more Source cves: CVE-2026-48525 Source advisory: SNYK:PYTHON-PYJWT-17053409...

aad-fastapi (>=1.0.0 <=1.1.2), aad-fastapi-dl37 (>=1.0.0 <=1.0.3) +235 more potentially affected by CVE-2026-44681 via authlib (>=0.10.0 <=1.6.11)

authlib PYPI version =0.10.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =1.0.2, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.1.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0, =1.2.1 and more Source cves: CVE-2026-44681 Source advisory: OSV:PYSEC-2026-188...

ai-dynamo (=0.1.0), bento2seldon (>=0.1.0 <=0.4.0) +16 more potentially affected by CVE-2026-44345 via bentoml (>=0.10.1 <=1.4.3)

bentoml PYPI version =0.10.1, =0.1.0, =0.1.0, =0.0.10, =0.0.5, =0.3.12, =0.0.1, =1.0.3, =0.0.10, =0.0.1, =0.0.1, =0.0.13 and more Source cves: CVE-2026-44345 Source advisory: OSV:PYSEC-2026-189...

CVE-2026-44971

GuardDog is a CLI tool to identify malicious PyPI packages. From 1.0.0 to 2.9.0, the programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replacement and then sends the caller's GitHub credentials with the resulting request. This allows an...

GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous disruption of all command-and-control C2 channels associated with GlassWorm, a persistent software chain campaign targeting software developers through malicious packages and extensions. "Since...

a-mailx (=0.1.0), abracadabra (>=0.0.0 <=0.0.7) +704 more potentially affected by CVE-2026-44896 via mistune (>=0.7.3 <=3.2.0)

mistune PYPI version =0.7.3, =0.0.0, =0.0.18, =2.0.0.post1, =0.3.0, =1.0.0, =0.1.0, =1.3.4, =1.0.47, =1.0.66, =0.9.5, =0.21.2, =1.0.0, =1.1.2 and more Source cves: CVE-2026-44896 Source advisory: OSV:PYSEC-2026-168...

01os (>=0.0.1 <=0.0.14), 0xpwn (=0.1.1) +816 more potentially affected by CVE-2026-47101 via litellm (>=1.0.0 <=1.83.13)

litellm PYPI version =1.0.0, =0.0.1, =0.0.14, =0.0.14, =0.0.1a0, =0.3.5, =0.6.0, =0.7.3, =0.1.0, =0.4.0, =0.8.1, =0.1.0, =0.1.39, =0.2.1, =0.2.1.10102025 - agent-memory-server =0.15.0 and more Source cves: CVE-2026-47101 Source advisory: SNYK:PYTHON-LITELLM-16795355...

GHSA-J989-FGGP-QGP5 vulnerabilities

Vulnerabilities for packages: python...

CVE-2026-8328 vulnerabilities

Vulnerabilities for packages: python...

GHSA-J989-FGGP-QGP5 vulnerabilities

Vulnerabilities for packages: python...

CVE-2026-8328 vulnerabilities

Vulnerabilities for packages: python...

aana (>=0.2.1 <=0.2.2), ace-step (=0.1.0) +234 more potentially affected by CVE-2026-44513 via diffusers (>=0.10.2 <=0.37.1)

diffusers PYPI version =0.10.2, =0.2.1, =1.8.20, =1.9.0, =0.0.0, =0.2.2, =0.0.2, =0.0.0, =0.1.0, =0.6.37, =0.0.4, =0.1.0, =0.1.0, =0.5.0 and more Source cves: CVE-2026-44513 Source advisory: OSV:PYSEC-2026-40...

a-mailx (=0.1.0), ai-shell (>=0.1.0 <=1.0.4) +139 more potentially affected by CVE-2026-44898 via mistune (>=3.0.0 <=3.2.0)

mistune PYPI version =3.0.0, =0.1.0, =0.9.5, =3.0.0, =3.2.1b1, =1.0.1, =1.0.1, =0.1.0, =0.1.0, =0.0.1, =0.1.0, =0.0.2, =1.0.0.1, =0.0.1, =0.0.5 and more Source cves: CVE-2026-44898 Source advisory: SNYK:PYTHON-MISTUNE-16697348...

a-mailx (=0.1.0), a2 (>=0.1.0 <=0.3.17) +264 more potentially affected by CVE-2026-42266 via jupyterlab (>=4.0.0 <=4.5.6)

jupyterlab PYPI version =4.0.0, =0.1.0, =0.1.0b0, =0.1.0b0, =0.1.0b0, =0.1.0, =0.5.5, =2.0.0, =0.1.1, =4.33.0, =0.6.4, =0.8.0, =1.0.1, =0.1.0, =0.5.0 and more Source cves: CVE-2026-42266 Source advisory: OSV:PYSEC-2026-164...