agentc-llamaindex (=0.2.5a2), agentia (>=0.0.2 <=0.0.10) +86 more potentially affected by CVE-2025-7707 via llama-index (>=0.10.0 <=0.12.52)

llama-index PYPI version =0.10.0, =0.0.2, =0.1.0a0.dev0, =0.2.0a0, =1.1.0, =3.0.0, =1.0.5, =1.7.0, =0.1.0, =0.2.0, =0.2.0, =0.2.0, =0.0.14, =0.2.53, =0.2.57 and more Source cves: CVE-2025-7707 Source advisory: OSV:GHSA-RG9H-VX28-XXP5...

aad-fastapi-dl37 (>=1.0.0 <=1.0.2), agentiq (>=1.2.0a20250730 <=1.2.0rc4) +203 more potentially affected by CVE-2025-62706 via authlib (>=1.0.0 <=1.6.4)

authlib PYPI version =1.0.0, =1.0.0, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.4.0, =0.1.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0rc4 and more Source cves: CVE-2025-62706 Source advisory:...

aad-fastapi (>=1.0.0 <=1.1.2), aad-fastapi-dl37 (>=1.0.0 <=1.0.3) +262 more potentially affected by CVE-2025-61920 via authlib (>=0.10.0 <=1.6.4)

authlib PYPI version =0.10.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =1.0.2, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.4.0, =0.1.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0rc4 and more Source cves: CVE-2025-61920 Source advisory: OSV:GHSA-PQ5P-34CR-23V9...

GHSA-49G5-F6QW-8MM7 vulnerabilities

Vulnerabilities for packages: python...

GHSA-49G5-F6QW-8MM7 vulnerabilities

Vulnerabilities for packages: python...

agentics-py (>=0.0.0 <=0.0.5), agilerl (>=2.3.5 <=2.4.1.dev1) +16 more potentially affected by CVE-2025-59425 via vllm (>=0.10.0 <=0.10.2)

vllm PYPI version =0.10.0, =0.0.0, =2.3.5, =0.1.0, =1.0.1rc1, =0.0.4, =0.1.5, =1.0.0, =0.2.4, =0.1.1, =0.1.2, =0.1.2, =0.1.0, =0.1.2 and more Source cves: CVE-2025-59425 Source advisory: SNYK:PYTHON-VLLM-13449923...

aiosftp (>=0.0.1 <=0.3.1), apt-mirror (>=1.0.0 <=16.0.0) +12 more potentially affected by unknown CVE via aioftp (>=0.16.0 <=0.26.2)

aioftp PYPI version =0.16.0, =0.0.1, =1.0.0, =0.1.2, =1.1.0b78, =5.5.1, =0.0.0, =0.10.0, =0.6.0, =0.1.0, =0.1.0, =0.6.1, =0.5.8, =1.0.0b2, =1.0.0b3 Source cves: unknown CVE Source advisory: SNYK:PYTHON-AIOFTP-13304441...

aa-altcorp (>=0.1.2b0 <=1.1.1), aa-alumni (>=0.0.1a1 <=1.0.1) +1411 more potentially affected by CVE-2025-59682 via django (>=5.2.0 <=5.2.6)

django PYPI version =5.2.0, =0.1.2b0, =0.0.1a1, =0.1.1, =3.1.0b1, =1.0.3, =0.0.1a2, =0.1.0, =0.2.0, =1.0.0, =1.1.0b3, =0.1.0b1, =0.1.0, =1.0.13, =1.2.7 and more Source cves: CVE-2025-59682 Source advisory: SNYK:PYTHON-DJANGO-13179425...

aldryn-django (>=4.2.10.0 <=4.2.18.0), alertwise (=1.0.0) +113 more potentially affected by CVE-2025-59681 via django (>=4.2.0 <=4.2.24)

django PYPI version =4.2.0, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =0.0.4.dev0, =8.0.0, =8.5.1 and more Source cves: CVE-2025-59681 Source advisory: SNYK:PYTHON-DJANGO-13179650...

aider-chat (=0.43.0), aimon-llamaindex (>=0.0.6 <=0.0.9) +689 more potentially affected by CVE-2025-7647 via llama-index-core (>=0.10.0 <=0.12.48)

llama-index-core PYPI version =0.10.0, =0.0.6, =1.1.0, =3.0.0, =1.7.0, =1.0.0, =0.0.3, =0.2.1, =0.2.1.dev0, =0.2.0, =0.1.3, =0.1.169, =0.1.0, =0.3.0, =0.4.0 and more Source cves: CVE-2025-7647 Source advisory: SNYK:PYTHON-LLAMAINDEXCORE-13110240...

acceldata-o2a (=1.0.0), acryl-datahub-airflow-plugin (>=0.9.5.1rc1 <=1.3.1.post1) +113 more potentially affected by CVE-2025-54831 via apache-airflow (>=2.0.0 <=2.11.2)

apache-airflow PYPI version =2.0.0, =0.9.5.1rc1, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =0.10.2, =0.11.0 - airflow-ditto =0.0.1.2 and more Source cves: CVE-2025-54831 Source advisory: OSV:PYSEC-2025-85...

a2grunnerp (>=0.1.0 <=0.1.8), abba-python (>=0.1.6 <=0.3.0) +1435 more potentially affected by CVE-2025-55556 via tensorflow (>=1.0.1 <=2.20.0rc0)

tensorflow PYPI version =1.0.1, =0.1.0, =0.1.6, =0.0.6, =0.1.0, =0.0.1, =1.1.2, =0.1.0, =0.1.0, =0.0.1, =2.0.0, =0.3.26, =0.2.1, =0.9.0 and more Source cves: CVE-2025-55556 Source advisory: SNYK:PYTHON-TENSORFLOW-13052809...

aait (>=0.0.4.80 <=1.0.5), accusleepy (>=0.1.0 <=0.7.1) +329 more potentially affected by CVE-2025-46153 via torch (=2.6.0)

torch PYPI version =2.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on torch and may be impacted: - aait =0.0.4.80, =0.1.0, =1.0.0.3, =0.1.0, =0.8.4, =0.1.47, =3.1.8, =0.1.3, =2.0.3, =0.3.8.2, =0.2.2, =0.2.4 - archgw =0.3.17 and more Source cves:...

lightspeed-stack (>=0.1.1 <=0.2.0), lightspeed-stack-providers (>=0.1.10 <=0.1.15) +3 more potentially affected by CVE-2025-55178 via llama-stack (>=0.2.10.1 <=0.2.18)

llama-stack PYPI version =0.2.10.1, =0.1.1, =0.1.10, =1.0.1, =0.2.2, =0.3.0a0 Source cves: CVE-2025-55178 Source advisory: SNYK:PYTHON-LLAMASTACK-13109624...

bacpipe (>=1.2.0 <=1.3.2.dev0), decima2 (>=0.1.0 <=0.2.1) +11 more potentially affected by CVE-2025-9905 via keras (>=3.0.0 <=3.11.0)

keras PYPI version =3.0.0, =1.2.0, =0.1.0, =1.0.3, =0.0.28, =0.2.0, =2.4.0, =0.1.0, =0.1.1, =1.1.0, =1.0.0, =1.1.0 Source cves: CVE-2025-9905 Source advisory: OSV:GHSA-36RR-WW3J-VRJV...

[SECURITY] Fedora 41 Update: maturin-1.8.7-2.fc41

Build and publish crates with pyo3, rust-cpython and cffi bindings as well as rust binaries as python packages...

[SECURITY] Fedora 42 Update: maturin-1.8.7-2.fc42

Build and publish crates with pyo3, rust-cpython and cffi bindings as well as rust binaries as python packages...

2404-segmentation-pipeline (>=0.1.0 <=1.0.0), abdomenatlas (>=0.1.0 <=0.1.1) +43 more potentially affected by CVE-2025-58755 via monai (>=1.0.0 <=1.5.0)

monai PYPI version =1.0.0, =0.1.0, =0.1.0, =0.0.1, =1.0.0, =0.0.0, =0.0.1, =2.0.1, =0.1.5, =0.4.2, =1.0.12, =0.0.5, =0.0.6 - emphysemaseg =0.1.0 and more Source cves: CVE-2025-58755 Source advisory: SNYK:PYTHON-MONAI-12670016...

2404-segmentation-pipeline (>=0.1.0 <=1.0.0), abdomenatlas (>=0.1.0 <=0.1.1) +57 more potentially affected by CVE-2025-58755 via monai (>=0.4.0 <=1.5.1)

monai PYPI version =0.4.0, =0.1.0, =0.1.0, =0.0.1, =1.0.0, =0.0.0, =0.0.1, =2.0.1, =0.1.5, =0.4.2, =0.1.0, =1.0.12, =1.2.7 - dicom2hdf =0.9.9 - disjoint-generation =1.0.0 - edge-research-pipeline =0.1.2 and more Source cves: CVE-2025-58755 Source advisory: OSV:PYSEC-2025-140...

An Empirical Study of Vulnerabilities in Python Packages and Their Detection

In the rapidly evolving software development landscape, Python stands out for its simplicity, versatility, and extensive ecosystem. Python packages, as units of organization, reusability, and distribution, have become a pressing concern, highlighted by the considerable number of vulnerability...