{"source":"ghsa-pip","note":"Free 5-item preview. The full feed is $0.05/call at GET /v1/ghsa-pip/changes.","question":"Which new GitHub security advisories affecting PyPI packages were published since T, and how severe are they?","sample":[{"source":"ghsa-pip","entityId":"ghsa:GHSA-q437-g7fv-2jvv","type":"advisory","title":"GHSA-q437-g7fv-2jvv / CVE-2026-55164: Lemur user-update path stores plaintext passwords","summary":"MEDIUM severity. Affected: lemur.","significance":5,"detectedAt":"2026-07-14T22:21:15.956Z","effectiveDate":"2026-06-25T22:02:12Z","sourceUrl":"https://github.com/advisories/GHSA-q437-g7fv-2jvv","detail":{"severity":"medium","cve":"CVE-2026-55164","packages":"lemur","cvss":4.9}},{"source":"ghsa-pip","entityId":"ghsa:GHSA-r9gp-7f88-9r54","type":"advisory","title":"GHSA-r9gp-7f88-9r54 / CVE-2026-55165: Lemur: JWT verifier honors attacker-supplied alg, enabling ATO","summary":"MEDIUM severity. Affected: lemur.","significance":5,"detectedAt":"2026-07-14T22:21:15.956Z","effectiveDate":"2026-06-25T22:05:17Z","sourceUrl":"https://github.com/advisories/GHSA-r9gp-7f88-9r54","detail":{"severity":"medium","cve":"CVE-2026-55165","packages":"lemur","cvss":4.8}},{"source":"ghsa-pip","entityId":"ghsa:GHSA-v2wp-frmc-5q3v","type":"advisory","title":"GHSA-v2wp-frmc-5q3v / CVE-2026-55166: Lemur: ACME SSRF + creator-equality IDOR lead to AWS IAM/PKI compromise","summary":"CRITICAL severity. Affected: lemur.","significance":10,"detectedAt":"2026-07-14T22:21:15.956Z","effectiveDate":"2026-06-25T22:07:19Z","sourceUrl":"https://github.com/advisories/GHSA-v2wp-frmc-5q3v","detail":{"severity":"critical","cve":"CVE-2026-55166","packages":"lemur","cvss":9.9}},{"source":"ghsa-pip","entityId":"ghsa:GHSA-cg7w-rg45-pc59","type":"advisory","title":"GHSA-cg7w-rg45-pc59 / CVE-2026-48782: pydantic-ai: SSRF blocklist bypass via IPv4-compatible, SIIT/IVI, and local NAT64 IPv6 addresses (incomplete fix of CVE-2026-46678)","summary":"MEDIUM severity. Affected: pydantic-ai-slim, pydantic-ai, pydantic-ai, pydantic-ai-slim.","significance":7,"detectedAt":"2026-07-14T22:21:15.956Z","effectiveDate":"2026-06-26T19:17:56Z","sourceUrl":"https://github.com/advisories/GHSA-cg7w-rg45-pc59","detail":{"severity":"medium","cve":"CVE-2026-48782","packages":"pydantic-ai-slim, pydantic-ai, pydantic-ai, pydantic-ai-slim","cvss":6.8}},{"source":"ghsa-pip","entityId":"ghsa:GHSA-72w7-mf9g-733p","type":"advisory","title":"GHSA-72w7-mf9g-733p: nono-py has proxy-only network fallback bypass on older Linux kernels","summary":"MEDIUM severity. Affected: nono-py.","significance":6,"detectedAt":"2026-07-14T22:21:15.956Z","effectiveDate":"2026-06-26T20:33:48Z","sourceUrl":"https://github.com/advisories/GHSA-72w7-mf9g-733p","detail":{"severity":"medium","cve":null,"packages":"nono-py","cvss":6.4}}]}