CIRCLE WITH A DOT

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

4 billion downloads a day run through @pypi.

1 Posts 1 Posters 0 Views

T This user is from outside of this forum
T This user is from outside of this forum
trailofbits@infosec.exchange

wrote last edited by

#1

4 billion downloads a day run through @pypi. A missing permission check let any org member invite new owners. One of 14 findings from our second audit.
https://blog.pypi.org/posts/2026-04-16-pypi-completes-second-audit/
1 Reply Last reply
1
0
M mttaggart@infosec.exchange shared this topic

Log in to reply