---

Supply Chain Flaws Found in Python Package Repository

Administrators overseeing the Python Package Index (PyPI) in recent days found themselves responding to vulnerabilities found in the repository of open source software, the latest security problems to hit the Python community.

Most recently, the PyPI group sent out fixes for three vulnerabilities that were discovered by security researcher RyotaK and published on his blog. Two of the vulnerabilities could be used by bad actors to delete documentation or roles within the software package. The third flaw was found in a GitHub Actions workflow within the PyPI repository that, if exploited, could allow a hacker to write permission against the repository and launch malicious code on pypi.org.