PyPI completed its second external security audit by Trail of Bits, uncovering 14 findings including two high-severity access control flaws. The first allowed any organization member to invite users with Owner-level roles due to a missing write permission check on a POST handler. The second caused stale team permissions to persist after project transfers, potentially allowing former organization members to push malicious package releases. Both have been fixed. A medium-severity OIDC JWT replay vulnerability — where a 25-second window existed between Redis key expiration and JWT leeway — was also patched. One open finding remains: wheel metadata embedded in packages is never validated against form-submitted metadata, meaning pip could silently install undeclared dependencies that security tools like pip-audit would miss. Access control inconsistencies were the dominant pattern across 8 of 14 findings.
Table of contents
Organization Members Could Invite Owners #Project Transfers Could Leave Stale Upload Access #Trusted Publishing Replay Issues #Wheel Metadata Validation Gap Remains Open #Inconsistent Authorization Enforcement Was the Most Common Pattern #Registry Security Depends on Access and Metadata Controls #Sort: