What is the official website of PyPI ?

The official website of PyPI is https://pypi.org.

What is PyPI's cybersecurity risk score?

PyPI has an AI-generated cybersecurity risk score of 718 out of 1000, indicating a Moderate security posture according to Rankiteo's assessment.

How many security incidents has PyPI experienced?

According to Rankiteo, PyPI currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has PyPI been affected by any supply chain cyber incidents ?

According to Rankiteo, PyPI has been affected by multiple supply chain cyber incidents. The affected supply chain sources and their corresponding incident IDs are: npm, Inc. (Incident ID: NPMPYPSOC1780388789) PyPI (Incident ID: PYPNPM1778070456) PyPI (Incident ID: PYPGIT1PA1778761827) Microsoft Security (Incident ID: AMAORAMIC1770695748)

Does PyPI have SOC 2 Type 1 certification ?

According to Rankiteo, PyPI is not certified under SOC 2 Type 1.

Does PyPI have SOC 2 Type 2 certification ?

According to Rankiteo, PyPI does not hold a SOC 2 Type 2 certification.

Does PyPI comply with GDPR ?

According to Rankiteo, PyPI is not listed as GDPR compliant.

Does PyPI have PCI DSS certification ?

According to Rankiteo, PyPI does not currently maintain PCI DSS compliance.

Does PyPI comply with HIPAA ?

According to Rankiteo, PyPI is not compliant with HIPAA regulations.

Does PyPI have ISO 27001 certification ?

According to Rankiteo,PyPI is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Which industry does PyPI operate in ?

PyPI operates primarily in the Software Development industry.

How many employees does PyPI have ?

PyPI employs approximately 4 people worldwide.

Does PyPI own any subsidiaries ?

PyPI presently has no subsidiaries across any sectors.

How many LinkedIn followers does PyPI have ?

PyPI's official LinkedIn profile has approximately followers.

What is the NAICS classification code for PyPI ?

PyPI is classified under the NAICS code 5112, which corresponds to Software Publishers.

Does PyPI have a Crunchbase profile ?

No, PyPI does not have a profile on Crunchbase.

Does PyPI have a LinkedIn profile ?

Yes, PyPI maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/pypi.

How many cybersecurity incidents has PyPI experienced ?

As of June 9, 2026, Rankiteo reports that PyPI has experienced 5 cybersecurity incidents.

How many peer or competitor companies does PyPI have ?

PyPI has an estimated 30,044 peer or competitor companies worldwide.

What types of cybersecurity incidents has PyPI faced ?

Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack.

NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop

WindowsmacOSLinux

Download

Badge your company to reduce your risk score and your cyber insurance costs!

Link verified badges to your company page to build trust with insurers and customers.

Apply now and get your badge!

Internal validation & live display

Insurers and partners see a safer profile

Faster underwriting decisions

Trusted by insurers. Chosen by leaders.

Proud contributor to the Society of Actuaries.

PyPI

Boost Score +25 with badge (5 left)

718

/1000

Moderate

743

/1000

Moderate

PyPI Vendor Cyber Rating & Cyber Score

pypi.org

Add Your Compliance Badge

The Python Package Index (PyPI) is a repository of software for the Python programming language

PyPI A.I CyberSecurity Scoring

Scoring History

PyPI

PyPI CyberSecurity News & History

Past Incidents

Attack Types

Entity

Type

Severity

Impact

Seen

Blog Details

Supply Chain Source

Incident Details

View

PyPI

Cyber Attack

100

6/2026

npm, Inc.

NPMPYPSOC178038...

PyPI

Cyber Attack

100

5/2026

PyPI

PYPNPM177807045...

PyPI

Cyber Attack

100

5/2026

PyPI

PYPGIT1PA177876...

PyPI

Cyber Attack

4/2026

PYP1776918478

PyPI

Cyber Attack

100

12/2025

Microsoft Secur...

AMAORAMIC177069...

Loading…

A.I.

PyPI Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

Actual

Prediction

Incident Predictions locked

Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

Actual

Prediction A

Prediction B

Prediction C

Prediction D

A.I. Risk Score Predictions locked

Access Monitoring Plan

Loading…

Underwriter Stats for PyPI

Incidents vs Software Development Industry Avg (This Year)

PyPI has 266.97% more incidents than the average of same-industry companies with at least one recorded incident.

Incidents vs All-Companies Average (This Year)

PyPI has 270.37% more incidents than the average of all companies with at least one recorded incident.

Incident Types PyPI vs Software Development Industry Avg (This Year)

PyPI reported 4 incidents this year: 4 cyber attacks, 0 ransomware, 0 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.

Incident History - PyPI (X = Date, Y = Severity)

Loading…

SUBSIDIARY

PyPI Subsidiaries

Parent Company

PyPI

Software Development

Website: https://pypi.org

Company Size: 11-50 employees

No subsidiary data available for this company.

Loading…

PyPI Similar Companies

Google

cb goo.gle

A problem isn't truly solved until it's solved for all. Googlers build products that help create opportunities for everyone, whether down the street or across the globe. Bring your insight, imagination and a healthy disregard for the impossible. Bring everything that makes you unique. Together, we can build for everyone. Check out our career opportunities at goo.gle/3DLEokh

Juniper Networks

juniper.net

Juniper Networks is leading the revolution in networking, making it one of the most exciting technology companies in Silicon Valley today. Since being founded by Pradeep Sindhu, Dennis Ferguson, and Bjorn Liencres nearly 20 years ago, Juniper’s sole mission has been to create innovative products and solutions that meet the growing demands of the connected world. Juniper Networks is headquartered in Sunnyvale, California, with over 9,000 employees in 50 countries and nearly $5 billion in revenue. Our customers include the top 100 global service providers and 30,000 enterprises, including the Global Fortune 100 as well as hundreds of federal, state and local government agencies and higher educational organizations. At Juniper Networks, we believe the network is the single greatest vehicle for knowledge, understanding, and human advancement that the world has ever known. Now more than ever, the world needs network innovation to connect ideas and unleash our full potential. Juniper is taking a new approach to the network — one that is intelligent, agile, secure and open to any vendor and any network environment. To learn more about Juniper, our products, and our vision for the decade ahead, visit our site at https://www.juniper.net. Acquired by Hewlett Packard Enterprise in 2025.

Bolt

cb bolt.eu

At Bolt, we're building a future where people don’t need to own personal cars to move around safely and conveniently. A future where people have the freedom to use transport on demand, choosing whatever vehicle's best for each occasion — be it a car, scooter, or e-bike. We're helping over 200 million customers move around in more than 600 cities globally while also supporting more than 4.5 million drivers and couriers to earn a living. The best bit? We're only just getting started. Read more at bolt.eu

Cadence

cadence.com

Cadence is a market leader in AI and digital twins, pioneering the application of computational software to accelerate innovation in the engineering design of silicon to systems. Our design solutions, based on Cadence’s Intelligent System Design™ strategy, are essential for the world’s leading semiconductor and systems companies to build their next-generation products from chips to full electromechanical systems that serve a wide range of markets, including hyperscale computing, mobile communications, automotive, aerospace, industrial, life sciences and robotics. In 2024, Cadence was recognized by the Wall Street Journal as one of the world’s top 100 best-managed companies. Cadence solutions offer limitless opportunities—learn more at www.cadence.com.

Instacart

cb instacart.com

Instacart, the leading grocery technology company in North America, works with grocers and retailers to transform how people shop. The company partners with more than 1,500 national, regional, and local retail banners to facilitate online shopping, delivery and pickup services from more than 85,000 stores across North America on the Instacart Marketplace. Instacart makes it possible for millions of people to get the groceries they need from the retailers they love, and for approximately 600,000 Instacart shoppers to earn by picking, packing and delivering orders on their own flexible schedule. The Instacart Platform offers retailers a suite of enterprise-grade technology products and services to power their e-commerce experiences, fulfill orders, digitize brick-and-mortar stores, provide advertising services, and glean insights. With Instacart Ads, thousands of CPG brands – from category leaders to emerging brands – partner with the company to connect directly with consumers online, right at the point of purchase. With Instacart Health, the company is providing tools to increase nutrition security, make healthy choices easier for consumers, and expand the role that food can play in improving health outcomes. For more information, visit www.instacart.com/company.

Facebook

meta.com

The Facebook company is now Meta. Meta builds technologies that help people connect, find communities, and grow businesses. When Facebook launched in 2004, it changed the way people connect. Apps like Messenger, Instagram and WhatsApp further empowered billions around the world. Now, Meta is moving beyond 2D screens toward immersive experiences like augmented and virtual reality to help build the next evolution in social technology. We want to give people the power to build community and bring the world closer together. To do that, we ask that you help create a safe and respectful online space. These community values encourage constructive conversations on this page: • Start with an open mind. Whether you agree or disagree, engage with empathy. • Comments violating our Community Standards will be removed or hidden. So please treat everybody with respect. • Keep it constructive. Use your interactions here to learn about and grow your understanding of others. • Our moderators are here to uphold these guidelines for the benefit of everyone, every day. • If you are seeking support for issues related to your Facebook account, please reference our Help Center (https://www.facebook.com/help) or Help Community (https://www.facebook.com/help/community). For a full listing of our jobs, visit http://www.facebookcareers.com

JD.COM

cb jd.com

JD.com, also known as JINGDONG, is a leading e-commerce company transferring to be a technology and service enterprise with supply chain at its core. JD.com’s business has expanded across retail, technology, logistics, health, property development, industrials, and international business. Ranking 44 on the Fortune Global 500, JD.com is China’s largest retailer by revenue. JD.com serves over 600 million customers and has set the standard for e-commerce through its commitment to quality, authenticity, and competitive pricing. The company operates the largest fulfillment infrastructure of any e-commerce company in China, enabling 90% of retail orders to be delivered within the same or next day. JD.com also promotes productivity and innovation across a range of industries by offering its cutting-edge technology and infrastructure to partners, brands, and diverse sectors.

Daraz

cb daraz.com

Founded in 2015, Daraz is the leading e-commerce platform in South Asia with operations in Pakistan, Bangladesh, Sri Lanka, Nepal, and Myanmar. It provides sellers and consumers with cutting-edge marketplace technology, targeting a rapidly growing region of over 500 million people. By building an integrated infrastructure covering e-commerce, logistics, payment and financial services, the company aims to deliver an immersive, personalized shopping experience and uplift South Asian communities through the power of commerce. Daraz has consistently invested in building an e-commerce ecosystem in South Asia through advancements in technology, logistics and digital payments. As digital penetration and consumer awareness have surged, the region is now ready for a transformative leap. Leveraging new-age advancements such as AI, Daraz is poised to further enhance the platform’s efficiency to enable a seamless experience for its consumers and sellers. Visit https://www.daraz.com/ to learn more.

Loading…

NEWS

PyPI CyberSecurity News

Latest updates, reports, and threat intel affecting the global network.

February 12, 2026 08:00 AM

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked...

Read Article

February 12, 2026 08:00 AM

Lazarus Group's 'Graphalgo' Fake Recruiter Campaign Targets GitHub, npm, and PyPI to Spread Malware

Lazarus Group's latest software supply chain operation is using fake recruiter lures and popular open‑source ecosystems to deliver malware.

Read Article

February 10, 2026 03:51 PM

Threat Actors Publish Malicious dYdX Packages to npm and PyPI Repositories

Cybersecurity firm Socket uncovered a supply chain attack where threat actors published malicious versions of dYdX client packages to npm and PyPI...

Read Article

February 06, 2026 08:00 AM

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Cybersecurity researchers have discovered a new supply chain attack in which legitimate packages on npm and the Python Package Index (PyPI)...

Read Article

January 29, 2026 08:00 AM

Malicious Python packages deliver RAT via PyPI | brief | SC Media

As detailed in The Hacker News, cybersecurity researchers from Aikido have identified two malicious packages within the Python Package Index...

Read Article

January 28, 2026 08:00 AM

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Cybersecurity researchers have discovered two malicious packages in the Python Package Index (PyPI) repository that masquerade as...

Read Article

January 22, 2026 08:00 AM

Malicious PyPI Package Mimic as Popular Sympy-Dev to Attack Millions of Users

Fake PyPI package sympy-dev impersonates SymPy to slip cryptomining malware into developer systems and CI pipelines.

Read Article

January 22, 2026 08:00 AM

Malicious PyPI Package Impersonates sympy-dev, Targeting Millions of Users

A dangerous supply-chain attack targeting the Python Package Index (PyPI) that involves a malicious package named sympy-dev impersonating...

Read Article

November 28, 2025 08:00 AM

Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages

Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain...

Read Article

Loading…

CVE

Latest

Global CVEs (Not Company-Specific)

CVE-2026-44541

SUMMARY

Fides is an open-source privacy engineering platform. From version 2.33.0 to before version 2.84.5, there is a DOM-based XSS vulnerability in fides.js via the fides_description override. This issue has been patched in version 2.84.5.

Published

Date2026-06-08

Updated

Date2026-06-08

RISK INFORMATION (Score: )

cvss4

Base Score: 7.0

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-49141

SUMMARY

WACRM prior to commit 73041bf contain an authorization bypass vulnerability in the automation engine that allows authenticated attackers to access and modify contacts belonging to other tenants by supplying an arbitrary caller-controlled contact_id in the POST request body without tenant ownership verification. Attackers can exploit the service-role client that bypasses row-level security to modify victim contact fields including name, email, and company across tenant boundaries using only a known contact UUID.

Published

Date2026-06-08

Updated

Date2026-06-08

RISK INFORMATION (Score: 7.1)

cvss3

Base Score: 7.1

Complexity: HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N

cvss4

Base Score: 5.1

Complexity: HIGH

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

4.7

Exploitability

1.8

REFERENCES

CVE-2026-47345

SUMMARY

Namespace attributes are not encoded correctly during HTML serialization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitizer before version 2.3.2.

Published

Date2026-06-08

Updated

Date2026-06-08

RISK INFORMATION (Score: )

cvss4

Base Score: 5.1

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-47344

SUMMARY

When ALLOW_INSECURE_RAW_TEXT is enabled, whitespace-variant closing tags (e.g., </style\t>) are not recognized by the sanitizer but accepted by browsers as valid end tags, allowing subsequent content to escape sanitization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitizer before version 2.3.2.

Published

Date2026-06-08

Updated

Date2026-06-08

RISK INFORMATION (Score: )

cvss4

Base Score: 2.1

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-46484

SUMMARY

Headplane is a feature-complete Web UI for Headscale. Prior to versions 0.6.3 and 0.7.0-beta.3, Headplane was vulnerable to a path traversal / authorization bypass in the Headscale API client used by node and user rename operations. This issue has been patched in versions 0.6.3 and 0.7.0-beta.3.

Published

Date2026-06-08

Updated

Date2026-06-08

RISK INFORMATION (Score: 8.1)

cvss3

Base Score: 8.1

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Impact Score

5.2

Exploitability

2.8

REFERENCES

Loading…

API

Access Data Using Our API

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'

Try It API Documentation Rapid

MEASURE

What Do We Measure ?

Incident

Finding

Grade

Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network SecurityIdentify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat IntelligenceLeverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Rankiteo

By Rankiteo

★ ★ ★ ★ ★

View on G2.com

Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.

View latest plans →View all security reports →

MILESTONEG

Users
Love Us

Loading…