bug-bounty249
google212
facebook172
microsoft169
apple126
rce97
exploit89
web352
open-source44
smart-contract42
writeup42
defi41
sqli39
aws38
ethereum38
dos36
docker36
ai-agents36
access-control35
cloudflare35
malware34
cve34
ssrf33
react32
xss31
account-takeover28
subdomain-takeover27
supply-chain26
oauth25
idor25
bragging-post24
smart-contract-vulnerability23
cors22
wordpress22
node22
browser22
privilege-escalation21
race-condition20
automation20
auth-bypass19
cloud19
pentest19
tool19
authentication-bypass18
machine-learning18
denial-of-service17
llm17
vulnerability-disclosure17
ctf17
rust16
0
4/10
Analysis of 15,000+ top PyPI packages reveals only 1.58% ship with SBOMs (238 packages), all CycloneDX format with zero SPDX adoption. The study, enabled by PyPI-TEA (a PEP 770 bridge to the Transparency Exchange API), identified 37 invalid SBOMs all tracing to a single cargo-cyclonedx bug and highlights the urgent need for improved SBOM adoption in the Python ecosystem.
sbom
software-supply-chain
python
pep-770
cyclonedx
spdx
pypi
transparency-exchange-api
supply-chain-security
dependency-management
vulnerability-disclosure
open-source
PyPI
PEP 770
CycloneDX
SPDX
TEA
Transparency Exchange API
PyPI-TEA
sbomify-action
sbomify
cargo-cyclonedx
Viktor Petersson
Seth Larson