A recent security audit of PyPI by Trail of Bits uncovered 14 vulnerabilities, including high-severity access control flaws that allowed unauthorized role escalation and persistent stale permissions across project transfers. Additionally, a JWT replay vulnerability in the OIDC trusted publishing flow and an unpatched metadata validation gap highlight ongoing supply chain risks for Python package consumers.