root/pypi: links for vulnerable