On 2017-10-02 the maintainers of PyPI were informed of a vulnerability which would have allowed any authenticated user to delete any release file hosted on the Package Index by constructing the appropriate request.
The report was acknowledged, vulnerability was confirmed, and shortly thereafter a fix was created and deployed to PyPI.
In order to ensure that the vulnerability had not been exploited, an audit of PyPI's journals was performed. The outcome of this audit showed that no package release files had been maliciously removed.
For more details see: https://python-security.readthedocs.io/pypi-vuln/index-2017-10-12-unchecked…