Vulnerabilities

ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-wg5p-8h9p-3mr7
  • PyPI/agent-coderag
agent-coderag: Gradle Wrapper Execution During Dependency Discovery Enables Arbitrary Code Execution 19 Jun
  • Fix available
  • Severity - 8.6 (High)
GHSA-4pqm-j46f-795x
  • PyPI/hermes-agent
Hermes Agent contains a DNS rebinding vulnerability in WebSocket endpoints that allows remote attackers to bypass Host and Origin validation 17 Jun
  • Fix available
  • Severity - 8.7 (High)
GHSA-99f9-j8r3-p853
  • PyPI/hermes-agent
Hermes Agent creates response_store.db and webhook_subscriptions.json with world-readable permissions (mode 0o644) 17 Jun
  • Fix available
  • Severity - 6.8 (Medium)
GHSA-cv5c-mh6j-wvp9
  • PyPI/hermes-agent
hermes-agent has an Incorrect Comparison 26 May
  • Fix available
  • Severity - 1.9 (Low)
GHSA-wm96-9gfh-vvgq
  • PyPI/hermes-agent
hermes-agent has a sandbox issue 26 May
  • Fix available
  • Severity - 5.5 (Medium)
GHSA-pgp4-xr4j-h5cg
  • PyPI/hermes-agent
hermes-agent has an Injection issue 26 May
  • Fix available
  • Severity - 5.5 (Medium)
GHSA-238w-f66p-w349
  • PyPI/hermes-agent
hermes-agent has an Injection issue 26 May
  • Fix available
  • Severity - 5.5 (Medium)
MAL-2026-4183
  • PyPI/openclaw-agent
Malicious code in openclaw-agent (PyPI) 20 May
  • No fix available
GHSA-54w4-233h-x86g
  • PyPI/ironic-python-agent
OpenStack Ironic has an Incorrect Resource Transfer Between Spheres 05 May
  • Fix available
  • Severity - 7.7 (High)
GHSA-rmxr-45gj-889w
  • PyPI/ironic-python-agent
OpenStack Ironic Python Agent Includes Functionality from Untrusted Control Sphere 01 May
  • Fix available
  • Severity - 8.0 (High)
PYSEC-2026-205
  • PyPI/ironic-python-agent
See record for full details 01 May
  • Fix available
  • Severity - 7.5 (High)
MAL-2026-3130
  • PyPI/genmedia-izumi-agent
Malicious code in genmedia-izumi-agent (PyPI) 28 Apr
  • No fix available
MAL-2026-2184
  • PyPI/auth0-ai-ms-agent
Malicious code in auth0-ai-ms-agent (PyPI) 25 Mar
  • No fix available
GHSA-4gc2-344q-r2rw
  • PyPI/ms-agent
MS-Agent vulnerable to Command Injection 02 Mar
  • No fix available
  • Severity - 6.5 (Medium)
MAL-2025-41766
  • PyPI/spoof-user-agent
Malicious code in spoof-user-agent (PyPI) 28 Aug 2025
  • No fix available
MAL-2025-41638
  • PyPI/change-user-agent
Malicious code in change-user-agent (PyPI) 28 Aug 2025
  • No fix available