Vulnerabilities

ID
Packages
Summary
Published
arrow_upward
Attributes
PYSEC-2026-2977
  • PyPI/pydantic-ai
pydantic-ai: SSRF blocklist bypass via IPv4-compatible, SIIT/IVI, and local NAT64 IPv6 addresses (incomplete fix of CVE-2026-46678) 3 hours ago
  • Fix available
  • Severity - 6.8 (Medium)
PYSEC-2026-2981
  • PyPI/pydantic-ai-slim
pydantic-ai: SSRF blocklist bypass via IPv4-compatible, SIIT/IVI, and local NAT64 IPv6 addresses (incomplete fix of CVE-2026-46678) 3 hours ago
  • Fix available
  • Severity - 6.8 (Medium)
PYSEC-2026-2982
  • PyPI/pydantic-ai-slim
Pydantic AI: SSRF cloud-metadata blocklist bypass via IPv4-mapped IPv6 (Incomplete fix of CVE-2026-25580) 3 hours ago
  • Fix available
  • Severity - 6.8 (Medium)
PYSEC-2026-2978
  • PyPI/pydantic-ai
Pydantic AI: SSRF cloud-metadata blocklist bypass via IPv4-mapped IPv6 (Incomplete fix of CVE-2026-25580) 3 hours ago
  • Fix available
  • Severity - 6.8 (Medium)
PYSEC-2026-2983
  • PyPI/pydantic-ai-slim
Pydantic AI has Stored XSS via Path Traversal in Web UI CDN URL 4 hours ago
  • Fix available
  • Severity - 7.1 (High)
PYSEC-2026-2979
  • PyPI/pydantic-ai
Pydantic AI has Stored XSS via Path Traversal in Web UI CDN URL 4 hours ago
  • Fix available
  • Severity - 7.1 (High)
PYSEC-2026-2980
  • PyPI/pydantic-ai-slim
Pydantic AI has Server-Side Request Forgery (SSRF) in URL Download Handling 4 hours ago
  • Fix available
  • Severity - 8.6 (High)
PYSEC-2026-2976
  • PyPI/pydantic-ai
Pydantic AI has Server-Side Request Forgery (SSRF) in URL Download Handling 4 hours ago
  • Fix available
  • Severity - 8.6 (High)
PYSEC-2026-1812
  • PyPI/pydantic
Pydantic regular expression denial of service 6 days ago
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-cg7w-rg45-pc59
  • PyPI/pydantic-ai
  • PyPI/pydantic-ai-slim
pydantic-ai: SSRF blocklist bypass via IPv4-compatible, SIIT/IVI, and local NAT64 IPv6 addresses (incomplete fix of CVE-2026-46678) 26 Jun
  • Fix available
  • Severity - 6.8 (Medium)
GHSA-4xgf-cpjx-pc3j
  • PyPI/pydantic-settings
pydantic-settings: NestedSecretsSettingsSource follows symlinks outside secrets_dir, enabling local file read and bypassing secrets_dir_max_size 19 Jun
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-cqp8-fcvh-x7r3
  • PyPI/pydantic-ai
  • PyPI/pydantic-ai-slim
Pydantic AI: SSRF cloud-metadata blocklist bypass via IPv4-mapped IPv6 (Incomplete fix of CVE-2026-25580) 21 May
  • Fix available
  • Severity - 6.8 (Medium)
GHSA-wjp5-868j-wqv7
  • PyPI/pydantic-ai
  • PyPI/pydantic-ai-slim
Pydantic AI has Stored XSS via Path Traversal in Web UI CDN URL 06 Feb
  • Fix available
  • Severity - 7.1 (High)
GHSA-2jrp-274c-jhv3
  • PyPI/pydantic-ai
  • PyPI/pydantic-ai-slim
Pydantic AI has Server-Side Request Forgery (SSRF) in URL Download Handling 06 Feb
  • Fix available
  • Severity - 8.6 (High)
MAL-2025-2989
  • PyPI/pydantic-kit
Malicious code in pydantic-kit (PyPI) 28 Mar 2025
  • No fix available
GHSA-mr82-8j83-vxmv
  • PyPI/pydantic
Pydantic regular expression denial of service 15 Apr 2024
  • Fix available
  • Severity - 5.9 (Medium)