Vulnerabilities

ID
Packages
Summary
Published
arrow_upward
Attributes
PYSEC-2026-3060
  • PyPI/sagemaker
Amazon SageMaker Python SDK is missing integrity verification in its Triton inference handler 6 days ago
  • Fix available
  • Severity - 6.4 (Medium)
PYSEC-2026-3059
  • PyPI/sagemaker
Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path 6 days ago
  • Fix available
  • Severity - 8.5 (High)
PYSEC-2026-1888
  • PyPI/sagemaker
SageMaker Python SDK has Exposed HMAC 07 Jul
  • Fix available
  • Severity - 8.7 (High)
PYSEC-2026-1886
  • PyPI/sagemaker
SageMaker Python SDK has Insecure TLS Configuration 07 Jul
  • Fix available
  • Severity - 8.7 (High)
PYSEC-2026-1885
  • PyPI/sagemaker
SageMaker Workflow component allows possibility of MD5 hash collisions 07 Jul
  • Fix available
  • Severity - 5.9 (Medium)
PYSEC-2026-1887
  • PyPI/sagemaker
sagemaker-python-sdk Command Injection vulnerability 07 Jul
  • Fix available
  • Severity - 7.8 (High)
PYSEC-2026-1889
  • PyPI/sagemaker
sagemaker-python-sdk vulnerable to Deserialization of Untrusted Data 07 Jul
  • Fix available
  • Severity - 7.8 (High)
GHSA-rq6v-x3j8-7qgf
  • PyPI/sagemaker
Amazon SageMaker Python SDK is missing integrity verification in its Triton inference handler 21 May
  • Fix available
  • Severity - 6.4 (Medium)
GHSA-7hh5-prp2-mfh5
  • PyPI/sagemaker
Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path 21 May
  • Fix available
  • Severity - 8.5 (High)
GHSA-5r2p-pjr8-7fh7
  • PyPI/sagemaker
SageMaker Python SDK replaced eval() with safe parser in JumpStart search functionality 05 Mar
  • Fix available
  • Severity - 8.4 (High)
GHSA-rjrp-m2jw-pv9c
  • PyPI/sagemaker
SageMaker Python SDK has Exposed HMAC 02 Feb
  • Fix available
  • Severity - 8.7 (High)
GHSA-62rc-f4v9-h543
  • PyPI/sagemaker
SageMaker Python SDK has Insecure TLS Configuration 02 Feb
  • Fix available
  • Severity - 8.7 (High)
MAL-2025-191680
  • PyPI/amzn-sagemaker-studio
Malicious code in amzn-sagemaker-studio (PyPI) 07 Sep 2025
  • No fix available
GHSA-32g6-mg92-ghm2
  • PyPI/sagemaker
SageMaker Workflow component allows possibility of MD5 hash collisions 20 Mar 2025
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-635v-pc42-fr74
  • PyPI/sagemaker-training
AWS SageMaker Training Toolkit logs CodeArtifact Authorization token 11 Sep 2024
  • Fix available
  • Severity - 5.6 (Medium)
GHSA-7pc3-pr3q-58vg
  • PyPI/sagemaker
sagemaker-python-sdk Command Injection vulnerability 03 May 2024
  • Fix available
  • Severity - 7.8 (High)