PYSEC-2026-1909

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/sentencepiece/PYSEC-2026-1909.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-1909
Aliases
Published
2026-07-07T16:03:20.003357Z
Modified
2026-07-07T17:47:52.959634858Z
Severity
  • 8.5 (High) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
Sentencepiece has a a heap overflow issue
Details

Invalid memory access in Sentencepiece versions less than 0.2.1 when using a vulnerable model file, which is not created in the normal training procedure.

References

Affected packages

PyPI / sentencepiece

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.2.1

Affected versions

0.*
0.0.0
0.0.2
0.0.3
0.0.4
0.0.5
0.0.6
0.0.7
0.0.9
0.1.0
0.1.1
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
0.1.7
0.1.8
0.1.81
0.1.82
0.1.83
0.1.85
0.1.86
0.1.90
0.1.91
0.1.92
0.1.94
0.1.95
0.1.96
0.1.97
0.1.98
0.1.99
0.2.0

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/sentencepiece/PYSEC-2026-1909.yaml"