PYSEC-2026-337

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/farm-haystack/PYSEC-2026-337.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-337
Aliases
Published
2026-06-29T11:50:42.494130Z
Modified
2026-07-01T20:22:52.801600Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Use of hard-coded, security-relevant constants in deepset-ai/haystack
Details

Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack in version 1.15.0 and prior. A patch is available at commit 5fc84904f198de661d5b933fde756aa922bf09f1.

References

Affected packages

PyPI / farm-haystack

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
1.15.0

Affected versions

0.*
0.1.0.post2
0.2.0.post1
0.2.1
0.3.0
0.4.0
0.5.0
0.6.0
0.7.0
0.8.0
0.9.0
0.10.0
1.*
1.0.0
1.1.0
1.2.0
1.3.0
1.4.0
1.5.0
1.6.0
1.7.0
1.7.1
1.8.0
1.9.0rc1
1.9.0rc2
1.9.0rc3
1.9.0
1.9.1rc1
1.9.1
1.10.0rc1
1.10.0
1.11.0rc0
1.11.0
1.11.1rc1
1.11.1
1.12.0rc1
1.12.0rc2
1.12.0
1.12.1
1.12.2rc1
1.12.2
1.13.0rc1
1.13.0rc2
1.13.0
1.13.1rc1
1.13.1
1.13.2rc0
1.13.2
1.14.0rc1
1.14.0rc2
1.14.0
1.15.0rc1
1.15.0rc2
1.15.0rc3
1.15.0rc4
1.15.0rc5
1.15.0

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/farm-haystack/PYSEC-2026-337.yaml"