Lucene search
K

174 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-253 AgentScope Deserialization Vulnerability

A vulnerability in the RpcAgentServerLauncher class of modelscope/agentscope v0.0.6a3 allows for remote code execution RCE via deserialization of untrusted data using the dill library. The issue occurs in the AgentServerServicer.createagent method, where serialized input is deserialized using...

9.8CVSS8.1AI score0.01631EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-255 AgentScope path traversal vulnerability in save-workflow

A path traversal vulnerability exists in the save-workflow and load-workflow functionality of modelscope/agentscope versions prior to the fix. This vulnerability allows an attacker to read and write arbitrary JSON files on the filesystem, potentially leading to the exposure or modification of...

9.1CVSS7.5AI score0.0091EPSS
Exploits1References6
OSV
OSV
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-254 AgentScope path traversal vulnerability

A path traversal vulnerability exists in the modelscope/agentscope application, affecting all versions. The vulnerability is present in the /delete-workflow endpoint, allowing an attacker to delete arbitrary files from the filesystem. This issue arises due to improper input validation, enabling t...

9.1CVSS7.4AI score0.00953EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.10 views

CVE-2026-6605

A security flaw has been discovered in modelscope agentscope up to 1.0.18. This affects the function getbytesfromweburl of the file src/agentscope/utils/common.py of the component Internal Service. Performing a manipulation results in server-side request forgery. It is possible to initiate the...

7.5CVSS6.6AI score0.00326EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.10 views

CVE-2026-6603

A vulnerability was determined in modelscope agentscope up to 1.0.18. Affected by this vulnerability is the function executepythoncode/executeshellcommand of the file src/AgentScope/tool/coding/python.py. This manipulation causes code injection. The attack is possible to be carried out remotely...

7.5CVSS6.8AI score0.00311EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.11 views

CVE-2026-6604

A vulnerability was identified in modelscope agentscope up to 1.0.18. Affected by this issue is the function parseurl/prepareimage/openaiaudiototext of the file src/agentscope/tool/multimodality/openaitools.py of the component Cloud Metadata Endpoint. Such manipulation of the argument...

7.5CVSS6.7AI score0.00284EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.10 views

CVE-2026-6606

A weakness has been identified in modelscope agentscope up to 1.0.18. This vulnerability affects the function processaudioblock of the file src/agentscope/agent/agentbase.py. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible to launch the attack...

7.5CVSS6.7AI score0.00284EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.21 views

1byte-react-design (>=1.7.1 <=1.14.0), 1g6table (=0.1.0) +1601 more potentially affected by unknown CVE via @antv/event-emitter (=0.1.3)

@antv/event-emitter NPM version =0.1.3 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/event-emitter and may be impacted: - 1byte-react-design =1.7.1, =1.1.0, =1.0.0, =0.1.1, =0.1.1, =0.1.0, =0.0.2, =0.0.9, =0.1.2, =1.1.43, =0.9.1, =5.0.48,...

5.7AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.7 views

@agentscope-ai/chat (>=1.1.43 <=1.1.68-beta.1780902884191), @ant-design/charts (>=2.2.2 <=2.6.7) +78 more potentially affected by unknown CVE via @antv/graphin (=3.0.5)

@antv/graphin NPM version =3.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/graphin and may be impacted: - @agentscope-ai/chat =1.1.43, =2.2.2, =2.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0-beta.0, =1.0.1, =1.0.0, =1.0.0,...

5.7AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/20 6:31 a.m.8 views

adclaw (>=1.0.0 <=1.0.32), agentscope-runtime (=1.0.5.post1) +14 more potentially affected by CVE-2026-6606 via agentscope (>=0.1.0 <=1.0.18)

agentscope PYPI version =0.1.0, =1.0.0, =1.0.0.post2, =0.1.0, =0.1.0, =0.0.1, =0.1.0.post1, =1.1.0, =1.0.2, =0.1.7, =1.0.1, =1.0.0.4, =0.83.0, =0.99.32 and more Source cves: CVE-2026-6606 Source advisory: OSV:GHSA-CRX8-WPV6-JRJ2...

7.5CVSS7AI score0.00284EPSS
Exploits0
EUVD
EUVD
added 2026/04/20 6:31 a.m.4 views

EUVD-2026-23777

A weakness has been identified in modelscope agentscope up to 1.0.18. This vulnerability affects the function processaudioblock of the file src/agentscope/agent/agentbase.py. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible to launch the attack...

7.5CVSS5.4AI score0.00284EPSS
Exploits0References5
OSV
OSV
added 2026/04/20 6:31 a.m.5 views

GHSA-CRX8-WPV6-JRJ2 AgentScope vulnerable to Server-Side Request Forgery

A weakness has been identified in modelscope agentscope up to 1.0.18. This vulnerability affects the function processaudioblock of the file src/agentscope/agent/agentbase.py. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible to launch the attack...

7.3CVSS6.7AI score0.00284EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/20 6:31 a.m.8 views

AgentScope vulnerable to Server-Side Request Forgery

A weakness has been identified in modelscope agentscope up to 1.0.18. This vulnerability affects the function processaudioblock of the file src/agentscope/agent/agentbase.py. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible to launch the attack...

7.5CVSS7.1AI score0.00284EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/04/20 6:31 a.m.6 views

GHSA-659X-HM75-HPV7 AgentScope vulnerable to Server-Side Request Forgery

A vulnerability was identified in modelscope agentscope up to 1.0.18. Affected by this issue is the function parseurl/prepareimage/openaiaudiototext of the file src/agentscope/tool/multimodality/openaitools.py of the component Cloud Metadata Endpoint. Such manipulation of the argument...

7.3CVSS6.7AI score0.00284EPSS
Exploits0References6
OSV
OSV
added 2026/04/20 6:31 a.m.4 views

GHSA-CR24-FV3H-8CJM AgentScope Vulnerable to Remote Code Injection

A vulnerability was determined in modelscope agentscope up to 1.0.18. Affected by this vulnerability is the function executepythoncode/executeshellcommand of the file src/AgentScope/tool/coding/python.py. This manipulation causes code injection. The attack is possible to be carried out remotely...

7.3CVSS5.5AI score0.00311EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/20 6:31 a.m.8 views

EUVD-2026-23770

A vulnerability was determined in modelscope agentscope up to 1.0.18. Affected by this vulnerability is the function executepythoncode/executeshellcommand of the file src/AgentScope/tool/coding/python.py. This manipulation causes code injection. The attack is possible to be carried out remotely...

7.5CVSS5.4AI score0.00311EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2026/04/20 6:31 a.m.9 views

adclaw (>=1.0.0 <=1.0.32), agentscope-runtime (=1.0.5.post1) +14 more potentially affected by CVE-2026-6603 via agentscope (>=0.1.0 <=1.0.18)

agentscope PYPI version =0.1.0, =1.0.0, =1.0.0.post2, =0.1.0, =0.1.0, =0.0.1, =0.1.0.post1, =1.1.0, =1.0.2, =0.1.7, =1.0.1, =1.0.0.4, =0.83.0, =0.99.32 and more Source cves: CVE-2026-6603 Source advisory: OSV:GHSA-CR24-FV3H-8CJM...

7.5CVSS7AI score0.00311EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/20 6:31 a.m.7 views

adclaw (>=1.0.0 <=1.0.32), agentscope-runtime (=1.0.5.post1) +14 more potentially affected by CVE-2026-6605 via agentscope (>=0.1.0 <=1.0.18)

agentscope PYPI version =0.1.0, =1.0.0, =1.0.0.post2, =0.1.0, =0.1.0, =0.0.1, =0.1.0.post1, =1.1.0, =1.0.2, =0.1.7, =1.0.1, =1.0.0.4, =0.83.0, =0.99.32 and more Source cves: CVE-2026-6605 Source advisory: OSV:GHSA-8GGF-R3VM-P3JC...

7.5CVSS7AI score0.00326EPSS
Exploits0
EUVD
EUVD
added 2026/04/20 6:31 a.m.5 views

EUVD-2026-23773

A vulnerability was identified in modelscope agentscope up to 1.0.18. Affected by this issue is the function parseurl/prepareimage/openaiaudiototext of the file src/agentscope/tool/multimodality/openaitools.py of the component Cloud Metadata Endpoint. Such manipulation of the argument...

7.5CVSS5.4AI score0.00284EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2026/04/20 6:31 a.m.6 views

adclaw (>=1.0.0 <=1.0.32), agentscope-runtime (=1.0.5.post1) +14 more potentially affected by CVE-2026-6604 via agentscope (>=0.1.0 <=1.0.18)

agentscope PYPI version =0.1.0, =1.0.0, =1.0.0.post2, =0.1.0, =0.1.0, =0.0.1, =0.1.0.post1, =1.1.0, =1.0.2, =0.1.7, =1.0.1, =1.0.0.4, =0.83.0, =0.99.32 and more Source cves: CVE-2026-6604 Source advisory: OSV:GHSA-659X-HM75-HPV7...

7.5CVSS7AI score0.00284EPSS
Exploits0
Rows per page
Query Builder