2404-segmentation-pipeline (>=0.1.0 <=1.0.0), abdomenatlas (>=0.1.0 <=0.1.1) +130 more potentially affected by unknown CVE via monai (>=1.0.0 <=1.5.2)

monai PYPI version =1.0.0, =0.1.0, =0.1.0, =0.0.1, =1.0.0, =0.0.0, =11.1.0, =0.9.0, =1.0.0, =1.1.0, =0.1.0, =0.0.1, =0.1.0, =2.0.1, =2.2.1 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-MONAI-15928871...

Path Traversal

MONAI is vulnerable to a Path Traversal. The vulnerability is due to the use of zipfile.ZipFile.extractall without proper path validation in the downloadfromngcprivate function, which allows an attacker to craft a malicious ZIP archive that writes files outside the intended extraction directory a...

CVE-2026-21851

MONAI Medical Open Network for AI is an AI toolkit for health care imaging. In versions up to and including 1.5.1, a Path Traversal Zip Slip vulnerability exists in MONAI's downloadfromngcprivate function. The function uses zipfile.ZipFile.extractall without path validation, while other similar...

MONAI 路径遍历漏洞

MONAI is a medical imaging AI toolkit open-sourced by Project MONAI. A path traversal vulnerability exists in MONAI 1.5.1 and earlier versions, which stems from the downloadfromngcprivate function using zipfile.ZipFile.extractall without path validation, which could lead to a path traversal attac...

2404-segmentation-pipeline (>=0.1.0 <=1.0.0), abdomenatlas (>=0.1.0 <=0.1.1) +43 more potentially affected by CVE-2026-21851 via monai (>=1.0.0 <=1.5.1)

monai PYPI version =1.0.0, =0.1.0, =0.1.0, =0.0.1, =1.0.0, =0.0.0, =0.0.1, =2.0.1, =0.1.5, =0.4.2, =1.0.12, =0.0.5, =0.0.6 - emphysemaseg =0.1.0 and more Source cves: CVE-2026-21851 Source advisory: SNYK:PYTHON-MONAI-14892724...

EUVD-2025-27191

Malicious code in bioql PyPI...

2404-segmentation-pipeline (>=0.1.0 <=1.0.0), abdomenatlas (>=0.1.0 <=0.1.1) +43 more potentially affected by CVE-2025-58757 via monai (>=1.0.0 <=1.5.0)

monai PYPI version =1.0.0, =0.1.0, =0.1.0, =0.0.1, =1.0.0, =0.0.0, =0.0.1, =2.0.1, =0.1.5, =0.4.2, =1.0.12, =0.0.5, =0.0.6 - emphysemaseg =0.1.0 and more Source cves: CVE-2025-58757 Source advisory: SNYK:PYTHON-MONAI-12670797...

2404-segmentation-pipeline (>=0.1.0 <=1.0.0), abdomenatlas (>=0.1.0 <=0.1.1) +43 more potentially affected by CVE-2025-58756 via monai (>=1.0.0 <=1.5.0)

monai PYPI version =1.0.0, =0.1.0, =0.1.0, =0.0.1, =1.0.0, =0.0.0, =0.0.1, =2.0.1, =0.1.5, =0.4.2, =1.0.12, =0.0.5, =0.0.6 - emphysemaseg =0.1.0 and more Source cves: CVE-2025-58756 Source advisory: SNYK:PYTHON-MONAI-12670800...

2404-segmentation-pipeline (>=0.1.0 <=1.0.0), abdomenatlas (>=0.1.0 <=0.1.1) +43 more potentially affected by CVE-2025-58755 via monai (>=1.0.0 <=1.5.0)

monai PYPI version =1.0.0, =0.1.0, =0.1.0, =0.0.1, =1.0.0, =0.0.0, =0.0.1, =2.0.1, =0.1.5, =0.4.2, =1.0.12, =0.0.5, =0.0.6 - emphysemaseg =0.1.0 and more Source cves: CVE-2025-58755 Source advisory: SNYK:PYTHON-MONAI-12670016...

GHSA-X6WW-PF9M-M73M MONAI does not prevent path traversal, potentially leading to arbitrary file writes

Summary The extractall function zipfile.extractalloutputdir is used directly to process compressed files. It is used in many places in the project. When the Zip file containing malicious content is decompressed, it will overwrite the system files. In addition, the project allows the download of t...

MONAI does not prevent path traversal, potentially leading to arbitrary file writes

Summary The extractall function zipfile.extractalloutputdir is used directly to process compressed files. It is used in many places in the project. When the Zip file containing malicious content is decompressed, it will overwrite the system files. In addition, the project allows the download of t...

2404-segmentation-pipeline (>=0.1.0 <=1.0.0), abdomenatlas (>=0.1.0 <=0.1.1) +57 more potentially affected by CVE-2025-58757 via monai (>=0.4.0 <=1.5.1)

monai PYPI version =0.4.0, =0.1.0, =0.1.0, =0.0.1, =1.0.0, =0.0.0, =0.0.1, =2.0.1, =0.1.5, =0.4.2, =0.1.0, =1.0.12, =1.2.7 - dicom2hdf =0.9.9 - disjoint-generation =1.0.0 - edge-research-pipeline =0.1.2 and more Source cves: CVE-2025-58757 Source advisory: OSV:PYSEC-2025-142...

2404-segmentation-pipeline (>=0.1.0 <=1.0.0), abdomenatlas (>=0.1.0 <=0.1.1) +57 more potentially affected by CVE-2025-58756 via monai (>=0.4.0 <=1.5.1)

monai PYPI version =0.4.0, =0.1.0, =0.1.0, =0.0.1, =1.0.0, =0.0.0, =0.0.1, =2.0.1, =0.1.5, =0.4.2, =0.1.0, =1.0.12, =1.2.7 - dicom2hdf =0.9.9 - disjoint-generation =1.0.0 - edge-research-pipeline =0.1.2 and more Source cves: CVE-2025-58756 Source advisory: OSV:PYSEC-2025-141...

PYSEC-2025-140

MONAI Medical Open Network for AI is an AI toolkit for health care imaging. The extractall function zipfile.extractalloutputdir is used directly to process compressed files. It is used in many places in the project. In versions up to and including 1.5.0, when the Zip file containing malicious...

2404-segmentation-pipeline (>=0.1.0 <=1.0.0), abdomenatlas (>=0.1.0 <=0.1.1) +57 more potentially affected by CVE-2025-58755 via monai (>=0.4.0 <=1.5.1)

monai PYPI version =0.4.0, =0.1.0, =0.1.0, =0.0.1, =1.0.0, =0.0.0, =0.0.1, =2.0.1, =0.1.5, =0.4.2, =0.1.0, =1.0.12, =1.2.7 - dicom2hdf =0.9.9 - disjoint-generation =1.0.0 - edge-research-pipeline =0.1.2 and more Source cves: CVE-2025-58755 Source advisory: OSV:PYSEC-2025-140...

MONAI 安全漏洞

MONAI is a medical imaging AI toolkit open-sourced by Project MONAI. A security vulnerability exists in MONAI 1.5.0 and earlier versions, which stems from mishandling of the pickleoperations function and could lead to a deserialization vulnerability and code execution...

MONAI 代码问题漏洞

MONAI is a medical imaging AI toolkit open-sourced by Project MONAI. A code issue vulnerability exists in MONAI 1.5.0 and prior versions that stems from an insecure loading method that could lead to a deserialization vulnerability and code execution...

CVE-2025-58755 MONAI has path traversal issue that may lead to arbitrary file writes

MONAI Medical Open Network for AI is an AI toolkit for health care imaging. The extractall function zipfile.extractalloutputdir is used directly to process compressed files. It is used in many places in the project. In versions up to and including 1.5.0, when the Zip file containing malicious...

PT-2025-36531

Name of the Vulnerable Software and Affected Versions: MONAI versions prior to 1.5.1 Description: MONAI Medical Open Network for AI is an AI toolkit for health care imaging. The extractall function zip file.extractalloutput dir is used directly to process compressed files throughout the project...