PySpector 安全漏洞

PySpector is a high-performance Python static security analysis framework based on graphs, developed by Tommaso Bona. Versions of PySpector 0.1.6 and earlier contain security vulnerabilities. These vulnerabilities stem from a security verification bypass in the plugin system, which may lead to th...

Cross-site Scripting (XSS)

Overview pyspector is an A high-performance, security-focused static analysis tool for Python, powered by Rust. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the HTML report generation. An attacker can execute arbitrary JavaScript code in the victim's browser by...

GHSA-2GMV-2R3V-JXJ2 Stored XSS in PySpector HTML Report Generation leads to Javascript Code Execution

Summary PySpector versions = 0.1.6 are affected by a stored Cross-Site Scripting XSS vulnerability in the HTML report generator. When PySpector scans a Python file containing JavaScript payloads i.e. inside a string passed to eval , the flagged code snippet is interpolated into the HTML report...

PySpector has a Plugin Sandbox Bypass leads to Arbitrary Code Execution

Summary PySpector versions = 0.1.6 are affected by a security validation bypass in the plugin system. The validateplugincode function in pluginsystem.py, performs static AST analysis to block dangerous API calls before a plugin is trusted and executed. However, the internal resolvename helper onl...

GHSA-V3XV-8VC3-H2M6 PySpector has a Plugin Sandbox Bypass leads to Arbitrary Code Execution

Summary PySpector versions = 0.1.6 are affected by a security validation bypass in the plugin system. The validateplugincode function in pluginsystem.py, performs static AST analysis to block dangerous API calls before a plugin is trusted and executed. However, the internal resolvename helper onl...

Incomplete List of Disallowed Inputs

Overview pyspector is an A high-performance, security-focused static analysis tool for Python, powered by Rust. Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the validateplugincode function. An attacker can execute arbitrary system commands by...

PT-2026-26196

Name of the Vulnerable Software and Affected Versions PySpector versions 0.1.6 and prior Description PySpector, a static analysis security testing framework for Python development, is affected by a security validation bypass in its plugin system. The validate plugin code function in plugin...

PT-2026-26197

Summary PySpector versions = 0.1.6 are affected by a stored Cross-Site Scripting XSS vulnerability in the HTML report generator. When PySpector scans a Python file containing JavaScript payloads i.e. inside a string passed to eval , the flagged code snippet is interpolated into the HTML report...