adclaw (>=1.0.0 <=1.0.4), agentscope-runtime (=1.0.5.post1) +13 more potentially affected by CVE-2026-6606 via agentscope (>=0.1.0 <=1.0.18)

agentscope PYPI version =0.1.0, =1.0.0, =1.0.0.post2, =0.1.0, =0.1.0, =0.1.0.post1, =1.1.0, =1.0.2, =0.1.7, =1.0.1, =1.0.0.4, =0.83.0, =0.83.0, =0.116.1 Source cves: CVE-2026-6606 Source advisory: OSV:GHSA-CRX8-WPV6-JRJ2...

adclaw (>=1.0.0 <=1.0.4), agentjet (=0.0.1) +24 more potentially affected by CVE-2026-6606 via agentscope (>=0.1.0 <=1.0.7)

agentscope PYPI version =0.1.0, =1.0.0, =0.3.0, =0.1.0, =0.2.0, =0.1.5, =1.0.0.post2, =0.1.0, =0.1.0, =0.1.0.post1, =0.2.0, =0.4.0, =0.1.6, =0.1.84 and more Source cves: CVE-2026-6606 Source advisory: SNYK:PYTHON-AGENTSCOPE-16318346...

adclaw (>=1.0.0 <=1.0.4), agentjet (=0.0.1) +24 more potentially affected by CVE-2026-6604 via agentscope (>=0.1.0 <=1.0.7)

agentscope PYPI version =0.1.0, =1.0.0, =0.3.0, =0.1.0, =0.2.0, =0.1.5, =1.0.0.post2, =0.1.0, =0.1.0, =0.1.0.post1, =0.2.0, =0.4.0, =0.1.6, =0.1.84 and more Source cves: CVE-2026-6604 Source advisory: SNYK:PYTHON-AGENTSCOPE-16318343...

Arbitrary Code Injection

Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Arbitrary Code Injection via the executeshellcommand function. An attacker can execute arbitrary code by supplying crafted input remotely. Remediation There is no...

CVE-2024-48050

In agentscope =v0.0.4, the file agentscope\web\workstation\workflowutils.py has the function iscallableexpression. Within this function, the line result = evals poses a security risk as it can directly execute user-provided commands...

Remote Code Execution (RCE)

agentscope is vulnerable to Remote code execution RCE. The vulnerability is due to improper handling of serialized input, which is deserialized using dill.loads without validation, allowing execution of arbitrary commands...

Origin Validation Error

AgentScope is vulnerable to Origin Validation Error. The vulnerability is due to improper access control due to the server not properly restricting access to trusted origins, allowing any external domain to make API requests, leading to unauthorized data access and potential exploitation...

Directory Traversal

agentscope is vulnerable to Directory Traversal. The vulnerability is due to improper validation of user-supplied file paths in the /read-examples endpoint, allowing attackers to traverse directories and access arbitrary JSON files...

CVE-2024-8489

A vulnerability in modelscope/agentscope, specifically in the AgentScope Studio backend server, allows for Cross-Site Request Forgery CSRF due to overly permissive CORS headers. This issue affects the latest commit on the main branch 21161fe. The vulnerability permits an attacker to access all...

External Control of File Name or Path

Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to External Control of File Name or Path through the /read-examples endpoint. An attacker can read any local JSON file, containing API keys by sending a crafted POST...

adclaw (>=1.0.0 <=1.0.4), agentjet (=0.0.1) +24 more potentially affected by CVE-2024-8502 via agentscope (>=0.1.0 <=1.0.7)

agentscope PYPI version =0.1.0, =1.0.0, =0.3.0, =0.1.0, =0.2.0, =0.1.5, =1.0.0.post2, =0.1.0, =0.1.0, =0.1.0.post1, =0.2.0, =0.4.0, =0.1.6, =0.1.84 and more Source cves: CVE-2024-8502 Source advisory: SNYK:PYTHON-AGENTSCOPE-9511410...

adclaw (>=1.0.0 <=1.0.4), agentjet (=0.0.1) +24 more potentially affected by CVE-2024-8501 via agentscope (>=0.1.0 <=1.0.7)

agentscope PYPI version =0.1.0, =1.0.0, =0.3.0, =0.1.0, =0.2.0, =0.1.5, =1.0.0.post2, =0.1.0, =0.1.0, =0.1.0.post1, =0.2.0, =0.4.0, =0.1.6, =0.1.84 and more Source cves: CVE-2024-8501 Source advisory: SNYK:PYTHON-AGENTSCOPE-9511413...

adclaw (>=1.0.0 <=1.0.4), agentjet (=0.0.1) +24 more potentially affected by CVE-2024-8524 via agentscope (>=0.1.0 <=1.0.7)

agentscope PYPI version =0.1.0, =1.0.0, =0.3.0, =0.1.0, =0.2.0, =0.1.5, =1.0.0.post2, =0.1.0, =0.1.0, =0.1.0.post1, =0.2.0, =0.4.0, =0.1.6, =0.1.84 and more Source cves: CVE-2024-8524 Source advisory: SNYK:PYTHON-AGENTSCOPE-9511411...

adclaw (>=1.0.0 <=1.0.4), agentjet (=0.0.1) +24 more potentially affected by CVE-2024-8487 via agentscope (>=0.1.0 <=1.0.7)

agentscope PYPI version =0.1.0, =1.0.0, =0.3.0, =0.1.0, =0.2.0, =0.1.5, =1.0.0.post2, =0.1.0, =0.1.0, =0.1.0.post1, =0.2.0, =0.4.0, =0.1.6, =0.1.84 and more Source cves: CVE-2024-8487 Source advisory: SNYK:PYTHON-AGENTSCOPE-9511372...

adclaw (>=1.0.0 <=1.0.4), agentjet (=0.0.1) +24 more potentially affected by CVE-2024-8489 via agentscope (>=0.1.0 <=1.0.7)

agentscope PYPI version =0.1.0, =1.0.0, =0.3.0, =0.1.0, =0.2.0, =0.1.5, =1.0.0.post2, =0.1.0, =0.1.0, =0.1.0.post1, =0.2.0, =0.4.0, =0.1.6, =0.1.84 and more Source cves: CVE-2024-8489 Source advisory: SNYK:PYTHON-AGENTSCOPE-9599695...

CVE-2024-8524

A directory traversal vulnerability exists in modelscope/agentscope version 0.0.4. An attacker can exploit this vulnerability to read any local JSON file by sending a crafted POST request to the /read-examples endpoint...

PYSEC-2025-83

A directory traversal vulnerability exists in modelscope/agentscope version 0.0.4. An attacker can exploit this vulnerability to read any local JSON file by sending a crafted POST request to the /read-examples endpoint...

tashan-scispark (>=1.0.1 <=1.0.8) potentially affected by CVE-2024-8487 via agentscope (=0.1.0)

agentscope PYPI version =0.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on agentscope and may be impacted: - tashan-scispark =1.0.1, =1.0.8 Source cves: CVE-2024-8487 Source advisory: OSV:PYSEC-2025-81...

CVE-2024-8537 Path Traversal in modelscope/agentscope

A path traversal vulnerability exists in the modelscope/agentscope application, affecting all versions. The vulnerability is present in the /delete-workflow endpoint, allowing an attacker to delete arbitrary files from the filesystem. This issue arises due to improper input validation, enabling t...

adclaw (>=1.0.0 <=1.0.4), agentjet (=0.0.1) +24 more potentially affected by CVE-2024-48050 via agentscope (>=0.1.0 <=1.0.7)

agentscope PYPI version =0.1.0, =1.0.0, =0.3.0, =0.1.0, =0.2.0, =0.1.5, =1.0.0.post2, =0.1.0, =0.1.0, =0.1.0.post1, =0.2.0, =0.4.0, =0.1.6, =0.1.84 and more Source cves: CVE-2024-48050 Source advisory: SNYK:PYTHON-AGENTSCOPE-8344260...