CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5 matches found

RedhatCVE•added 2026/04/20 7:23 p.m.•3 views

CVE-2026-40320

Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the ConformityCheck class rendered the rule parameter through Jinja2's default Template constructor, silently interpreting template expressions at runtime. If check definitions are loaded from an untrusted...

7.8CVSS6.2AI score0.00036EPSS

Exploits0References1

NVD•added 2026/04/17 6:16 p.m.•2 views

CVE-2026-40320

7.8CVSS0.00036EPSS

Exploits0References2

NVD•added 2026/04/17 6:16 p.m.•1 views

CVE-2026-40319

Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression pattern directly to Python's re.search without any timeout or complexity guard. A crafted regex pattern can trigger catastrophic backtracking,...

5.5CVSS0.00008EPSS

Exploits0References2

CVE•added 2026/04/17 5:16 p.m.•2 views

CVE-2026-40319

CVE-2026-40319 affects Giskard’s giskard-checks RegexMatching, where a user-supplied regex pattern is passed to Python's re.search() without a timeout or complexity guard in versions prior to 1.0.2b1. This can cause catastrophic backtracking (ReDoS) and potentially hang the process. Exploitation ...

5.5CVSS5.8AI score0.00008EPSS

Exploits0References2Affected Software1