CVE-2021-47952 python jsonpickle 2.0.0 Remote Code Execution via py/repr

python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. Attackers can craft JSON strings with py/repr directives that invoke the eval function during...

CVE-2026-31254

The flash-attention project thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 2025-13-04 contains a code injection vulnerability CWE-94 in its training script. The script registers the Python eval function as a Hydra configuration resolver under the name eval. This allows configuration files t...

CVE-2026-31228

The Adversarial Robustness Toolbox ART thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe eval function to dynamically evaluate user-supplied strings for the LossFn and Optimizer parameters...

EUVD-2026-29101

The flash-attention project thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 2025-13-04 contains a code injection vulnerability CWE-94 in its training script. The script registers the Python eval function as a Hydra configuration resolver under the name eval. This allows configuration files t...

CVE-2026-31254

The flash-attention project thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 2025-13-04 contains a code injection vulnerability CWE-94 in its training script. The script registers the Python eval function as a Hydra configuration resolver under the name eval. This allows configuration files t...

PT-2026-39639

The flash-attention project thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 2025-13-04 contains a code injection vulnerability CWE-94 in its training script. The script registers the Python eval function as a Hydra configuration resolver under the name eval. This allows configuration files t...

FlashAttention 安全漏洞

FlashAttention is an efficient and memory-efficient attention mechanism implementation tool open-sourced by Dao AI Lab. There is a security vulnerability in FlashAttention; this vulnerability stems from the training script registering the Python eval function as a Hydra configuration parser, whic...

CVE-2026-42079 PPTAgent: Arbitrary Code Execution via Python eval() of LLM-Generated Code with Builtins in Scope

PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval of LLM-generated code with builtins in scope. This issue has been patched via commit 418491a...

CVE-2026-42079

PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval of LLM-generated code with builtins in scope. This issue has been patched via commit 418491a...

PPTAgent 安全漏洞

PPTAgent is an open-source intelligent presentation generation tool based on large models developed by ICIP-CAS. Previous versions of PPTAgent 418491a contained security vulnerabilities. These vulnerabilities stemmed from issues with the Python eval function when executing code generated by LLM,...

EUVD-2021-0470

Malware in sbrugna...

EUVD-2025-6967

Malicious code in bioql PyPI...

EUVD-2024-40269

Malicious code in bioql PyPI...

vLLM has remote code execution vulnerability in the tool call parser for Qwen3-Coder

Summary An unsafe deserialization vulnerability allows any authenticated user to execute arbitrary code on the server if they are able to get the model to pass the code as an argument to a tool call. Details vLLM's Qwen3 Coder tool parser contains a code execution path that uses Python's eval...

CVE-2025-51472

Code Injection in AgentTemplate.evalagentconfig in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to execute arbitrary Python code via malicious values in agent template configurations such as the goal, constraints, or instruction field, which are evaluated using eval without validati...

Exploit for Code Injection in Dgorissen Pycel

CVE-2024-53924 - Description: Pycel through 1.0b30, when oper...

Remote Code Execution (RCE)

pgAdmin4 is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe use of Python's eval function due to unsanitized input in the querycommitted and highavailability parameters on two POST endpoints...

pgAdmin Query Tool authenticated RCE (CVE-2025-2945)

This module exploits a vulnerability in pgAdmin where an authenticated user can establish a connection to the query tool and send a specific payload in the querycommited POST parameter. This payload is directly executed via a Python eval statement, resulting in remote code execution in versions...

pgAdmin 4 Vulnerable to Remote Code Execution

Remote Code Execution security vulnerability in pgAdmin 4 Query Tool and Cloud Deployment modules. The vulnerability is associated with the 2 POST endpoints; /sqleditor/querytool/download, where the querycommited parameter and /cloud/deploy endpoint, where the highavailability parameter is unsafe...

GHSA-G73C-FW68-PWX3 pgAdmin 4 Vulnerable to Remote Code Execution

Remote Code Execution security vulnerability in pgAdmin 4 Query Tool and Cloud Deployment modules. The vulnerability is associated with the 2 POST endpoints; /sqleditor/querytool/download, where the querycommited parameter and /cloud/deploy endpoint, where the highavailability parameter is unsafe...