admet-workbench (>=0.1.0 <=0.1.1), agent-gpt-aws (>=0.4.4 <=0.9.5) +83 more potentially affected by unknown CVE via sagemaker (>=1.52.1 <=3.10.1)

sagemaker PYPI version =1.52.1, =0.1.0, =0.4.4, =1.0.29, =1.3.24, =0.1.1b20230324, =0.0.2, =0.4.6, =0.1.13, =5.118.1, =0.1.0, =5.11.0, =5.11.0a0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-5R2P-PJR8-7FH7...

Insertion of Sensitive Information Into Sent Data

Overview sagemaker is an Open source library for training and deploying models on Amazon SageMaker. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the storage of HMAC keys and disclosure through the DescribeTrainingJob API. An attacker ca...

amzn-nova-customization-sdk (>=1.0.29 <=1.0.72), anymodality (=0.1.0) +27 more potentially affected by CVE-2026-1777 via sagemaker (>=1.52.1 <=2.254.1)

sagemaker PYPI version =1.52.1, =1.0.29, =0.1.1b20230324, =0.4.6, =0.1.0, =0.1.1, =0.9.0, =0.2.8, =1.97.0.dev0, =2.0.0, =1.0.0, =1.0.0, =0.4.0, =0.7.3, =1.0.1 and more Source cves: CVE-2026-1777 Source advisory: OSV:GHSA-RJRP-M2JW-PV9C...

admet-workbench (>=0.1.0 <=0.1.1), agent-gpt-aws (>=0.4.4 <=0.9.5) +49 more potentially affected by CVE-2026-1778 via sagemaker (=3.10.1)

sagemaker PYPI version =3.10.1 is affected by a known vulnerability. The following packages have a transitive dependency on sagemaker and may be impacted: - admet-workbench =0.1.0, =0.4.4, =1.3.24, =0.0.2, =0.1.13, =0.1.0, =0.4.0, =1.0.1, =0.4.0, =0.1.12, =0.1.0, =0.2.7 and more Source cves:...

admet-workbench (>=0.1.0 <=0.1.1), agent-gpt-aws (>=0.4.4 <=0.9.5) +49 more potentially affected by CVE-2026-1778 via sagemaker (=3.10.1)

sagemaker PYPI version =3.10.1 is affected by a known vulnerability. The following packages have a transitive dependency on sagemaker and may be impacted: - admet-workbench =0.1.0, =0.4.4, =1.3.24, =0.0.2, =0.1.13, =0.1.0, =0.4.0, =1.0.1, =0.4.0, =0.1.12, =0.1.0, =0.2.7 and more Source cves:...

MD5 Hash Collisions

sagemaker is vulnerable to MD5 Hash Collisions. The vulnerability is due to weak hashing in workflow identification due to the reuse of results from different configurations that produce the same MD5 hash, potentially leading to unintended workflow replacements and integrity issues...

Expected Behavior Violation

Overview sagemaker is an Open source library for training and deploying models on Amazon SageMaker. Affected versions of this package are vulnerable to Expected Behavior Violation via to the utilities.py component. An attacker can cause integrity problems within the pipeline, potentially leading ...

anymodality (=0.1.0), autogluon-cloud (>=0.1.1b20230324 <=0.2.1b20230929) +22 more potentially affected by CVE-2025-0508 via sagemaker (>=2.0.0 <=2.236.0)

sagemaker PYPI version =2.0.0, =0.1.1b20230324, =0.4.6, =0.1.0, =0.1.1, =0.9.0, =1.0.0, =1.97.0.dev0, =2.0.0, =1.0.0, =1.0.0, =0.7.3, =0.1.2, =0.0.9, =0.0.10 and more Source cves: CVE-2025-0508 Source advisory: SNYK:PYTHON-SAGEMAKER-9510926...

anymodality (=0.1.0), autogluon-cloud (>=0.1.1b20230324 <=0.2.1b20230929) +23 more potentially affected by CVE-2025-0508 via sagemaker (>=1.52.1 <=2.236.0)

sagemaker PYPI version =1.52.1, =0.1.1b20230324, =0.4.6, =0.1.0, =0.1.1, =0.9.0, =0.2.8, =1.97.0.dev0, =2.0.0, =1.0.0, =1.0.0, =0.7.3, =0.1.2, =0.4.6 - hydro-integrations =2.3.0.dev0 and more Source cves: CVE-2025-0508 Source advisory: OSV:GHSA-32G6-MG92-GHM2...