Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

CVE
CVEadded 2026/04/17 5:25 p.m.6 views

CVE-2026-40320

Giskard (giskard-checks) CVE-2026-40320 involves unsandboxed Jinja2 template rendering in the ConformityCheck rule processing. In versions prior to 1.0.2b1, ConformityCheck rendered the rule parameter using Jinja2’s default Template(), enabling runtime interpretation of template expressions. If c...

7.8CVSS6.2AI score0.00036EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/04/17 5:25 p.m.0 views

CVE-2026-40320

Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the ConformityCheck class rendered the rule parameter through Jinja2's default Template constructor, silently interpreting template expressions at runtime. If check definitions are loaded from an untrusted...

5.4CVSS6.2AI score0.00036EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/17 5:16 p.m.2 views

CVE-2026-40319 Giskard has a Regular Expression Denial of Service (ReDoS) in RegexMatching Check

Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression pattern directly to Python's re.search without any timeout or complexity guard. A crafted regex pattern can trigger catastrophic backtracking,...

1CVSS5.8AI score0.00008EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/04/17 5:16 p.m.28 views

CVE-2026-40319 Giskard has a Regular Expression Denial of Service (ReDoS) in RegexMatching Check

Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression pattern directly to Python's re.search without any timeout or complexity guard. A crafted regex pattern can trigger catastrophic backtracking,...

1CVSS0.00008EPSS
Exploits0References2
CVE
CVEadded 2026/04/17 5:16 p.m.3 views

CVE-2026-40319

CVE-2026-40319 affects Giskard’s giskard-checks RegexMatching, where a user-supplied regex pattern is passed to Python's re.search() without a timeout or complexity guard in versions prior to 1.0.2b1. This can cause catastrophic backtracking (ReDoS) and potentially hang the process. Exploitation ...

5.5CVSS5.8AI score0.00008EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVEadded 2026/04/01 5:3 p.m.2 views

CVE-2026-34172

Giskard is an open-source Python library for testing and evaluating agentic systems. Prior to versions 0.3.4 and 1.0.2b1, ChatWorkflow.chatmessage passes its string argument directly as a Jinja2 template source to a non-sandboxed Environment. A developer who passes user input to this method enabl...

8.8CVSS6.3AI score0.0039EPSS
Exploits1References1
Rows per page
Query Builder