Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/upsonic@0.55.1
Typepypi
Namespace
Nameupsonic
Version0.55.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.72.0
Latest_non_vulnerable_version0.72.0
Affected_by_vulnerabilities
0
url VCID-8gqe-stbh-r3dn
vulnerability_id VCID-8gqe-stbh-r3dn
summary A vulnerability, which was classified as critical, has been found in Upsonic up to 0.55.6. This issue affects the function cloudpickle.loads of the file /tools/add_tool of the component Pickle Handler. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-6279
reference_id
reference_type
scores
0
value 0.00138
scoring_system epss
scoring_elements 0.33513
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-6279
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/upsonic/PYSEC-2025-68.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/upsonic/PYSEC-2025-68.yaml
2
reference_url https://github.com/Upsonic/Upsonic
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/Upsonic/Upsonic
3
reference_url https://github.com/Upsonic/Upsonic/commit/a54529acc6e4bfe28f4f5c80c058144348a306b7
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/Upsonic/Upsonic/commit/a54529acc6e4bfe28f4f5c80c058144348a306b7
4
reference_url https://github.com/Upsonic/Upsonic/issues/353
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv2
scoring_elements AV:A/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
1
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
4
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
5
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
6
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
7
value LOW
scoring_system generic_textual
scoring_elements
8
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:16:25Z/
url https://github.com/Upsonic/Upsonic/issues/353
5
reference_url https://github.com/Upsonic/Upsonic/pull/360
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/Upsonic/Upsonic/pull/360
6
reference_url https://github.com/Upsonic/Upsonic/pull/360#issuecomment-2979387098
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/Upsonic/Upsonic/pull/360#issuecomment-2979387098
7
reference_url https://vuldb.com/?ctiid.313283
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv2
scoring_elements AV:A/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
1
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
4
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
5
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
6
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
7
value LOW
scoring_system generic_textual
scoring_elements
8
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:16:25Z/
url https://vuldb.com/?ctiid.313283
8
reference_url https://vuldb.com/?id.313283
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv2
scoring_elements AV:A/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
1
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
3
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
4
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
5
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
6
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
7
value LOW
scoring_system generic_textual
scoring_elements
8
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:16:25Z/
url https://vuldb.com/?id.313283
9
reference_url https://vuldb.com/?submit.593099
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv2
scoring_elements AV:A/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
1
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
4
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
5
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
6
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
7
value LOW
scoring_system generic_textual
scoring_elements
8
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:16:25Z/
url https://vuldb.com/?submit.593099
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-6279
reference_id CVE-2025-6279
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-6279
11
reference_url https://github.com/advisories/GHSA-rpfv-46xj-5984
reference_id GHSA-rpfv-46xj-5984
reference_type
scores
url https://github.com/advisories/GHSA-rpfv-46xj-5984
fixed_packages
0
url pkg:pypi/upsonic@0.56.0
purl pkg:pypi/upsonic@0.56.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jzvs-fw8h-vyfa
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/upsonic@0.56.0
aliases CVE-2025-6279, GHSA-rpfv-46xj-5984, PYSEC-2025-68
risk_score 3.6
exploitability 0.5
weighted_severity 7.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8gqe-stbh-r3dn
1
url VCID-ht8t-upfy-17ah
vulnerability_id VCID-ht8t-upfy-17ah
summary A vulnerability classified as critical was found in Upsonic up to 0.55.6. This vulnerability affects the function os.path.join of the file markdown/server.py. The manipulation of the argument file.filename leads to path traversal. The exploit has been disclosed to the public and may be used.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-6278
reference_id
reference_type
scores
0
value 0.00631
scoring_system epss
scoring_elements 0.7073
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-6278
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/upsonic/PYSEC-2025-67.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/upsonic/PYSEC-2025-67.yaml
2
reference_url https://github.com/Upsonic/Upsonic
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/Upsonic/Upsonic
3
reference_url https://github.com/Upsonic/Upsonic/blob/v0.55.6/src/upsonic/server/markdown/server/server.py#L39
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/Upsonic/Upsonic/blob/v0.55.6/src/upsonic/server/markdown/server/server.py#L39
4
reference_url https://github.com/Upsonic/Upsonic/commit/a54529acc6e4bfe28f4f5c80c058144348a306b7
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/Upsonic/Upsonic/commit/a54529acc6e4bfe28f4f5c80c058144348a306b7
5
reference_url https://github.com/Upsonic/Upsonic/issues/356
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv2
scoring_elements AV:A/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
1
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
3
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
4
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
5
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
6
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
7
value LOW
scoring_system generic_textual
scoring_elements
8
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:16:30Z/
url https://github.com/Upsonic/Upsonic/issues/356
6
reference_url https://github.com/Upsonic/Upsonic/pull/360
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/Upsonic/Upsonic/pull/360
7
reference_url https://vuldb.com/?ctiid.313282
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv2
scoring_elements AV:A/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
1
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
4
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
5
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
6
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
7
value LOW
scoring_system generic_textual
scoring_elements
8
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:16:30Z/
url https://vuldb.com/?ctiid.313282
8
reference_url https://vuldb.com/?id.313282
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv2
scoring_elements AV:A/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
1
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
3
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
4
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
5
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
6
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
7
value LOW
scoring_system generic_textual
scoring_elements
8
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:16:30Z/
url https://vuldb.com/?id.313282
9
reference_url https://vuldb.com/?submit.593096
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv2
scoring_elements AV:A/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
1
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
2
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
4
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
5
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
6
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
7
value LOW
scoring_system generic_textual
scoring_elements
8
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-23T16:16:30Z/
url https://vuldb.com/?submit.593096
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-6278
reference_id CVE-2025-6278
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-6278
11
reference_url https://github.com/advisories/GHSA-8jf4-fcjr-68c2
reference_id GHSA-8jf4-fcjr-68c2
reference_type
scores
url https://github.com/advisories/GHSA-8jf4-fcjr-68c2
fixed_packages
0
url pkg:pypi/upsonic@0.56.0
purl pkg:pypi/upsonic@0.56.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jzvs-fw8h-vyfa
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/upsonic@0.56.0
aliases CVE-2025-6278, GHSA-8jf4-fcjr-68c2, PYSEC-2025-67
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ht8t-upfy-17ah
2
url VCID-jzvs-fw8h-vyfa
vulnerability_id VCID-jzvs-fw8h-vyfa
summary 
Upsonic: remote code execution vulnerability in its MCP server/task creation functionality
Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application allows users to define MCP tasks with arbitrary command and args values. Although an allowlist exists, certain allowed commands (npm, npx) accept argument flags that enable execution of arbitrary OS commands. Maliciously crafted MCP tasks may lead to remote code execution with the privileges of the Upsonic process. In version 0.72.0 Upsonic added a warning about using Stdio servers being able to execute commands directly on the machine.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-30625
reference_id
reference_type
scores
0
value 0.00343
scoring_system epss
scoring_elements 0.57193
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-30625
1
reference_url https://github.com/Upsonic/Upsonic
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/Upsonic/Upsonic
2
reference_url https://github.com/Upsonic/Upsonic/commit/855053fce0662227d9246268ff4a0844b481a305
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-16T13:53:33Z/
url https://github.com/Upsonic/Upsonic/commit/855053fce0662227d9246268ff4a0844b481a305
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-30625
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-30625
4
reference_url https://www.ox.security/blog/mcp-supply-chain-advisory-rce-vulnerabilities-across-the-ai-ecosystem
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.ox.security/blog/mcp-supply-chain-advisory-rce-vulnerabilities-across-the-ai-ecosystem
5
reference_url https://github.com/advisories/GHSA-cw73-5f7h-m4gv
reference_id GHSA-cw73-5f7h-m4gv
reference_type
scores
url https://github.com/advisories/GHSA-cw73-5f7h-m4gv
6
reference_url https://www.ox.security/blog/mcp-supply-chain-advisory-rce-vulnerabilities-across-the-ai-ecosystem/
reference_id mcp-supply-chain-advisory-rce-vulnerabilities-across-the-ai-ecosystem
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-16T13:53:33Z/
url https://www.ox.security/blog/mcp-supply-chain-advisory-rce-vulnerabilities-across-the-ai-ecosystem/
fixed_packages
0
url pkg:pypi/upsonic@0.72.0
purl pkg:pypi/upsonic@0.72.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/upsonic@0.72.0
aliases CVE-2026-30625, GHSA-cw73-5f7h-m4gv
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jzvs-fw8h-vyfa
Fixing_vulnerabilities
Risk_score4.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/upsonic@0.55.1