Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/agenta@0.63.0

Type pypi

Namespace

Name agenta

Version 0.63.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 0.86.8

Latest_non_vulnerable_version 0.86.8

Affected_by_vulnerabilities

url VCID-7jjb-11ve-nubc

vulnerability_id VCID-7jjb-11ve-nubc

summary Agenta is an open-source LLMOps platform. A Server-Side Template Injection (SSTI) vulnerability exists in versions prior to 0.86.8 in Agenta's API server evaluator template rendering. Although the vulnerable code lives in the SDK package, it is executed server-side within the API process when running evaluators. This does not affect standalone SDK usage — it only impacts self-hosted or managed Agenta platform deployments. Version 0.86.8 contains a fix for the issue.

references

reference_url

https://github.com/Agenta-AI/agenta/security/advisories/GHSA-cfr2-mp74-3763

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://github.com/Agenta-AI/agenta/security/advisories/GHSA-cfr2-mp74-3763

fixed_packages

url	pkg:pypi/agenta@0.86.8
purl	pkg:pypi/agenta@0.86.8
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/agenta@0.86.8

aliases CVE-2026-27961, GHSA-cfr2-mp74-3763, PYSEC-2026-7

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7jjb-11ve-nubc

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/agenta@0.63.0

Package Instance