Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/sagemaker@1.37.0
Typepypi
Namespace
Namesagemaker
Version1.37.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.257.2
Latest_non_vulnerable_version3.8.0
Affected_by_vulnerabilities
0
url VCID-2zjb-zcsj-n3bh
vulnerability_id VCID-2zjb-zcsj-n3bh
summary SageMaker Python SDK replaced eval() with safe parser in JumpStart search functionality
references
0
reference_url https://github.com/aws/sagemaker-python-sdk
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/sagemaker-python-sdk
1
reference_url https://github.com/aws/sagemaker-python-sdk/commit/e706e578519bd9b92ea44b9b15f872eca5e77ea4
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/sagemaker-python-sdk/commit/e706e578519bd9b92ea44b9b15f872eca5e77ea4
2
reference_url https://github.com/aws/sagemaker-python-sdk/pull/5497
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/sagemaker-python-sdk/pull/5497
3
reference_url https://github.com/advisories/GHSA-5r2p-pjr8-7fh7
reference_id GHSA-5r2p-pjr8-7fh7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5r2p-pjr8-7fh7
4
reference_url https://github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-5r2p-pjr8-7fh7
reference_id GHSA-5r2p-pjr8-7fh7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-5r2p-pjr8-7fh7
fixed_packages
0
url pkg:pypi/sagemaker@3.4.0
purl pkg:pypi/sagemaker@3.4.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/sagemaker@3.4.0
aliases GHSA-5r2p-pjr8-7fh7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2zjb-zcsj-n3bh
1
url VCID-9bsc-uy28-skcp
vulnerability_id VCID-9bsc-uy28-skcp
summary Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1778
reference_id
reference_type
scores
0
value 0.0001
scoring_system epss
scoring_elements 0.01225
published_at 2026-06-12T12:55:00Z
1
value 0.0001
scoring_system epss
scoring_elements 0.01235
published_at 2026-06-14T12:55:00Z
2
value 0.0001
scoring_system epss
scoring_elements 0.01232
published_at 2026-06-13T12:55:00Z
3
value 0.0001
scoring_system epss
scoring_elements 0.01228
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1778
1
reference_url https://aws.amazon.com/security/security-bulletins/2026-004-AWS
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://aws.amazon.com/security/security-bulletins/2026-004-AWS
2
reference_url https://github.com/aws/sagemaker-python-sdk
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/sagemaker-python-sdk
3
reference_url https://github.com/aws/sagemaker-python-sdk/commit/5e7a3efa7bec0a161194ffa0cef346dda93bf2c6
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/sagemaker-python-sdk/commit/5e7a3efa7bec0a161194ffa0cef346dda93bf2c6
4
reference_url https://github.com/aws/sagemaker-python-sdk/commit/c8098958910f7db78d07037425debfd4d44a6964
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/sagemaker-python-sdk/commit/c8098958910f7db78d07037425debfd4d44a6964
5
reference_url https://aws.amazon.com/security/security-bulletins/2026-004-AWS/
reference_id 2026-004-AWS
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:02:05Z/
url https://aws.amazon.com/security/security-bulletins/2026-004-AWS/
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1778
reference_id CVE-2026-1778
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-1778
7
reference_url https://github.com/advisories/GHSA-62rc-f4v9-h543
reference_id GHSA-62rc-f4v9-h543
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-62rc-f4v9-h543
8
reference_url https://github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-62rc-f4v9-h543
reference_id GHSA-62rc-f4v9-h543
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
3
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:02:05Z/
url https://github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-62rc-f4v9-h543
9
reference_url https://github.com/aws/sagemaker-python-sdk/releases/tag/v2.256.0
reference_id v2.256.0
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:02:05Z/
url https://github.com/aws/sagemaker-python-sdk/releases/tag/v2.256.0
10
reference_url https://github.com/aws/sagemaker-python-sdk/releases/tag/v3.1.1
reference_id v3.1.1
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:02:05Z/
url https://github.com/aws/sagemaker-python-sdk/releases/tag/v3.1.1
fixed_packages
0
url pkg:pypi/sagemaker@2.256.0
purl pkg:pypi/sagemaker@2.256.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2zjb-zcsj-n3bh
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/sagemaker@2.256.0
1
url pkg:pypi/sagemaker@3.1.1
purl pkg:pypi/sagemaker@3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2zjb-zcsj-n3bh
1
vulnerability VCID-hm7p-vy71-vucv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/sagemaker@3.1.1
aliases CVE-2026-1778, GHSA-62rc-f4v9-h543
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9bsc-uy28-skcp
2
url VCID-c8p2-hu11-uqfy
vulnerability_id VCID-c8p2-hu11-uqfy
summary sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capture_dependencies function in `sagemaker.serve.save_retrive.version_1_0_0.save.utils` module allows for potentially unsafe Operating System (OS) Command Injection if inappropriate command is passed as the “requirements_path” parameter. This consequently may allow an unprivileged third party to cause remote code execution, denial of service, affecting both confidentiality and integrity. This issue has been addressed in version 2.214.3. Users are advised to upgrade. Users unable to upgrade should not override the “requirements_path” parameter of capture_dependencies function in `sagemaker.serve.save_retrive.version_1_0_0.save.utils`, and instead use the default value.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-34073
reference_id
reference_type
scores
0
value 0.00889
scoring_system epss
scoring_elements 0.7605
published_at 2026-06-14T12:55:00Z
1
value 0.00889
scoring_system epss
scoring_elements 0.76055
published_at 2026-06-13T12:55:00Z
2
value 0.00889
scoring_system epss
scoring_elements 0.76042
published_at 2026-06-12T12:55:00Z
3
value 0.00889
scoring_system epss
scoring_elements 0.7597
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-34073
1
reference_url https://github.com/aws/sagemaker-python-sdk
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/sagemaker-python-sdk
2
reference_url https://github.com/aws/sagemaker-python-sdk/commit/2d873d53f708ea570fc2e2a6974f8c3097fe9df5
reference_id 2d873d53f708ea570fc2e2a6974f8c3097fe9df5
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-03T14:52:50Z/
url https://github.com/aws/sagemaker-python-sdk/commit/2d873d53f708ea570fc2e2a6974f8c3097fe9df5
3
reference_url https://github.com/aws/sagemaker-python-sdk/pull/4556
reference_id 4556
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-03T14:52:50Z/
url https://github.com/aws/sagemaker-python-sdk/pull/4556
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-34073
reference_id CVE-2024-34073
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-34073
5
reference_url https://github.com/advisories/GHSA-7pc3-pr3q-58vg
reference_id GHSA-7pc3-pr3q-58vg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7pc3-pr3q-58vg
6
reference_url https://github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-7pc3-pr3q-58vg
reference_id GHSA-7pc3-pr3q-58vg
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-03T14:52:50Z/
url https://github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-7pc3-pr3q-58vg
fixed_packages
0
url pkg:pypi/sagemaker@2.214.3
purl pkg:pypi/sagemaker@2.214.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2zjb-zcsj-n3bh
1
vulnerability VCID-9bsc-uy28-skcp
2
vulnerability VCID-hm7p-vy71-vucv
3
vulnerability VCID-qxw3-juyf-eqfm
4
vulnerability VCID-zr1b-b765-1kh1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/sagemaker@2.214.3
aliases CVE-2024-34073, GHSA-7pc3-pr3q-58vg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c8p2-hu11-uqfy
3
url VCID-hm7p-vy71-vucv
vulnerability_id VCID-hm7p-vy71-vucv
summary The Amazon SageMaker Python SDK before v3.2.0 and v2.256.0 includes the ModelBuilder HMAC signing key in the cleartext response elements of the DescribeTrainingJob function. A third party with permissions to both call this API and permissions to modify objects in the Training Jobs S3 output location may have the ability to upload arbitrary artifacts which are executed the next time the Training Job is invoked.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1777
reference_id
reference_type
scores
0
value 0.00022
scoring_system epss
scoring_elements 0.06453
published_at 2026-06-12T12:55:00Z
1
value 0.00022
scoring_system epss
scoring_elements 0.06422
published_at 2026-06-14T12:55:00Z
2
value 0.00022
scoring_system epss
scoring_elements 0.06442
published_at 2026-06-13T12:55:00Z
3
value 0.00022
scoring_system epss
scoring_elements 0.06434
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1777
1
reference_url https://aws.amazon.com/security/security-bulletins/2026-004-AWS
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://aws.amazon.com/security/security-bulletins/2026-004-AWS
2
reference_url https://github.com/aws/sagemaker-python-sdk
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/sagemaker-python-sdk
3
reference_url https://github.com/aws/sagemaker-python-sdk/commit/708c7b2f4135ecaec55973d098f3dbe98b657933
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/sagemaker-python-sdk/commit/708c7b2f4135ecaec55973d098f3dbe98b657933
4
reference_url https://github.com/aws/sagemaker-python-sdk/commit/fb0d789db4fd5fecde5509963939369f4c7ce63b
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/sagemaker-python-sdk/commit/fb0d789db4fd5fecde5509963939369f4c7ce63b
5
reference_url https://aws.amazon.com/security/security-bulletins/2026-004-AWS/
reference_id 2026-004-AWS
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-03T15:00:05Z/
url https://aws.amazon.com/security/security-bulletins/2026-004-AWS/
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1777
reference_id CVE-2026-1777
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-1777
7
reference_url https://github.com/advisories/GHSA-rjrp-m2jw-pv9c
reference_id GHSA-rjrp-m2jw-pv9c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rjrp-m2jw-pv9c
8
reference_url https://github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-rjrp-m2jw-pv9c
reference_id GHSA-rjrp-m2jw-pv9c
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H
3
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-03T15:00:05Z/
url https://github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-rjrp-m2jw-pv9c
9
reference_url https://github.com/aws/sagemaker-python-sdk/releases/tag/v2.256.0
reference_id v2.256.0
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-03T15:00:05Z/
url https://github.com/aws/sagemaker-python-sdk/releases/tag/v2.256.0
10
reference_url https://github.com/aws/sagemaker-python-sdk/releases/tag/v3.2.0
reference_id v3.2.0
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-03T15:00:05Z/
url https://github.com/aws/sagemaker-python-sdk/releases/tag/v3.2.0
fixed_packages
0
url pkg:pypi/sagemaker@2.256.0
purl pkg:pypi/sagemaker@2.256.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2zjb-zcsj-n3bh
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/sagemaker@2.256.0
1
url pkg:pypi/sagemaker@3.2.0
purl pkg:pypi/sagemaker@3.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2zjb-zcsj-n3bh
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/sagemaker@3.2.0
aliases CVE-2026-1777, GHSA-rjrp-m2jw-pv9c
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hm7p-vy71-vucv
4
url VCID-qxw3-juyf-eqfm
vulnerability_id VCID-qxw3-juyf-eqfm
summary sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. The sagemaker.base_deserializers.NumpyDeserializer module before v2.218.0 allows potentially unsafe deserialization when untrusted data is passed as pickled object arrays. This consequently may allow an unprivileged third party to cause remote code execution, denial of service, affecting both confidentiality and integrity. Users are advised to upgrade to version 2.218.0. Users unable to upgrade should not pass pickled numpy object arrays which originated from an untrusted source, or that could have been tampered with. Only pass pickled numpy object arrays from trusted sources.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-34072
reference_id
reference_type
scores
0
value 0.00593
scoring_system epss
scoring_elements 0.6974
published_at 2026-06-11T12:55:00Z
1
value 0.00593
scoring_system epss
scoring_elements 0.69842
published_at 2026-06-14T12:55:00Z
2
value 0.00593
scoring_system epss
scoring_elements 0.6983
published_at 2026-06-12T12:55:00Z
3
value 0.00593
scoring_system epss
scoring_elements 0.69845
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-34072
1
reference_url https://github.com/aws/sagemaker-python-sdk
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/sagemaker-python-sdk
2
reference_url https://github.com/aws/sagemaker-python-sdk/commit/72e0c9712aec6fbb82fb40fda091dfc2a42c70a0
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/sagemaker-python-sdk/commit/72e0c9712aec6fbb82fb40fda091dfc2a42c70a0
3
reference_url https://github.com/aws/sagemaker-python-sdk/pull/4557
reference_id 4557
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-03T17:28:15Z/
url https://github.com/aws/sagemaker-python-sdk/pull/4557
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-34072
reference_id CVE-2024-34072
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-34072
5
reference_url https://github.com/advisories/GHSA-wjvx-jhpj-r54r
reference_id GHSA-wjvx-jhpj-r54r
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wjvx-jhpj-r54r
6
reference_url https://github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-wjvx-jhpj-r54r
reference_id GHSA-wjvx-jhpj-r54r
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-03T17:28:15Z/
url https://github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-wjvx-jhpj-r54r
fixed_packages
0
url pkg:pypi/sagemaker@2.218.0
purl pkg:pypi/sagemaker@2.218.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2zjb-zcsj-n3bh
1
vulnerability VCID-9bsc-uy28-skcp
2
vulnerability VCID-hm7p-vy71-vucv
3
vulnerability VCID-zr1b-b765-1kh1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/sagemaker@2.218.0
aliases CVE-2024-34072, GHSA-wjvx-jhpj-r54r
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qxw3-juyf-eqfm
5
url VCID-zr1b-b765-1kh1
vulnerability_id VCID-zr1b-b765-1kh1
summary A vulnerability in the SageMaker Workflow component of aws/sagemaker-python-sdk allows for the possibility of MD5 hash collisions in all versions. This can lead to workflows being inadvertently replaced due to the reuse of results from different configurations that produce the same MD5 hash. This issue can cause integrity problems within the pipeline, potentially leading to erroneous processing outcomes.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-0508
reference_id
reference_type
scores
0
value 0.00138
scoring_system epss
scoring_elements 0.33753
published_at 2026-06-12T12:55:00Z
1
value 0.00138
scoring_system epss
scoring_elements 0.3375
published_at 2026-06-14T12:55:00Z
2
value 0.00138
scoring_system epss
scoring_elements 0.33573
published_at 2026-06-11T12:55:00Z
3
value 0.00138
scoring_system epss
scoring_elements 0.33775
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-0508
1
reference_url https://github.com/aws/sagemaker-python-sdk
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aws/sagemaker-python-sdk
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-0508
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-0508
3
reference_url https://github.com/aws/sagemaker-python-sdk/commit/dcdd99f911e8b1a05d19cf1ad939b0fefae47864
reference_id dcdd99f911e8b1a05d19cf1ad939b0fefae47864
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-20T14:26:53Z/
url https://github.com/aws/sagemaker-python-sdk/commit/dcdd99f911e8b1a05d19cf1ad939b0fefae47864
4
reference_url https://huntr.com/bounties/eb056818-5b81-466f-81ee-916058d34af2
reference_id eb056818-5b81-466f-81ee-916058d34af2
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-20T14:26:53Z/
url https://huntr.com/bounties/eb056818-5b81-466f-81ee-916058d34af2
5
reference_url https://github.com/advisories/GHSA-32g6-mg92-ghm2
reference_id GHSA-32g6-mg92-ghm2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-32g6-mg92-ghm2
fixed_packages
0
url pkg:pypi/sagemaker@2.237.3
purl pkg:pypi/sagemaker@2.237.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2zjb-zcsj-n3bh
1
vulnerability VCID-9bsc-uy28-skcp
2
vulnerability VCID-hm7p-vy71-vucv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/sagemaker@2.237.3
aliases CVE-2025-0508, GHSA-32g6-mg92-ghm2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zr1b-b765-1kh1
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/sagemaker@1.37.0