Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-r6su-rkkf-3kct
Summary
A vulnerability, that could result in Remote Code Execution (RCE), has been found in PlotAI. Lack of validation of LLM-generated output allows attacker to execute arbitrary Python code.
Vendor commented out vulnerable line, further usage of the software requires uncommenting it and thus accepting the risk. The vendor does not plan to release a patch to fix this vulnerability.
Aliases
0
alias CVE-2025-1497
1
alias PYSEC-2025-22
Fixed_packages
0
url pkg:pypi/plotai@0.0.7
purl pkg:pypi/plotai@0.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plotai@0.0.7
Affected_packages
0
url pkg:pypi/plotai@0.0.0
purl pkg:pypi/plotai@0.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r6su-rkkf-3kct
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plotai@0.0.0
1
url pkg:pypi/plotai@0.0.1
purl pkg:pypi/plotai@0.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r6su-rkkf-3kct
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plotai@0.0.1
2
url pkg:pypi/plotai@0.0.2
purl pkg:pypi/plotai@0.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r6su-rkkf-3kct
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plotai@0.0.2
3
url pkg:pypi/plotai@0.0.3
purl pkg:pypi/plotai@0.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r6su-rkkf-3kct
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plotai@0.0.3
4
url pkg:pypi/plotai@0.0.4
purl pkg:pypi/plotai@0.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r6su-rkkf-3kct
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plotai@0.0.4
5
url pkg:pypi/plotai@0.0.5
purl pkg:pypi/plotai@0.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r6su-rkkf-3kct
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plotai@0.0.5
6
url pkg:pypi/plotai@0.0.6
purl pkg:pypi/plotai@0.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r6su-rkkf-3kct
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/plotai@0.0.6
References
0
reference_url https://cert.pl/en/posts/2025/03/CVE-2025-1497
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://cert.pl/en/posts/2025/03/CVE-2025-1497
1
reference_url https://cert.pl/posts/2025/03/CVE-2025-1497
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://cert.pl/posts/2025/03/CVE-2025-1497
2
reference_url https://github.com/mljar/plotai
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://github.com/mljar/plotai
3
reference_url https://github.com/mljar/plotai/commit/bdcfb13484f0b85703a4c1ddfd71cb21840e7fde
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://github.com/mljar/plotai/commit/bdcfb13484f0b85703a4c1ddfd71cb21840e7fde
Weaknesses
Exploits
Severity_range_score9.8 - 9.8
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-r6su-rkkf-3kct