VulnerableCode Package Details - pkg:pypi/python-a2a@0.4.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:pypi/python-a2a@0.4.0

Essentials
History (4)

purl	pkg:pypi/python-a2a@0.4.0

Next non-vulnerable version	0.5.6
Latest non-vulnerable version	0.5.6
Risk	4.4

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-h9fs-kwj7-syaw Aliases: CVE-2025-6167 GHSA-rp38-pj7h-r8q2 PYSEC-2025-64	A vulnerability classified as critical has been found in themanojdesai python-a2a up to 0.5.5. Affected is the function create_workflow of the file python_a2a/agent_flow/server/api.py. The manipulation leads to path traversal. Upgrading to version 0.5.6 is able to address this issue. It is recommended to upgrade the affected component.	0.5.6 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-13T09:58:27.459935+00:00	GHSA Importer	Affected by	VCID-h9fs-kwj7-syaw	https://github.com/advisories/GHSA-rp38-pj7h-r8q2	38.6.0
2026-06-12T20:04:27.771940+00:00	GitLab Importer	Affected by	VCID-h9fs-kwj7-syaw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/python-a2a/CVE-2025-6167.yml	38.6.0
2026-06-12T04:20:17.868639+00:00	Pypa Importer	Affected by	VCID-h9fs-kwj7-syaw	https://github.com/pypa/advisory-database/blob/main/vulns/python-a2a/PYSEC-2025-64.yaml	38.6.0
2026-06-11T21:04:16.670906+00:00	PyPI Importer	Affected by	VCID-h9fs-kwj7-syaw	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0