Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/sagemaker@2.237.3
purl pkg:pypi/sagemaker@2.237.3
Next non-vulnerable version 2.257.2
Latest non-vulnerable version 3.8.0
Risk 4.0
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-2zjb-zcsj-n3bh
Aliases:
GHSA-5r2p-pjr8-7fh7
SageMaker Python SDK replaced eval() with safe parser in JumpStart search functionality
3.4.0
Affected by 0 other vulnerabilities.
VCID-9bsc-uy28-skcp
Aliases:
CVE-2026-1778
GHSA-62rc-f4v9-h543
Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed.
2.256.0
Affected by 1 other vulnerability.
3.1.1
Affected by 2 other vulnerabilities.
VCID-hm7p-vy71-vucv
Aliases:
CVE-2026-1777
GHSA-rjrp-m2jw-pv9c
The Amazon SageMaker Python SDK before v3.2.0 and v2.256.0 includes the ModelBuilder HMAC signing key in the cleartext response elements of the DescribeTrainingJob function. A third party with permissions to both call this API and permissions to modify objects in the Training Jobs S3 output location may have the ability to upload arbitrary artifacts which are executed the next time the Training Job is invoked.
2.256.0
Affected by 1 other vulnerability.
3.2.0
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-zr1b-b765-1kh1 A vulnerability in the SageMaker Workflow component of aws/sagemaker-python-sdk allows for the possibility of MD5 hash collisions in all versions. This can lead to workflows being inadvertently replaced due to the reuse of results from different configurations that produce the same MD5 hash. This issue can cause integrity problems within the pipeline, potentially leading to erroneous processing outcomes. CVE-2025-0508
GHSA-32g6-mg92-ghm2

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-15T01:55:05.839849+00:00 GHSA Importer Fixing VCID-zr1b-b765-1kh1 https://github.com/advisories/GHSA-32g6-mg92-ghm2 38.6.0
2026-06-12T21:17:41.255133+00:00 GitLab Importer Affected by VCID-2zjb-zcsj-n3bh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/sagemaker/GHSA-5r2p-pjr8-7fh7.yml 38.6.0
2026-06-12T20:54:34.145692+00:00 GitLab Importer Affected by VCID-9bsc-uy28-skcp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/sagemaker/CVE-2026-1778.yml 38.6.0
2026-06-12T20:54:25.496867+00:00 GitLab Importer Affected by VCID-hm7p-vy71-vucv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/sagemaker/CVE-2026-1777.yml 38.6.0
2026-06-12T19:56:16.593312+00:00 GitLab Importer Fixing VCID-zr1b-b765-1kh1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/sagemaker/CVE-2025-0508.yml 38.6.0
2026-06-12T07:54:21.321274+00:00 GithubOSV Importer Fixing VCID-zr1b-b765-1kh1 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-32g6-mg92-ghm2/GHSA-32g6-mg92-ghm2.json 38.6.0