VulnerableCode Package Details - pkg:pypi/semantic-kernel@0.2.0.dev0

Search for packages

Vulnerability	Summary	Fixed by
VCID-2vt1-nwqq-fqgx Aliases: CVE-2026-26030 GHSA-xjw9-4gw8-4rqx PYSEC-2026-163	Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the `InMemoryVectorStore` filter functionality. The problem has been fixed in version `python-1.39.4`. Users should upgrade this version or higher. As a workaround, avoid using `InMemoryVectorStore` for production scenarios.	1.39.4 Affected by 0 other vulnerabilities.
VCID-x3q7-yswg-dya5 Aliases: CVE-2026-25592 GHSA-2ww3-72rp-wpp4	Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and multi-agent systems. Prior to 1.71.0, an Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. The problem has been fixed in Microsoft.SemanticKernel.Core version 1.71.0. As a mitigation, users can create a Function Invocation Filter which checks the arguments being passed to any calls to DownloadFileAsync  or UploadFileAsync and ensures the provided localFilePath is allow listed.	1.39.3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-2vt1-nwqq-fqgx
Aliases:
CVE-2026-26030
GHSA-xjw9-4gw8-4rqx
PYSEC-2026-163

Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the `InMemoryVectorStore` filter functionality. The problem has been fixed in version `python-1.39.4`. Users should upgrade this version or higher. As a workaround, avoid using `InMemoryVectorStore` for production scenarios.

1.39.4
Affected by 0 other vulnerabilities.

VCID-x3q7-yswg-dya5
Aliases:
CVE-2026-25592
GHSA-2ww3-72rp-wpp4

Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and multi-agent systems. Prior to 1.71.0, an Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. The problem has been fixed in Microsoft.SemanticKernel.Core version 1.71.0. As a mitigation, users can create a Function Invocation Filter which checks the arguments being passed to any calls to DownloadFileAsync  or UploadFileAsync and ensures the provided localFilePath is allow listed.

1.39.3
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T21:01:45.152225+00:00	GitLab Importer	Affected by	VCID-2vt1-nwqq-fqgx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/semantic-kernel/CVE-2026-26030.yml	38.6.0
2026-06-12T20:57:04.899433+00:00	GitLab Importer	Affected by	VCID-x3q7-yswg-dya5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/semantic-kernel/CVE-2026-25592.yml	38.6.0
2026-06-12T04:20:57.577416+00:00	Pypa Importer	Affected by	VCID-2vt1-nwqq-fqgx	https://github.com/pypa/advisory-database/blob/main/vulns/semantic-kernel/PYSEC-2026-163.yaml	38.6.0
2026-06-11T21:05:03.964995+00:00	PyPI Importer	Affected by	VCID-2vt1-nwqq-fqgx	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0