VulnerableCode Package Details - pkg:pypi/upsonic@0.4.7

Search for packages

Vulnerability	Summary	Fixed by
VCID-27dr-hen4-fkee Aliases: CVE-2026-30625 GHSA-cw73-5f7h-m4gv		0.72.0 Affected by 0 other vulnerabilities.
VCID-38tj-x891-2yfr Aliases: CVE-2025-6278 GHSA-8jf4-fcjr-68c2 PYSEC-2025-67	A vulnerability classified as critical was found in Upsonic up to 0.55.6. This vulnerability affects the function os.path.join of the file markdown/server.py. The manipulation of the argument file.filename leads to path traversal. The exploit has been disclosed to the public and may be used.	0.56.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-5ryh-36vh-2qaj Aliases: CVE-2025-6279 GHSA-rpfv-46xj-5984 PYSEC-2025-68	A vulnerability, which was classified as critical, has been found in Upsonic up to 0.55.6. This issue affects the function cloudpickle.loads of the file /tools/add_tool of the component Pickle Handler. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used.	0.56.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-27dr-hen4-fkee
Aliases:
CVE-2026-30625
GHSA-cw73-5f7h-m4gv

0.72.0
Affected by 0 other vulnerabilities.

VCID-38tj-x891-2yfr
Aliases:
CVE-2025-6278
GHSA-8jf4-fcjr-68c2
PYSEC-2025-67

A vulnerability classified as critical was found in Upsonic up to 0.55.6. This vulnerability affects the function os.path.join of the file markdown/server.py. The manipulation of the argument file.filename leads to path traversal. The exploit has been disclosed to the public and may be used.

0.56.0
Affected by 1 other vulnerability.

VCID-5ryh-36vh-2qaj
Aliases:
CVE-2025-6279
GHSA-rpfv-46xj-5984
PYSEC-2025-68

A vulnerability, which was classified as critical, has been found in Upsonic up to 0.55.6. This issue affects the function cloudpickle.loads of the file /tools/add_tool of the component Pickle Handler. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used.

0.56.0
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-01T10:46:29.898484+00:00	GitLab Importer	Affected by	VCID-27dr-hen4-fkee	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/upsonic/CVE-2026-30625.yml	38.6.0
2026-06-01T08:43:04.119144+00:00	GitLab Importer	Affected by	VCID-38tj-x891-2yfr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/upsonic/CVE-2025-6278.yml	38.6.0
2026-06-01T08:43:02.664382+00:00	GitLab Importer	Affected by	VCID-5ryh-36vh-2qaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/upsonic/CVE-2025-6279.yml	38.6.0
2026-05-31T09:47:02.407865+00:00	PyPI Importer	Affected by	VCID-5ryh-36vh-2qaj	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-05-31T09:47:01.786393+00:00	PyPI Importer	Affected by	VCID-38tj-x891-2yfr	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-05-30T20:36:30.601279+00:00	Pypa Importer	Affected by	VCID-38tj-x891-2yfr	https://github.com/pypa/advisory-database/blob/main/vulns/upsonic/PYSEC-2025-67.yaml	38.6.0
2026-05-30T20:36:28.958007+00:00	Pypa Importer	Affected by	VCID-5ryh-36vh-2qaj	https://github.com/pypa/advisory-database/blob/main/vulns/upsonic/PYSEC-2025-68.yaml	38.6.0