Search for packages
| purl | pkg:pypi/upsonic@0.41.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-38tj-x891-2yfr
Aliases: CVE-2025-6278 GHSA-8jf4-fcjr-68c2 PYSEC-2025-67 |
A vulnerability classified as critical was found in Upsonic up to 0.55.6. This vulnerability affects the function os.path.join of the file markdown/server.py. The manipulation of the argument file.filename leads to path traversal. The exploit has been disclosed to the public and may be used. |
Affected by 0 other vulnerabilities. |
|
VCID-5ryh-36vh-2qaj
Aliases: CVE-2025-6279 GHSA-rpfv-46xj-5984 PYSEC-2025-68 |
A vulnerability, which was classified as critical, has been found in Upsonic up to 0.55.6. This issue affects the function cloudpickle.loads of the file /tools/add_tool of the component Pickle Handler. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-05-31T09:47:02.825217+00:00 | PyPI Importer | Affected by | VCID-5ryh-36vh-2qaj | https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip | 38.6.0 |
| 2026-05-31T09:47:02.149985+00:00 | PyPI Importer | Affected by | VCID-38tj-x891-2yfr | https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip | 38.6.0 |
| 2026-05-30T20:36:31.403328+00:00 | Pypa Importer | Affected by | VCID-38tj-x891-2yfr | https://github.com/pypa/advisory-database/blob/main/vulns/upsonic/PYSEC-2025-67.yaml | 38.6.0 |
| 2026-05-30T20:36:29.927986+00:00 | Pypa Importer | Affected by | VCID-5ryh-36vh-2qaj | https://github.com/pypa/advisory-database/blob/main/vulns/upsonic/PYSEC-2025-68.yaml | 38.6.0 |