VulnerableCode Package Details - pkg:pypi/upsonic@0.55.6

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:pypi/upsonic@0.55.6

Essentials
History (2)

purl	pkg:pypi/upsonic@0.55.6

Next non-vulnerable version	0.56.0
Latest non-vulnerable version	0.56.0
Risk

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-8gqe-stbh-r3dn Aliases: CVE-2025-6279 PYSEC-2025-68	A vulnerability, which was classified as critical, has been found in Upsonic up to 0.55.6. This issue affects the function cloudpickle.loads of the file /tools/add_tool of the component Pickle Handler. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used.	0.56.0 Affected by 0 other vulnerabilities.
VCID-ht8t-upfy-17ah Aliases: CVE-2025-6278 PYSEC-2025-67	A vulnerability classified as critical was found in Upsonic up to 0.55.6. This vulnerability affects the function os.path.join of the file markdown/server.py. The manipulation of the argument file.filename leads to path traversal. The exploit has been disclosed to the public and may be used.	0.56.0 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:23:13.979416+00:00	Pypa Importer	Affected by	VCID-ht8t-upfy-17ah	https://github.com/pypa/advisory-database/blob/main/vulns/upsonic/PYSEC-2025-67.yaml	38.6.0
2026-06-02T04:23:12.652149+00:00	Pypa Importer	Affected by	VCID-8gqe-stbh-r3dn	https://github.com/pypa/advisory-database/blob/main/vulns/upsonic/PYSEC-2025-68.yaml	38.6.0