Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/agno@2.1.8

Type pypi

Namespace

Name agno

Version 2.1.8

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.3.24

Latest_non_vulnerable_version 2.3.24

Affected_by_vulnerabilities

url VCID-bp5z-twca-sbfy

vulnerability_id VCID-bp5z-twca-sbfy

summary Agno is a multi-agent framework, runtime and control plane. From 2.0.0 to before 2.2.2, under high concurrency, when session_state is passed to Agent or Team during run or arun calls, a race condition can occur, causing a session_state to be assigned and persisted to the incorrect session. This may result in user data from one session being exposed to another user. This has been patched in version 2.2.2.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-64168

reference_id

reference_type

scores

value	0.0003
scoring_system	epss
scoring_elements	0.09019
published_at	2026-06-11T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.09058
published_at	2026-06-14T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.0907
published_at	2026-06-13T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.09068
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-64168

reference_url

https://github.com/agno-agi/agno

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/agno-agi/agno

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-64168

reference_id

CVE-2025-64168

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-64168

reference_url

https://github.com/advisories/GHSA-vw84-hprm-cxmm

reference_id

GHSA-vw84-hprm-cxmm

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vw84-hprm-cxmm

reference_url

https://github.com/agno-agi/agno/security/advisories/GHSA-vw84-hprm-cxmm

reference_id

GHSA-vw84-hprm-cxmm

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T15:39:26Z/

url

https://github.com/agno-agi/agno/security/advisories/GHSA-vw84-hprm-cxmm

fixed_packages

url pkg:pypi/agno@2.2.2

purl pkg:pypi/agno@2.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-z1ue-jptm-5ugw

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/agno@2.2.2

aliases CVE-2025-64168, GHSA-vw84-hprm-cxmm

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bp5z-twca-sbfy

url VCID-z1ue-jptm-5ugw

vulnerability_id VCID-z1ue-jptm-5ugw

summary Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the field_type parameter passed to eval(). Attackers can influence the field_type value in a FunctionCall to achieve remote code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-35002

reference_id

reference_type

scores

value	0.00153
scoring_system	epss
scoring_elements	0.35943
published_at	2026-06-14T12:55:00Z

value	0.00153
scoring_system	epss
scoring_elements	0.35754
published_at	2026-06-11T12:55:00Z

value	0.00153
scoring_system	epss
scoring_elements	0.35956
published_at	2026-06-13T12:55:00Z

value	0.00153
scoring_system	epss
scoring_elements	0.35934
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-35002

reference_url

https://github.com/agno-agi/agno

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/agno-agi/agno

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-35002

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-35002

reference_url

https://www.vulncheck.com/advisories/agno-field-type-eval-injection-arbitrary-code-execution

reference_id

agno-field-type-eval-injection-arbitrary-code-execution

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-02T15:23:11Z/

url

https://www.vulncheck.com/advisories/agno-field-type-eval-injection-arbitrary-code-execution

reference_url

https://github.com/agno-agi/agno/commit/cbf675521d4d2281925a051784a3b94172e56416

reference_id

cbf675521d4d2281925a051784a3b94172e56416

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-02T15:23:11Z/

url

https://github.com/agno-agi/agno/commit/cbf675521d4d2281925a051784a3b94172e56416

reference_url

https://github.com/advisories/GHSA-77rh-m34w-rv36

reference_id

GHSA-77rh-m34w-rv36

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-77rh-m34w-rv36

reference_url

https://github.com/agno-agi/agno/releases/tag/v2.3.24

reference_id

v2.3.24

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-02T15:23:11Z/

url

https://github.com/agno-agi/agno/releases/tag/v2.3.24

fixed_packages

url	pkg:pypi/agno@2.3.24
purl	pkg:pypi/agno@2.3.24
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/agno@2.3.24

aliases CVE-2026-35002, GHSA-77rh-m34w-rv36

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z1ue-jptm-5ugw

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/agno@2.1.8

Package Instance