Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:nuget/Microsoft.SemanticKernel.Core@1.1.0
Typenuget
Namespace
NameMicrosoft.SemanticKernel.Core
Version1.1.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.71.0
Latest_non_vulnerable_version1.71.0
Affected_by_vulnerabilities
0
url VCID-x3q7-yswg-dya5
vulnerability_id VCID-x3q7-yswg-dya5
summary Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and multi-agent systems. Prior to 1.71.0, an Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. The problem has been fixed in Microsoft.SemanticKernel.Core version 1.71.0. As a mitigation, users can create a Function Invocation Filter which checks the arguments being passed to any calls to DownloadFileAsync  or UploadFileAsync and ensures the provided localFilePath is allow listed.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25592
reference_id
reference_type
scores
0
value 0.00098
scoring_system epss
scoring_elements 0.27168
published_at 2026-06-13T12:55:00Z
1
value 0.00098
scoring_system epss
scoring_elements 0.27154
published_at 2026-06-14T12:55:00Z
2
value 0.00098
scoring_system epss
scoring_elements 0.2715
published_at 2026-06-12T12:55:00Z
3
value 0.00098
scoring_system epss
scoring_elements 0.26947
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25592
1
reference_url https://github.com/microsoft/semantic-kernel
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/microsoft/semantic-kernel
2
reference_url https://github.com/microsoft/semantic-kernel/pull/13478/changes#diff-88d3cacba2bfa84eef8f2aa171b34f9940338cbb784a3ffc49f5fe3af1b8943d
reference_id changes#diff-88d3cacba2bfa84eef8f2aa171b34f9940338cbb784a3ffc49f5fe3af1b8943d
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-09T15:20:46Z/
url https://github.com/microsoft/semantic-kernel/pull/13478/changes#diff-88d3cacba2bfa84eef8f2aa171b34f9940338cbb784a3ffc49f5fe3af1b8943d
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25592
reference_id CVE-2026-25592
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25592
4
reference_url https://github.com/advisories/GHSA-2ww3-72rp-wpp4
reference_id GHSA-2ww3-72rp-wpp4
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2ww3-72rp-wpp4
5
reference_url https://github.com/microsoft/semantic-kernel/security/advisories/GHSA-2ww3-72rp-wpp4
reference_id GHSA-2ww3-72rp-wpp4
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-09T15:20:46Z/
url https://github.com/microsoft/semantic-kernel/security/advisories/GHSA-2ww3-72rp-wpp4
6
reference_url https://github.com/microsoft/semantic-kernel/blob/main/dotnet/samples/Demos/CodeInterpreterPlugin/Program.cs#L61-L64
reference_id Program.cs#L61-L64
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-09T15:20:46Z/
url https://github.com/microsoft/semantic-kernel/blob/main/dotnet/samples/Demos/CodeInterpreterPlugin/Program.cs#L61-L64
fixed_packages
0
url pkg:nuget/Microsoft.SemanticKernel.Core@1.71.0
purl pkg:nuget/Microsoft.SemanticKernel.Core@1.71.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.SemanticKernel.Core@1.71.0
aliases CVE-2026-25592, GHSA-2ww3-72rp-wpp4
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x3q7-yswg-dya5
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.SemanticKernel.Core@1.1.0