Package impact
PyPI / sagemaker
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-8596 | high | 7.2 | 7.2 | 8d ago | Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path | |||
| CVE-2026-8597 | high | 7.2 | 7.2 | 15d ago | Amazon SageMaker Python SDK is missing integrity verification in its Triton inference handler | |||
| CVE-2026-1777 | unknown | — | — | 4mo ago | SageMaker Python SDK has Exposed HMAC | |||
| CVE-2026-1778 | unknown | — | — | 4mo ago | SageMaker Python SDK has Insecure TLS Configuration | |||
| CVE-2025-0508 | unknown | — | — | 1y ago | SageMaker Workflow component allows possibility of MD5 hash collisions | |||
| CVE-2024-34073 | unknown | — | — | 2y ago | sagemaker-python-sdk Command Injection vulnerability | |||
| CVE-2024-34072 | unknown | — | — | 2y ago | sagemaker-python-sdk vulnerable to Deserialization of Untrusted Data |