Package impact
PyPI / upsonic
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-6278 | critical | 9.8 | 9.8 | 11mo ago | A vulnerability classified as critical was found in Upsonic up to 0.55.6. This vulnerability affects the function os.path.join of the file markdown/server.py. The manipulation of the argument file.fi… | |||
| CVE-2025-6279 | high | 8.0 | 8.0 | 11mo ago | A vulnerability, which was classified as critical, has been found in Upsonic up to 0.55.6. This issue affects the function cloudpickle.loads of the file /tools/add_tool of the component Pickle Handle… | |||
| CVE-2026-30625 | unknown | — | — | 1mo ago | Upsonic: remote code execution vulnerability in its MCP server/task creation functionality |