Package impact
PyPI / smolagents
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-4963 | critical | 10.0 | 10.0 | 2mo ago | Hugging Face Smolagents has an Injection issue | |||
| CVE-2026-2654 | critical | 9.8 | 9.8 | 4mo ago | Hugging Face Smolagents has a Server-Side Request Forgery issue | |||
| CVE-2025-14931 | critical | — | 9.5 | 5mo ago | Hugging Face smolagents: Unsafe deserialization in Remote Python Executor leads to RCE | |||
| CVE-2025-11844 | unknown | — | — | 8mo ago | Hugging Face Smolagents XPath injection vulnerability in the search_item_ctrl_f function | |||
| CVE-2025-5120 | unknown | — | — | 10mo ago | smolagents has Sandbox Escape Vulnerability in the local_python_executor.py Module |