VYPR

PyPI package

agno

pkg:pypi/agno

Vulnerabilities (2)

  • CVE-2026-35002CriApr 2, 2026
    affected < 2.3.24fixed 2.3.24

    Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the field_type parameter passed to eval(). Attackers can influence the field_type value in a Fun

  • CVE-2025-64168HigOct 31, 2025
    affected >= 2.0.0, < 2.2.2fixed 2.2.2

    Agno is a multi-agent framework, runtime and control plane. From 2.0.0 to before 2.2.2, under high concurrency, when session_state is passed to Agent or Team during run or arun calls, a race condition can occur, causing a session_state to be assigned and persisted to the incorrec