VYPR

PyPI package

monai

pkg:pypi/monai

Vulnerabilities (4)

  • CVE-2026-21851Jan 7, 2026
    affected < 1.5.2fixed 1.5.2

    MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.1, a Path Traversal (Zip Slip) vulnerability exists in MONAI's `_download_from_ngc_private()` function. The function uses `zipfile.ZipFile.extractall()` without path

  • CVE-2025-58757Sep 8, 2025
    affected < 1.5.1fixed 1.5.1

    MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.0, the `pickle_operations` function in `monai/data/utils.py` automatically handles dictionary key-value pairs ending with a specific suffix and deserializes them usin

  • CVE-2025-58756Sep 8, 2025
    affected < 1.5.1fixed 1.5.1

    MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.0, in `model_dict = torch.load(full_path, map_location=torch.device(device), weights_only=True)` in monai/bundle/scripts.py , `weights_only=True` is loaded securely.

  • CVE-2025-58755Sep 8, 2025
    affected < 1.5.1fixed 1.5.1

    MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. The extractall function `zip_file.extractall(output_dir)` is used directly to process compressed files. It is used in many places in the project. In versions up to and including 1.5.0, when the Zip file