VYPR

PyPI package

pyquokka

pkg:pypi/pyquokka

Vulnerabilities (1)

  • CVE-2025-62515CriOct 17, 2025
    affected <= 0.3.1

    pyquokka is a framework for making data lakes work for time series. In versions 0.3.1 and prior, the FlightServer class directly uses pickle.loads() to deserialize action bodies received from Flight clients without any sanitization or validation in the do_action() method. The vul