VYPR

Kedro

by Linux Foundation

pypi: kedro

Source repositories

CVEs (2)

  • CVE-2026-35171CriApr 6, 2026
    risk 0.57cvss 9.8epss 0.01

    Kedro is a toolbox for production-ready data science. Prior to 1.3.0, Kedro allows the logging configuration file path to be set via the KEDRO_LOGGING_CONFIG environment variable and loads it without validation. The logging configuration schema supports the special () key, which…

  • CVE-2026-35167HigApr 6, 2026
    risk 0.39cvss 7.1epss 0.00

    Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the _get_versioned_path() method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path…