VYPR

Giskard

by Giskard

Source repositories

CVEs (3)

  • CVE-2026-40320HigApr 17, 2026
    risk 0.51cvss 7.8epss 0.00

    Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the ConformityCheck class rendered the rule parameter through Jinja2's default Template() constructor, silently interpreting template expressions at runtime. If check definitions are loaded…

  • CVE-2026-34172HigMar 31, 2026
    risk 0.50cvss 8.8epss 0.01

    Giskard is an open-source Python library for testing and evaluating agentic systems. Prior to versions 0.3.4 and 1.0.2b1, ChatWorkflow.chat(message) passes its string argument directly as a Jinja2 template source to a non-sandboxed Environment. A developer who passes user input…

  • CVE-2026-40319MedApr 17, 2026
    risk 0.36cvss 5.5epss 0.00

    Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression pattern directly to Python's re.search() without any timeout or complexity guard. A crafted regex pattern can trigger…