VYPR

Pipecat

by Pipecat AI

Source repositories

CVEs (3)

  • CVE-2025-62373CriApr 23, 2026
    risk 0.57cvss 9.8epss 0.01

    Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. Versions 0.0.41 through 0.0.93 have a vulnerability in `LivekitFrameSerializer` – an optional, non-default, undocumented frame serializer class (now deprecated)…

  • CVE-2026-44716HigJun 10, 2026
    risk 0.42cvss 7.5epss 0.00

    Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. From version 0.0.90 to before version 1.2.0, a path traversal vulnerability exists in Pipecat's development runner (src/pipecat/runner/run.py). When the runner is…

  • CVE-2026-54695higJun 18, 2026
    risk 0.38cvss epss

    ## Development Runner Telephony WebSocket `/ws` Unauthenticated Call-Control Abuse via Attacker-Supplied Call SID ### Summary The pipecat development runner registers a `/ws` WebSocket endpoint for telephony testing that accepts connections without any authentication. An…