VYPR
Vendor

Giskard

Products
2
CVEs
4
Across products
4
Status
Private

Products

2

Recent CVEs

4
  • CVE-2026-40320HigApr 17, 2026
    risk 0.51cvss 7.8epss 0.00

    Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the ConformityCheck class rendered the rule parameter through Jinja2's default Template() constructor, silently interpreting template expressions at runtime. If check definitions are loaded…

  • CVE-2026-34172HigMar 31, 2026
    risk 0.50cvss 8.8epss 0.01

    Giskard is an open-source Python library for testing and evaluating agentic systems. Prior to versions 0.3.4 and 1.0.2b1, ChatWorkflow.chat(message) passes its string argument directly as a Jinja2 template source to a non-sandboxed Environment. A developer who passes user input…

  • CVE-2024-52524MedNov 14, 2024
    risk 0.38cvss epss 0.01

    Giskard is an evaluation and testing framework for AI systems. A Remote Code Execution (ReDoS) vulnerability was discovered in Giskard component by the GitHub Security Lab team. When processing datasets with specific text patterns with Giskard detectors, this vulnerability could…

  • CVE-2026-40319MedApr 17, 2026
    risk 0.36cvss 5.5epss 0.00

    Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression pattern directly to Python's re.search() without any timeout or complexity guard. A crafted regex pattern can trigger…