VYPR
Vendor

Pydantic AI

Products
1
CVEs
5
Across products
5
Status
Private

Products

1

Recent CVEs

5
  • CVE-2026-48782Jun 16, 2026
    risk 0.00cvss epss 0.00

    Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. In versions 1.56.0 through 1.101.0, 2.0.0b1, and 2.0.0b2, the cloud-metadata blocklist could be bypassed by encoding the metadata IP in an IPv6 transition form that the previous…

  • CVE-2026-46678May 21, 2026
    risk 0.00cvss epss 0.00

    ## Summary When an application using Pydantic AI opts a URL into `force_download='allow-local'` (which disables the default block on private/internal IPs), the cloud-metadata blocklist could be bypassed by encoding the metadata IP in an IPv6 transition form (IPv4-mapped IPv6,…

  • CVE-2026-25580Feb 6, 2026
    risk 0.00cvss epss 0.00

    Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. From 0.0.26 to before 1.56.0, aServer-Side Request Forgery (SSRF) vulnerability exists in Pydantic AI's URL download functionality. When applications accept message history from…

  • CVE-2026-25640Feb 6, 2026
    risk 0.00cvss epss 0.00

    Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. From 1.34.0 to before 1.51.0, a path traversal vulnerability in the Pydantic AI web UI allows an attacker to serve arbitrary JavaScript in the context of the application by…

  • CVE-2024-3772Apr 15, 2024
    risk 0.00cvss epss 0.01

    Regular expression denial of service in Pydanic < 2.4.0, < 1.10.13 allows remote attackers to cause denial of service via a crafted email string.