Stanford
Products
4- 2 CVEs
- 1 CVE
- Dspy1 CVEpypi
- 1 CVE
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-0239 | Cri | 0.57 | 9.8 | 0.01 | Jan 17, 2022 | corenlp is vulnerable to Improper Restriction of XML External Entity Reference | ||
| CVE-2026-54499 | hig | 0.38 | — | — | Jun 19, 2026 | ### Summary Stanza 1.12.0 attempts to safely load PyTorch checkpoint files using `torch.load(..., weights_only=True)`, but automatically falls back to the fully unsafe `torch.load(..., weights_only=False)` when the safe load raises `pickle.UnpicklingError`. Because the… | ||
| CVE-2025-12695 | Med | 0.38 | 5.9 | 0.00 | Nov 4, 2025 | The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the “PythonInterpreter” class. | ||
| CVE-2013-2106 | 0.00 | — | 0.02 | Dec 3, 2019 | webauth before 4.6.1 has authentication credential disclosure | |||
| CVE-2009-2945 | 0.00 | — | 0.01 | Sep 15, 2009 | weblogin/login.fcgi (aka the WebLogin login script) in Stanford University WebAuth 3.5.5, 3.6.0, and 3.6.1 places passwords in URLs in certain circumstances involving conversion of a POST request to a GET request, which allows context-dependent attackers to discover passwords by… |
- risk 0.57cvss 9.8epss 0.01
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
- risk 0.38cvss —epss —
### Summary Stanza 1.12.0 attempts to safely load PyTorch checkpoint files using `torch.load(..., weights_only=True)`, but automatically falls back to the fully unsafe `torch.load(..., weights_only=False)` when the safe load raises `pickle.UnpicklingError`. Because the…
- risk 0.38cvss 5.9epss 0.00
The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the “PythonInterpreter” class.
- CVE-2013-2106Dec 3, 2019risk 0.00cvss —epss 0.02
webauth before 4.6.1 has authentication credential disclosure
- CVE-2009-2945Sep 15, 2009risk 0.00cvss —epss 0.01
weblogin/login.fcgi (aka the WebLogin login script) in Stanford University WebAuth 3.5.5, 3.6.0, and 3.6.1 places passwords in URLs in certain circumstances involving conversion of a POST request to a GET request, which allows context-dependent attackers to discover passwords by…