agentscope
PyPI14 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting agentscopepage 1 of 1
- CVE-2024-48050CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.0.5a12024-11-04
vulnerable: 0.0.1, 0.0.2, 0.0.3, 0.0.4
In agentscope <=v0.0.4, the file agentscope\web\workstation\workflow_utils.py has the function is_callable_expression. Within this function, the line result = eval(s) poses a security risk as it can directly execute user-provided commands.
- CVE-2024-8438HIGHCVSS 7.5EG 7.52025-03-20
vulnerable: 0.0.1, 0.0.2, 0.0.3, 0.0.4
A path traversal vulnerability exists in modelscope/agentscope version v.0.0.4. The API endpoint `/api/file` does not properly sanitize the `path` parameter, allowing an attacker to read arbitrary files on the server.
- CVE-2024-8487CRITICALCVSS 9.8EG 7.42025-03-20
vulnerable: 0.0.1, 0.0.2, 0.0.3, 0.0.4
A Cross-Origin Resource Sharing (CORS) vulnerability exists in modelscope/agentscope version v0.0.4. The CORS configuration on the agentscope server does not properly restrict access to only trusted origins, allowing any external domain to…
- CVE-2024-8501HIGHCVSS 8.8EG 7.52025-03-20
vulnerable: 0.0.1, 0.0.2, 0.0.3, 0.0.4
An arbitrary file download vulnerability exists in the rpc_agent_client component of modelscope/agentscope version v0.0.4. This vulnerability allows any user to download any file from the rpc_agent's host by exploiting the download_file me…
- CVE-2024-8502CRITICALCVSS 9.8EG 9.82025-03-20
vulnerable: 0.0.1 ... 0.0.6a2 (8 versions)
A vulnerability in the RpcAgentServerLauncher class of modelscope/agentscope v0.0.6a3 allows for remote code execution (RCE) via deserialization of untrusted data using the dill library. The issue occurs in the AgentServerServicer.create_a…
- CVE-2024-8524HIGHCVSS 7.5EG 7.52025-03-20
vulnerable: 0.0.1, 0.0.2, 0.0.3, 0.0.4
A directory traversal vulnerability exists in modelscope/agentscope version 0.0.4. An attacker can exploit this vulnerability to read any local JSON file by sending a crafted POST request to the /read-examples endpoint.
- CVE-2024-8537CRITICALCVSS 9.1EG 9.12025-03-20
vulnerable: 0.0.1 ... 0.1.1 (10 versions)
A path traversal vulnerability exists in the modelscope/agentscope application, affecting all versions. The vulnerability is present in the /delete-workflow endpoint, allowing an attacker to delete arbitrary files from the filesystem. This…
- CVE-2024-8550HIGHCVSS 7.5EG 7.52025-02-10
vulnerable: 0.0.1, 0.0.2, 0.0.3, 0.0.4
A Local File Inclusion (LFI) vulnerability exists in the /load-workflow endpoint of modelscope/agentscope version v0.0.4. This vulnerability allows an attacker to read arbitrary files from the server, including sensitive files such as API …
- CVE-2024-8551CRITICALCVSS 9.1EG 9.12025-03-20
vulnerable: 0.0.1 ... 0.1.1 (10 versions)
A path traversal vulnerability exists in the save-workflow and load-workflow functionality of modelscope/agentscope versions prior to the fix. This vulnerability allows an attacker to read and write arbitrary JSON files on the filesystem, …
- CVE-2024-8556MEDIUMCVSS 6.1EG 6.12025-03-20
vulnerable: 0.0.1 ... 0.1.1 (10 versions)
A stored cross-site scripting (XSS) vulnerability exists in modelscope/agentscope, as of the latest commit 21161fe on the main branch. The vulnerability occurs in the view for inspecting detailed run information, where a user-controllable …
- CVE-2026-6603HIGHCVSS 7.3EG 7.32026-04-20
vulnerable: 0.0.1 ... 1.0.9.dev0 (37 versions)
A vulnerability was determined in modelscope agentscope up to 1.0.18. Affected by this vulnerability is the function execute_python_code/execute_shell_command of the file src/AgentScope/tool/_coding/_python.py. This manipulation causes cod…
- CVE-2026-6604HIGHCVSS 7.3EG 7.32026-04-20
vulnerable: 0.0.1 ... 1.0.9.dev0 (37 versions)
A vulnerability was identified in modelscope agentscope up to 1.0.18. Affected by this issue is the function _parse_url/prepare_image/openai_audio_to_text of the file src/agentscope/tool/_multi_modality/_openai_tools.py of the component Cl…
- CVE-2026-6605HIGHCVSS 7.3EG 7.32026-04-20
vulnerable: 0.0.1 ... 1.0.9.dev0 (37 versions)
A security flaw has been discovered in modelscope agentscope up to 1.0.18. This affects the function _get_bytes_from_web_url of the file src/agentscope/_utils/_common.py of the component Internal Service. Performing a manipulation results …
- CVE-2026-6606HIGHCVSS 7.3EG 7.32026-04-20
vulnerable: 0.0.1 ... 1.0.9.dev0 (37 versions)
A weakness has been identified in modelscope agentscope up to 1.0.18. This vulnerability affects the function _process_audio_block of the file src/agentscope/agent/_agent_base.py. Executing a manipulation of the argument url can lead to se…
Check whether agentscope is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for agentscope CVEs against the assets you own.
Start Free Scan →