rasa

PyPI2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting rasapage 1 of 1

CVE-2021-41127HIGHCVSS 7.3EG 7.3✓ Fixed in 2.8.10
2021-10-21
vulnerable: 0.0.1 ... 2.8.9 (218 versions)
Rasa is an open source machine learning framework to automate text-and voice-based conversations. In affected versions a vulnerability exists in the functionality that loads a trained model `tar.gz` file which allows a malicious actor to c…
CVE-2024-49375CRITICALCVSS 9.0EG 9.0✓ Fixed in 3.6.21
2025-01-14
vulnerable: 0.0.1 ... 3.6.9 (357 versions)
Open source machine learning framework. A vulnerability has been identified in Rasa that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution. The prereq…

Check whether rasa is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for rasa CVEs against the assets you own.

Start Free Scan →