Components
Vulnerabilities
Pricing
MCP
API
Docs
Sign up
Login
agentd 0.8.1 | Vulnerabilities | Sonatype Guide
pypi
agentd
0.8.1
agentd 0.8.1
Latest
Published
Mar 16, 2026
•
Policy
compliance
pypi Registry
Developer Trust Score
N/A
Recommended Version:
x.y.z
Best
Latest version with 0 known vulnerabilities that meets your policy.
Compare Versions
Overview
Overview
Versions
39
Versions
39
Vulnerabilities
15
Vulnerabilities
15
Dependencies
0
Dependencies
0
Reset filters
Severity
Critical
(0)
High
(0)
Medium
(8)
Low
(0)
CVSS Score
0.0
10.0
EPSS Score
0.0
1.0
Malware
KEV Status
Published
Filter
Sort: Published (Newest first)
5.3
CVE-2025-69225
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There is no known impact, but there is the possibility that there's a method to exploit a request smuggling vulnerability. This issue is fixed in version 3.13.3.
affected
Severity
Medium
Published
Jan 6, 2026
5.3
CVE-2025-69226
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses web.static() (not recommended for production deployments), it may be possible for an attacker to ascertain the existence of path components. This issue is fixed in version 3.13.3.
affected
Severity
Medium
Published
Jan 6, 2026
6.5
CVE-2025-69224
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below of the Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters. If a pure Python version of AIOHTTP is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. This issue is fixed in version 3.13.3.
affected
Severity
Medium
Published
Jan 6, 2026
6.9
CVE-2025-54121
Starlette is a lightweight ASGI (Asynchronous Server Gateway Interface) framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files (greater than the default max spool size) starlette will block the main thread to roll the file over to disk. This blocks the event thread which means the application can't accept new connections. The UploadFile code has a minor bug where instead of just checking for self._in_memory, the logic should also check if the additional bytes will cause a rollover. The vulnerability is fixed in version 0.47.2.
affected
Severity
Medium
Published
Jul 21, 2025
5.1
CVE-2025-45809
SQL Injection vulnerability in BerriAI LiteLLM before 1.81.0 allows attackers to execute arbitrary commands via the key parameter to the "/key/block" and "/key/unblock" API endpoints.
affected
Severity
Medium
Published
Jul 7, 2025
6.1
CVE-2025-50181
urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0.
affected
Severity
Medium
6.1
CVE-2025-50182
urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means Python libraries can be used to make HTTP requests from a browser or Node.js. Additionally, urllib3 provides a mechanism to control redirects, but the retries and redirect parameters are ignored with Pyodide; the runtime itself determines redirect behavior. This issue has been patched in version 2.5.0.
affected
Severity
Medium
Published
Jun 18, 2025
5.9
CVE-2024-47081
Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.
affected
Severity
Medium
Published
Jun 20, 2025
Published
Jun 9, 2025
