Components
Vulnerabilities
Pricing
MCP
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
Ecosystem
Package
Version
Vulnerabilities
CVE-2025-12695
CVE-2025-12695
The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the “PythonInterpreter” class.
Published Nov 5, 2025
https://github.com/advisories/GHSA-vvw2-h478-xwr3
CVSS Score
High
8.2
Components Impacted
Components Impacted
Security Details
Security Details
Sonatype Research
Sonatype Research
Ecosystem
Package
Version
Ecosystem
Package
Version
pypi
dspy
2.5.10
pypi
dspy
2.5.11
pypi
dspy
2.5.12
pypi
dspy
2.5.13
pypi
dspy
2.5.14
pypi
dspy
2.5.15
pypi
dspy
2.5.16
pypi
dspy
2.5.17
pypi
dspy
2.5.18
pypi
dspy
2.5.19
pypi
dspy
2.5.1
pypi
dspy
2.5.20
pypi
dspy
2.5.21
pypi
dspy
2.5.22
pypi
dspy
2.5.23
pypi
dspy
2.5.24
pypi
dspy
2.5.25
pypi
dspy
2.5.26
pypi
dspy
2.5.27
pypi
dspy
2.5.28
pypi
dspy
2.5.29
pypi
dspy
2.5.2
pypi
dspy
2.5.30
pypi
dspy
2.5.31
pypi
dspy
2.5.32
pypi
dspy
2.5.33
pypi
dspy
2.5.34
pypi
dspy
2.5.35
pypi
dspy
2.5.36
pypi
dspy
2.5.37
pypi
dspy
2.5.38
pypi
dspy
2.5.39
pypi
dspy
2.5.3
pypi
dspy
2.5.40
pypi
dspy
2.5.41
pypi
dspy
2.5.42
pypi
dspy
2.5.43
pypi
dspy
2.5.4
pypi
dspy
2.5.5
pypi
dspy
2.5.6
pypi
dspy
2.5.7
pypi
dspy
2.5.8
pypi
dspy
2.5.9
pypi
dspy
2.6.0
pypi
dspy
2.6.0rc11
pypi
dspy
2.6.0rc1
pypi
dspy
2.6.0rc2
pypi
dspy
2.6.0rc3
pypi
dspy
2.6.0rc4
pypi
dspy
2.6.0rc5
1-50 of 284
CVE-2025-12695 | Components Impacted | Sonatype Guide | Sonatype Guide
