Components
Vulnerabilities
Pricing
MCP
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
Ecosystem
Package
Version
Vulnerabilities
CVE-2025-60455
CVE-2025-60455
Unsafe Deserialization vulnerability in Modular Max Serve before 25.6, specifically when the "--experimental-enable-kvcache-agent" feature is used allowing attackers to execute arbitrary code.
Published Nov 20, 2025
https://github.com/advisories/GHSA-7xcv-9j6c-2fmc
https://www.oligo.security/blog/shadowmq-how-code-reuse-spread-critical-vulnerabilities-across-the-ai-ecosystem
CVSS Score
High
8.6
Components Impacted
Components Impacted
Security Details
Security Details
Sonatype Research
Sonatype Research
Ecosystem
Package
Version
Ecosystem
Package
Version
pypi
modular
0.1.0
pypi
modular
0.2.0
pypi
modular
25.3.0
pypi
modular
25.3.0rc3
pypi
modular
25.4.0
pypi
modular
25.5.0
1-6 of 6
CVE-2025-60455 | Components Impacted | Sonatype Guide | Sonatype Guide
