PyPI/pipecat-ai — 3 CVEs

CRITICAL9.8CVE-2025-62373Pipecat: Remote Code Execution by Pickle Deserialization Through LivekitFrameSerializer

>= 0.0.41, < 0.0.94

HIGH7.5CVE-2026-54695Pipecat: Telephony WebSocket `/ws` Unauthenticated Call-Control Abuse via Attacker-Supplied Call SID

>= 0.0.77, < 1.4.0

HIGH7.5CVE-2026-44716Pipecat: Path Traversal in Pipecat Runner `/files` Endpoint — Arbitrary File Read via `%2F`-Encoded Separator

>= 0.0.90, < 1.2.0

pkg:PyPI/pipecat-ai