pkg:PyPI/smolagents

All known vulnerabilities

• CRITICAL10.0CVE-2025-14931Hugging Face smolagents: Unsafe deserialization in Remote Python Executor leads to RCE
  from 0, <= 1.23.0
• CRITICAL9.9CVE-2025-5120smolagents has Sandbox Escape Vulnerability in the local_python_executor.py Module
  from 0, < 1.17.0
• MEDIUM6.3CVE-2026-4963Hugging Face Smolagents has an Injection issue
  from 0, <= 1.25.0.dev0
• MEDIUM6.3Hugging Face Smolagents has a Server-Side Request Forgery issue
  from 0, <= 1.24.0
• MEDIUM5.4Hugging Face Smolagents XPath injection vulnerability in the search_item_ctrl_f function
  from 0, < 1.22.0