Security
Headlines

Headlines Latest CVEs

Headline

GHSA-vvw2-h478-xwr3: DSPy does not properly restrict file reads

The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the “PythonInterpreter” class.

3 days ago

#git #intel #perl

Skip to content

Navigation Menu

- AI CODE CREATION
  - GitHub CopilotWrite better code with AI
  - GitHub SparkBuild and deploy intelligent apps
  - GitHub ModelsManage and compare prompts
  - MCP RegistryNewDiscover and integrate external tools

View all features

Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

Appearance settings

GitHub Advisory Database
GitHub Reviewed
CVE-2025-12695

DSPy does not properly restrict file reads

Moderate severity GitHub Reviewed Published Nov 4, 2025 to the GitHub Advisory Database • Updated Nov 4, 2025

Affected versions

<= 3.0.3

Description

Published to the GitHub Advisory Database

Nov 4, 2025

EPSS score

ghsa: Latest News

GHSA-vfpf-xmwh-8m65: ProsemirrorToHtml has a Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values

5 hours ago

GHSA-f83h-ghpp-7wcc: Insecure Deserialization (pickle) in pdfminer.six CMap Loader — Local Privesc

5 hours ago

GHSA-wf5f-4jwr-ppcp: Arbitrary Code Execution in pdfminer.six via Crafted PDF Input

8 hours ago

GHSA-46xp-26xh-hpqh: KubeVirt Vulnerable to Arbitrary Host File Read and Write

10 hours ago

GHSA-vm2f-46xc-5jc3: AstrBot has an arbitrary file read vulnerability in function _encode_image_bs64

10 hours ago