Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-8mf9-rmgw-33qc: Hugging Face Smolagents XPath injection vulnerability in the search_item_ctrl_f function

Hugging Face Smolagents version 1.20.0 contains an XPath injection vulnerability in the search_item_ctrl_f function located in src/smolagents/vision_web_browser.py. The function constructs an XPath query by directly concatenating user-supplied input into the XPath expression without proper sanitization or escaping. This allows an attacker to inject malicious XPath syntax that can alter the intended query logic. The vulnerability enables attackers to bypass search filters, access unintended DOM elements, and disrupt web automation workflows. This can lead to information disclosure, manipulation of AI agent interactions, and compromise the reliability of automated web tasks. The issue is fixed in version 1.22.0.

ghsa
Open in Source
#vulnerability#web#git#intel#xpath

Skip to content

Navigation Menu

    • GitHub Copilot

      Write better code with AI

    • GitHub Spark New

      Build and deploy intelligent apps

    • GitHub Models New

      Manage and compare prompts

    • GitHub Advanced Security

      Find and fix vulnerabilities

    • Actions

      Automate any workflow

*   Codespaces
    
    Instant dev environments
    
*   Issues
    
    Plan and track work
    
*   Code Review
    
    Manage code changes
    
*   Discussions
    
    Collaborate outside of code
    
*   Code Search
    
    Find more, search less
    

View all features

  • Explore

    • Learning Pathways
    • Events & Webinars
    • Ebooks & Whitepapers
    • Customer Stories
    • Partners
    • Executive Insights

    • GitHub Sponsors

      Fund open source developers

*   The ReadME Project
    
    GitHub community articles

    • Enterprise platform

      AI-powered developer platform

  • Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

Appearance settings

  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2025-11844

Hugging Face Smolagents XPath injection vulnerability in the search_item_ctrl_f function

Moderate severity GitHub Reviewed Published Oct 22, 2025 to the GitHub Advisory Database • Updated Oct 22, 2025

Package

pip smolagents (pip)

Affected versions

< 1.22.0

Description

Hugging Face Smolagents version 1.20.0 contains an XPath injection vulnerability in the search_item_ctrl_f function located in src/smolagents/vision_web_browser.py. The function constructs an XPath query by directly concatenating user-supplied input into the XPath expression without proper sanitization or escaping. This allows an attacker to inject malicious XPath syntax that can alter the intended query logic. The vulnerability enables attackers to bypass search filters, access unintended DOM elements, and disrupt web automation workflows. This can lead to information disclosure, manipulation of AI agent interactions, and compromise the reliability of automated web tasks. The issue is fixed in version 1.22.0.

References

  • https://nvd.nist.gov/vuln/detail/CVE-2025-11844
  • huggingface/smolagents@f570ed5
  • https://huntr.com/bounties/01ab4405-9bca-4b26-b7a3-5ca1863a69b4

Published to the GitHub Advisory Database

Oct 22, 2025

Last updated

Oct 22, 2025

EPSS score

ghsa: Latest News

GHSA-wwxp-hxh6-8gf8: binary_vec_io access memory out-of-bounds in binary_read_to_ref and binary_write_from_ref
ghsa