Anthropic Python Vulnerabilities

pip LLM APIs

AI Threat Alert tracks 19 known vulnerabilities in Anthropic Python, 1 rated critical — an AI/ML llm apis in the pip ecosystem. Each CVE includes CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis.

Data sources
31
Risk Score
19
Total CVEs
1
Critical
pip
Ecosystem
Jun 23, 2026
Last CVE
90%
Patch Rate
6d
Avg Time to Patch
3,687 stars 752 forks 311 issues 5,435 dependents Last push Jun 25, 2026
View on GitHub

Known Vulnerabilities (19 total, page 1 of 1)

Severity CVE ID Summary CVSS Published
MEDIUM CVE-2026-41863 Spring AI's support for Anthropic's Skills API used LLM-influenced filenames unsanitized in Path.resolve before writing files to disk 6.5 May 26, 2026 HIGH CVE-2026-7574 Claude Desktop: VM integrity bypass enables RCE 8.7 Jun 23, 2026 LOW CVE-2026-49212 symfony/ux-live: HMAC replay bypasses prop integrity -- Jun 19, 2026 LOW CVE-2026-49215 Symfony LiveComponent: CSRF bypass via safelisted header -- Jun 19, 2026 MEDIUM CVE-2026-50195 containerd: checkpoint import poisons node image cache -- Jun 19, 2026 HIGH CVE-2026-53488 containerd: label injection enables host RCE via CRI plugin -- Jun 19, 2026 HIGH CVE-2026-53489 containerd: symlink follow leaks host files via kubectl logs -- Jun 19, 2026 LOW GHSA-m3q2-p4fw-w38m Nuxt: NoScript XSS enables script execution in head -- Jun 16, 2026 MEDIUM GHSA-c9cv-mq2m-ppp3 Nuxt: open redirect + XSS in navigation API (SSR+client) -- Jun 16, 2026 HIGH CVE-2026-53721 Nuxt: auth bypass via URL case-sensitivity mismatch -- Jun 16, 2026 MEDIUM GHSA-534h-c3cw-v3h9 Nuxt: local unauth IPC leaks .env secrets on shared hosts 5.5 Jun 16, 2026 MEDIUM CVE-2026-47345 typo3/html-sanitizer: XSS bypass via namespace encoding -- Jun 12, 2026 HIGH CVE-2026-47732 twig/twig: sandbox bypass leaks render context -- Jun 5, 2026 MEDIUM CVE-2026-8462 OpenMeter: SQL injection leaks all-tenant metering data -- Jun 4, 2026 HIGH CVE-2026-45370 utcp-cli: env leak exfiltrates all agent process secrets 7.7 May 14, 2026 CRITICAL CVE-2026-42074 openclaude: sandbox bypass allows host-level RCE -- May 12, 2026 MEDIUM CVE-2026-34452 Anthropic SDK: TOCTOU symlink escape in async memory tool -- Mar 31, 2026 MEDIUM CVE-2026-34450 anthropic-sdk: insecure file perms expose agent memory -- Mar 31, 2026 HIGH CVE-2026-21852 claude_code: Weak Credentials allow account compromise 7.5 Jan 21, 2026

Frequently asked questions

What is Anthropic Python?

Anthropic Python is an AI/ML llm apis tracked by AI Threat Alert for security vulnerabilities in the pip ecosystem.

How many known vulnerabilities does Anthropic Python have?

Anthropic Python has 19 known CVEs, 1 of them critical, tracked from NVD and GitHub Advisory.

Which ecosystem is Anthropic Python distributed in?

Anthropic Python is distributed via the pip ecosystem and categorized as llm apis.

Where does the Anthropic Python vulnerability data come from?

Vulnerability data is sourced from NVD and GitHub Advisory, enriched with CVSS, EPSS, exploit signals, and patch status for each CVE.

How do I assess the risk of Anthropic Python?

Review each CVE below — every entry shows CVSS severity, EPSS exploit probability, exploitation signals, and whether a patched version is available.

Monitor Anthropic Python in your stack

Get instant alerts when new vulnerabilities affect Anthropic Python. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring