Browse all 3 CVE security advisories affecting agronholm. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Agronholm develops Python libraries, primarily for asynchronous programming and web frameworks. Historically, its vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation, often stemming from input validation flaws and insecure deserialization. The project maintains a moderate security posture with three CVEs recorded, addressing issues like path traversal and improper access control. While no major incidents have been documented, the consistent focus on security updates suggests proactive vulnerability management. The library's widespread use in Python ecosystems necessitates ongoing scrutiny of its security practices, particularly given the potential impact of flaws in core asynchronous functionality.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-26209 | cbor2 has a Denial of Service via Uncontrolled Recursion in cbor2.loads — cbor2CWE-674 | 7.5 | - | 2026-03-23 |
| CVE-2025-68131 | CBORDecoder reuse can leak shareable values across decode calls — cbor2CWE-212 | 7.5 | - | 2025-12-31 |
| CVE-2024-26134 | CBOR2 decoder has potential buffer overflow — cbor2CWE-120 | 7.5 | High | 2024-02-19 |
This page lists every published CVE security advisory associated with agronholm. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.