Bounties
Partners
Community
Info
huggingface / smolagents
Project repository
🤗 smolagents: a barebones library for agents that think in python code.
Submit a report
FIRST INTERACTION
WITHIN
37 DAYS
REVIEW
WITHIN
37 DAYS
FIX
WITHIN
N/A DAYS
Remote Code Execution via PythonInterpreterTool in HuggingFace SmolAgents
Jun 23rd 2025
scodesain
•
not applicable
LLM06: Insecure Code Execution
Jun 23rd 2025
hackwithaj
•
spam
Hugging Face API Key Exposure with Elevated Permissions
Jun 23rd 2025
vadivelr18
•
not applicable
Improper Input Validation Allows Arbitrary Code Execution via --imports in smola...
May 7th 2025
surajtekale
•
not applicable
Prompt Injection Enables Reflexive RCE via PythonInterpreterTool
Jun 23rd 2025
darkeeeandme
•
not applicable
Remote Code Execution via Insecure Authorized Imports in CodeAgent
Jun 23rd 2025
h-h-e
•
spam
Arbitrary Code Execution and Sensitive Data Exfiltration via load_tool Trust Rem...
May 15th 2025
dickytrianza
•
spam
ReDos in _parse_google_format_docstring
Jun 17th 2025
lonelyuan
•
informative
Medium
Remote code execution caused by prompt injection
May 20th 2025
tuantv89
•
self closed
Remote Code Execution in SmolAgents v1.14.0 via Unsafe pickle.loads() on Untrust...
Jun 10th 2025
michaelpierre
•
informative
Critical
Uncaught exception in sandbox can lead to DOS
May 23rd 2025
tasosy2k
•
informative
High
Unrestricted Jinja2 Template Rendering in populate_template Allows Remote Code E...
May 23rd 2025
taiphung217
•
informative
Critical
Sandbox Escapes found in LocalPythonExecutor affecting version 1.13.0
May 23rd 2025
jackfromeast
•
informative
Critical
System Prompt Leakage
May 23rd 2025
rook1337
•
not applicable
CRITICAL
$500
HIGH
$250
MEDIUM
$41.666666666666664
LOW
$6.666666666666667
