Showcases and CVEs
A curated dataset of confirmed vulnerable Python packages with proof-of-concept exploits. This page combines the assigned CVEs and the end-to-end exploitation walkthroughs. The full list of 78 confirmed cases lives on the Catalog page.
Assigned CVEs
The CVE table lists every advisory issued for class pollution, both from this work and from prior research.
| CVE | Application | Consequences | Found by | Status |
|---|---|---|---|---|
| CVE-2025-24370 | django-unicorn | DoS, XSS, Auth Bypass, RCE | Pyrl | Fixed |
| CVE-2025-24049 | Azure CLI | Token Leakage, OS Command Injection | Pyrl | Fixed |
| CVE-2025-30374 | Taipy | DoS, XSS, RCE, Token Leakage | Pyrl | Fixed |
| CVE-2025-30358 | Google Mesop | DoS, Remote Execution | Pyrl | Fixed |
| CVE-2025-6107 | ComfyUI | DoS | Pyrl | Fixed |
| CVE-2025-5150 | docarray | DoS | Pyrl | Reported |
| CVE-2025-3982 | sverchok | Token Leakage | Pyrl | Reported |
| CVE-2024-5452 | deepdiff (prior work) | DoS | diogotcorreia | Fixed |
End-to-end exploitation walkthroughs
Each page below walks through the full exploitation chain: the vulnerable function, the pollution payload, the trigger, and the resulting consequence.
- Azure CLI - Token Leakage and OS Command Injection through
set_properties. - ComfyUI - DoS through reflective attribute setting.
- django-unicorn - DoS, XSS, Auth Bypass, and RCE through a single WebSocket message.
- Mesop - DoS and Remote Execution through reflective dataclass update.
- ragflow - Class pollution via reflective attribute setting.
- Taipy - DoS, XSS, RCE, and Token Leakage through
_attrsetter.