cognee@1.2.2.dev0

Cognee - is a library for enriching LLM context with a semantic layer for better understanding and reasoning.

  • latest version

    1.2.2.dev20260629

  • first published

    2 years ago

  • latest version published

    6 days ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the cognee package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • C
    Arbitrary Code Injection

    cognee is a Cognee - is a library for enriching LLM context with a semantic layer for better understanding and reasoning.

    Affected versions of this package are vulnerable to Arbitrary Code Injection in the notebook cell execution API endpoint due to the use of the unsafe exec function without sandboxing, validation, or security controls. An attacker can execute arbitrary code on the server by sending a specially crafted POST request containing malicious Python code to the execution endpoint, potentially leading to full system compromise.

    How to fix Arbitrary Code Injection?

    There is no fixed version for cognee.

    [0,)