The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade ouroboros-ai to version 0.39.0 or higher.
ouroboros-ai is a Specification-first workflow engine for AI coding agents. Works with Claude Code and Codex CLI.
Affected versions of this package are vulnerable to Untrusted Search Path in the process of loading environment variables from the local .env file in the project directory. An attacker can execute arbitrary code by including a malicious script in a cloned repository and setting variables such as OUROBOROS_CLI_PATH or OPENCODE_CLI_PATH to point to this script, which will be executed when certain commands are run.
This vulnerability can be mitigated by carefully inspecting any .env file inside cloned repositories before running commands to ensure it does not contain unexpected OUROBOROS_*_CLI_PATH or OPENCODE_CLI_PATH overrides.