Security: MervinPraison/PraisonAI
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
PraisonAI workflow include bypasses tools.py autoload opt-in and executes included recipe codeGHSA-hxmv-c4g6-5fqc published
Jun 13, 2026 by MervinPraisonHigh -
`web_crawl` SSRF protection bypass via unchecked redirect targetsGHSA-8hjw-25cg-g52h published
Jun 13, 2026 by MervinPraisonHigh -
Unauthenticated unbounded session accumulation in the PraisonAI MCP HTTP server (memory exhaustion; session TTL never enforced)GHSA-wv94-5qcp-6m36 published
Jun 13, 2026 by MervinPraisonModerate -
Origin-validation bypass (startswith prefix match) enables unauthenticated cross-site request forgery against the PraisonAI MCP HTTP server, leading to persistent agent prompt injectionGHSA-pvph-5j39-v8qc published
Jun 13, 2026 by MervinPraisonHigh -
SSRF via redirect-following in praisonaiagents web_crawlGHSA-5r34-2g38-6569 published
Jun 13, 2026 by MervinPraisonHigh -
ast_grep_rewrite rewrites arbitrary files without the @require_approval gate enforced on every sibling mutation tool (CWE-862)GHSA-cfxv-8fw8-rwpv published
Jun 13, 2026 by MervinPraisonModerate -
Authentication fail-open in Recipe server allows unauthenticated access when API key or JWT auth is configured without a secretGHSA-gfq8-hmph-9gjv published
Jun 13, 2026 by MervinPraisonHigh -
Origin validation bypass in MCP HTTP Stream transport allows browser-mediated unauthenticated tool execution on local MCP serverGHSA-wj6g-v78p-6fx3 published
Jun 13, 2026 by MervinPraisonModerate -
SSRF in web_crawl tool via redirect-following and DNS rebinding (validate-then-fetch gap)GHSA-vg6p-v9vm-6fgj published
Jun 13, 2026 by MervinPraisonHigh -
Arbitrary file write via unsanitized `user_id` in `FileMemory.__init__()` — path traversal to any writable locationGHSA-gxmw-5f7x-6g22 published
Jun 13, 2026 by MervinPraisonHigh