Security: MervinPraison/PraisonAI
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Implicit Execution of Arbitrary Code via Automatic `tools.py` LoadingGHSA-2g3w-cpc4-chr4 published
Apr 9, 2026 by MervinPraisonHigh -
Sensitive Environment Variable Exposure via Untrusted MCP Subprocess ExecutionGHSA-pj2r-f9mw-vrcq published
Apr 9, 2026 by MervinPraisonModerate -
SSRF via unvalidated URL in `web_crawl` httpx fallbackGHSA-qq9r-63f6-v542 published
Apr 9, 2026 by MervinPraisonHigh -
Arbitrary file write via path traversal in `praisonai recipe unpack`GHSA-99g3-w8gr-x37c published
Apr 9, 2026 by MervinPraisonCritical -
Sandbox escape via exception frame traversal in `execute_code` (subprocess mode)GHSA-qf73-2hrx-xprp published
Apr 7, 2026 by MervinPraisonCritical -
Unauthenticated SSE Event Stream Exposes All Agent Activity in A2U ServerGHSA-f292-66h9-fpmf published
Apr 7, 2026 by MervinPraisonHigh -
Remote Code Execution via YAML Deserialization in Agent Definition LoadingGHSA-32vr-5gcf-3pw2 published
Apr 7, 2026 by MervinPraisonCritical -
Template Injection in Agent Tool DefinitionsGHSA-hwg5-x759-7wjg published
Apr 7, 2026 by MervinPraisonHigh -
Memory State Leakage and Path Traversal in MultiAgent Context HandlingGHSA-766v-q9x3-g744 published
Apr 7, 2026 by MervinPraisonModerate -
Path Traversal in FileToolsGHSA-693f-pf34-72c5 published
Apr 5, 2026 by MervinPraisonCritical