PraisonAI vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
GHSA-V847-HXXW-3PXGHighpraisonai: PraisonAI recipe.run_stream skips dangerous-tool policy enforcementGHSA-63V4-W882-G4X2Highpraisonai: PraisonAI: HTTPApproval dashboard renders tool arguments as raw HTML, allowing approval-page XSS to…GHSA-FC26-M9PF-V56QHighpraisonai: PraisonAI LinearBot processes unsigned webhooks when LINEAR_WEBHOOK_SECRET is missingGHSA-J7QX-P75M-WP7GHighpraisonai: PraisonAI dynamic-context artifact tools read arbitrary host files outside artifact storageGHSA-QVPF-J64C-JMHRHighpraisonai: PraisonAI Slack app_mention bypasses configured user/channel authorizationGHSA-5QW8-F2G9-FF29Highpraisonai: PraisonAI recipe serve Typer command bypasses the non-localhost authentication guardGHSA-VMF9-XX9W-86WXHighpraisonaiagents: PraisonAI ToolsMCPServer legacy SSE transport accepts attacker Host/Origin and exposes registered…GHSA-22CJ-M4WF-FV2CHighpraisonai: PraisonAI Dynamic Context history and terminal tools read files outside configured storage via path…GHSA-8579-RGG5-PH2MHighpraisonai: PraisonAI DiscordApproval accepts unrelated channel messages as dangerous-tool approvalsCVE-2026-47397HighPraisonAI: PraisonAI has an Arbitrary File Write in Python APICVE-2026-47391CriticalPraisonAI: PraisonAI's unauthenticated A2A official example can reach real LLM-driven `eval()` tool executionCVE-2026-47394HighPraisonAI: PraisonAI vulnerable to unauthenticated arbitrary file read via MCP workflow.show,…CVE-2026-47392Criticalpraisonaiagents: PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code`…CVE-2026-47395Mediumpraisonaiagents: PraisonAI CLI automatically resolves @url mentions in prompt text and can read loopback URLs into…CVE-2026-47393CriticalPraisonAI: PraisonAI `deploy --type api` emits a Flask server with authentication disabled by defaultCVE-2026-47396CriticalPraisonAI: PraisonAI call server exposes unauthenticated agent listing, invocation, and deletion when…CVE-2026-47390Mediumpraisonaiagents: PraisonAI spider_tools SSRF protection bypass via alternate loopback host encodingsCVE-2026-47398HighPraisonAI: PraisonAI: Arbitrary code execution via unguarded `spec.loader.exec_module` in…CVE-2026-44340HighPraisonAI: PraisonAI's symlink-extraction bypass of `_safe_extractall` writes outside `dest_dir`CVE-2026-44339Highpraisonaiagents: PraisonAI has unsafe tool resolution in `ToolExecutionMixin.execute_tool`: undeclared `__main__`…CVE-2026-44336CriticalPraisonAI: PraisonAI MCP `tools/call` path-traversal => RCE via Python `.pth` injectionCVE-2026-44337MediumPraisonAI: PraisonAI knowledge-store backends interpolate unvalidated collection names into SQL and CQL queriesCVE-2026-44338HighPraisonAI: PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing…CVE-2026-44334Highpraisonai: PraisonAI has unauthenticated RCE via `tool_override.py` (CVE-2026-40287 patch bypass)CVE-2026-41496Highpraisonai: PraisonAI: SQL Injection via unvalidated `table_prefix` in 9 conversation store backends…

Stop the waste.
Protect your environment with Kodem.