PraisonAI vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-41497Criticalpraisonai: PraisonAI has an incomplete fix for CVE-2026-34935 - OS Command Injection CVE-2026-40289Criticalpraisonaiagents: PraisonAI Browser Server allows unauthenticated WebSocket clients to hijack connected extension…CVE-2026-40288Criticalpraisonaiagents: PraisonAI has critical RCE via `type: job` workflow YAMLCVE-2026-40287Highpraisonaiagents: PraisonAI Vulnerable to RCE via Automatic tools.py ImportCVE-2026-40315MediumPraisonAI: PraisonAI: SQLiteConversationStore didn't validate table_prefix when constructing SQL queriesCVE-2026-40114HighPraisonAI: PraisonAI Vulnerable to Server-Side Request Forgery via Unvalidated webhook_url in Jobs APICVE-2026-40159MediumPraisonAI: PraisonAI Vulnerable to Sensitive Environment Variable Exposure via Untrusted MCP Subprocess…CVE-2026-40157CriticalPraisonAI: PraisonAI vulnerable to arbitrary file write via path traversal in `praisonai recipe unpack`CVE-2026-40156Highpraisonai: PraisonAI Vulnerable to Implicit Execution of Arbitrary Code via Automatic `tools.py` LoadingCVE-2026-40148MediumPraisonAI: PraisonAI Vulnerable to Decompression Bomb DoS via Recipe Bundle Extraction Without Size LimitsCVE-2026-40154CriticalPraisonAI: PraisonAI Vulnerable Untrusted Remote Template Code ExecutionGHSA-QWGJ-RRPJ-75XMHighPraisonAI: PraisonAI: Hardcoded `approval_mode="auto"` in Chainlit UI Overrides Administrator Configuration,…CVE-2026-40158HighPraisonAI: PraisonAI Vulnerable to Code Injection and Protection Mechanism FailureCVE-2026-40151MediumPraisonAI: PraisonAI: Unauthenticated Information Disclosure of Agent Instructions via /api/agents in AgentOSCVE-2026-40149HighPraisonAI: PraisonAI: Unauthenticated Allow-List Manipulation Bypasses Agent Tool Approval Safety ControlsCVE-2026-40115MediumPraisonAI: PraisonAI has Unrestricted Upload Size in WSGI Recipe Registry Server that Enables Memory…CVE-2026-40116HighPraisonAI: PraisonAI: Unauthenticated WebSocket Endpoint Proxies to Paid OpenAI Realtime API Without Rate…CVE-2026-40113HighPraisonAI: PraisonAI Vulnerable to Argument Injection into Cloud Run Environment Variables via Unsanitized…CVE-2026-40112MediumPraisonAI: PraisonAI Vulnerable to Stored XSS via Unsanitized Agent Output in HTML Rendering (nh3 Not a…CVE-2026-40088CriticalPraisonAI: PraisonAI Vulnerable to OS Command InjectionCVE-2026-39891Highpraisonai: PraisonAI has Template Injection in Agent Tool DefinitionsCVE-2026-39889Highpraisonai: PraisonAI Has Unauthenticated SSE Event Stream that Exposes All Agent Activity in A2U ServerCVE-2026-39890Criticalpraisonai: PraisonAI Vulnerable to Remote Code Execution via YAML Deserialization in Agent Definition LoadingCVE-2026-35615CriticalPraisonAI: PraisonAI Has Path Traversal in FileToolsCVE-2026-39308HighPraisonAI: PraisonAI recipe registry publish path traversal allows out-of-root file write

Stop the waste.
Protect your environment with Kodem.