praisonai vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
GHSA-6JCQ-6546-QRRWHighpraisonai: PraisonAI SandlockSandbox falls back to unrestricted subprocess execution when Landlock is…GHSA-8CCJ-P46R-JWQQHighpraisonai: PraisonAI: PRAISONAI_CALL_AUTH=disabled environment variable unconditionally disables authenticationGHSA-29W3-P9W9-WC47Criticalpraisonai: PraisonAI: Arbitrary File Read/Write via `multiedit` Tool Without Path ValidationGHSA-JXCW-QP4H-6JFQHighpraisonai: PraisonAI A2U incomplete authentication fix leaves current serve command unauthenticated by defaultGHSA-7QW2-W5RC-37X2Highpraisonai: PraisonAI recipe workflow policy can be bypassed by declaring and YAML-approving dangerous tools…GHSA-5JV7-2MJM-H6QJHighpraisonai: npm PraisonAI utility shell safe-command wrapper allowlist bypass via shell chainingGHSA-H2W2-V7J6-XQM4Highpraisonai: npm PraisonAI AgentLoop onToolCall approval runs after tool executionGHSA-J4F3-55X4-R6Q2Criticalpraisonai: npm PraisonAI MCPServer exposes unauthenticated HTTP tools/callGHSA-9752-MHQH-H34FCriticalpraisonai: npm PraisonAI AgentOS exposes unauthenticated agent listing and invocationGHSA-P69M-4F92-2V84Criticalpraisonai: PraisonAI: Remote Code Execution via Sandbox Escape in `codeMode` ToolGHSA-VJV9-7M7J-H833Highpraisonai: npm PraisonAI SandboxExecutor allowedCommands bypass via shell chainingGHSA-VMMJ-PFW7-FJWPCriticalpraisonai: npm PraisonAI codeMode sandbox escape via Function constructorGHSA-GQMF-56H7-RRPFHighpraisonai: npm PraisonAI SandboxExecutor network-isolated mode does not block non-proxy-aware network clientsGHSA-4QQ2-2J2X-X62CHighpraisonai: npm PraisonAI MCPSecurity Basic/OAuth authentication policies accept invalid credentials without…GHSA-F44V-7QGW-9GH9Highpraisonai: PraisonAI GitHub template cache path traversal allows outside-cache file write and directory…GHSA-GCQ3-MFVH-3X25Highpraisonai: PraisonAI Code agent tools fail open without a workspace boundaryGHSA-P75F-6FP4-P57WCriticalpraisonai: PraisonAI: Missing Authentication for Critical Function and Improper Neutralization of Special…GHSA-X92V-RPX6-P6CWHighpraisonai: PraisonAI: Webhook signature verification skipped (fail-open) when secret unset, allowing forged…GHSA-892R-P3JQ-JP24Criticalpraisonai: PraisonAI: AgentOS remains unauthenticated after incomplete fix version and allows remote agent…GHSA-RJVW-7VVW-549VHighpraisonai: PraisonAI: Jobs webhook SSRF protection bypass via DNS rebindingGHSA-FQ2M-6WQH-X44GCriticalpraisonai: PraisonAI: Jobs API exposes agent-execution endpoints with no authentication GHSA-J4HJ-7HFH-G2F4Criticalpraisonai: praisonai: recipe serve auth middleware silently disables itself when no secret is setGHSA-4869-X4PR-Q22XCriticalpraisonai: PraisonAI: Unauthenticated RCE via Jobs API + Approval Bypass GHSA-P4PJ-VH7H-6CQHHighpraisonai: PraisonAI: Unauthenticated Local File Inclusion via agent_file path in PraisonAI Jobs APIGHSA-W6H2-FR4Q-XVXVHighpraisonai: PraisonAI: Compute-bridged file tools allow shell command injection

Stop the waste.
Protect your environment with Kodem.