pkg:PyPI/praisonai

共 50 筆 CVECRITICAL16HIGH20MEDIUM9

✅ 檢查你的版本

所有已知漏洞

  • CRITICAL9.9CVE-2026-47392PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)
    from 0, < 4.6.40
  • CRITICAL9.8CVE-2026-47391PraisonAI's unauthenticated A2A official example can reach real LLM-driven `eval()` tool execution
    from 0, < 4.6.40
  • CRITICAL9.8CVE-2026-47393PraisonAI `deploy --type api` emits a Flask server with authentication disabled by default
    from 0, < 4.6.40
  • CRITICAL9.8CVE-2026-47396PraisonAI call server exposes unauthenticated agent listing, invocation, and deletion when CALL_SERVER_TOKEN is unset
    from 0, < 4.6.40
  • CRITICAL9.8CVE-2026-41497PraisonAI has an incomplete fix for CVE-2026-34935 - OS Command Injection
    from 0, < 4.5.149
  • CRITICAL9.8CVE-2026-40288PraisonAI has critical RCE via `type: job` workflow YAML
    from 0, < 4.5.139
  • CRITICAL9.8CVE-2026-39890PraisonAI Vulnerable to Remote Code Execution via YAML Deserialization in Agent Definition Loading
    from 0, < 4.5.115
  • CRITICAL9.8CVE-2026-34934PraisonAI Has Second-Order SQL Injection in `get_all_user_threads`
    from 0, < 4.5.90
  • CRITICAL9.8CVE-2026-34935PraisonAI: OS Command Injection in MCPHandler.parse_mcp_command()
    >= 4.5.15, < 4.5.69
  • CRITICAL9.6CVE-2026-44336PraisonAI MCP `tools/call` path-traversal => RCE via Python `.pth` injection
    from 0, < 4.6.34
  • CRITICAL9.6CVE-2026-40088PraisonAI Vulnerable to OS Command Injection
    from 0, < 4.5.121
  • CRITICAL9.3CVE-2026-40154PraisonAI Vulnerable Untrusted Remote Template Code Execution
    from 0, < 4.5.128
  • CRITICAL9.1CVE-2026-40289PraisonAI Browser Server allows unauthenticated WebSocket clients to hijack connected extension sessions
    from 0, < 4.5.139
  • CRITICAL9.1CVE-2026-34953PraisonAI Has Authentication Bypass via OAuthManager.validate_token()
    from 0, < 4.5.97
  • CRITICAL9.1CVE-2026-34952PraisonAI Has Missing Authentication in WebSocket Gateway
    from 0, < 4.5.97
  • CRITICAL9.0CVE-2026-39305PraisonAI Vulnerable to Arbitrary File Write / Path Traversal in Action Orchestrator
    from 0, < 4.5.113
  • HIGH8.8CVE-2026-39891PraisonAI has Template Injection in Agent Tool Definitions
    from 0, < 4.5.115
  • HIGH8.8CVE-2026-34955PraisonAI Has Sandbox Escape via shell=True and Bypassable Blocklist in SubprocessSandbox
    from 0, < 4.5.97
  • HIGH8.6CVE-2026-44339PraisonAI has unsafe tool resolution in `ToolExecutionMixin.execute_tool`: undeclared `__main__` callables execute
    from 0, < 4.6.37
  • HIGH8.6CVE-2026-40158PraisonAI Vulnerable to Code Injection and Protection Mechanism Failure
    from 0, < 4.5.128
  • HIGH8.4CVE-2026-44334PraisonAI has unauthenticated RCE via `tool_override.py` (CVE-2026-40287 patch bypass)
    >= 4.5.139, < 4.6.32
  • HIGH8.4CVE-2026-40287PraisonAI Vulnerable to RCE via Automatic tools.py Import
    from 0, < 4.5.139
  • HIGH8.4CVE-2026-40113PraisonAI Vulnerable to Argument Injection into Cloud Run Environment Variables via Unsanitized Comma in gcloud --set-env-vars
    from 0, < 4.5.128
  • HIGH8.1CVE-2026-47398PraisonAI: Arbitrary code execution via unguarded `spec.loader.exec_module` in `agents_generator.py` - sibling of CVE-2026-44334
    from 0, < 4.6.40
  • HIGH8.1CVE-2026-41496PraisonAI: SQL Injection via unvalidated `table_prefix` in 9 conversation store backends (incomplete fix for CVE-2026-40315)
    from 0, < 4.5.149
  • HIGH8.1CVE-2026-39307PraisonAI Has Arbitrary File Write (Zip Slip) in Templates Extraction
    from 0, < 4.5.113
  • HIGH7.9CVE-2026-40149PraisonAI: Unauthenticated Allow-List Manipulation Bypasses Agent Tool Approval Safety Controls
    from 0, < 4.5.128
  • HIGH7.8CVE-2026-40156PraisonAI Vulnerable to Implicit Execution of Arbitrary Code via Automatic `tools.py` Loading
    from 0, < 4.5.128
  • HIGH7.7CVE-2026-34936PraisonAI: SSRF via Unvalidated api_base in passthrough() Fallback
    from 0, < 4.5.90
  • HIGH7.5CVE-2026-44340PraisonAI's symlink-extraction bypass of `_safe_extractall` writes outside `dest_dir`
    from 0, < 4.6.37
  • HIGH7.5CVE-2026-40116PraisonAI: Unauthenticated WebSocket Endpoint Proxies to Paid OpenAI Realtime API Without Rate Limits
    from 0, < 4.5.128
  • HIGH7.5CVE-2026-39889PraisonAI Has Unauthenticated SSE Event Stream that Exposes All Agent Activity in A2U Server
    from 0, < 4.5.115
  • HIGH7.3CVE-2026-44338PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution
    >= 2.5.6, < 4.6.34
  • HIGH7.3CVE-2026-39306PraisonAI recipe registry pull path traversal writes files outside the chosen output directory
    from 0, < 4.5.113
  • HIGH7.2CVE-2026-40114PraisonAI Vulnerable to Server-Side Request Forgery via Unvalidated webhook_url in Jobs API
    from 0, < 4.5.128
  • HIGH7.1CVE-2026-39308PraisonAI recipe registry publish path traversal allows out-of-root file write
    from 0, < 4.5.113
  • MEDIUM6.5CVE-2026-40148PraisonAI Vulnerable to Decompression Bomb DoS via Recipe Bundle Extraction Without Size Limits
    from 0, < 4.5.128
  • MEDIUM6.5CVE-2026-34939PraisonAI Has ReDoS via Unvalidated User-Controlled Regex in MCPToolIndex.search_tools()
    from 0, < 4.5.90
  • MEDIUM6.3CVE-2026-44337PraisonAI knowledge-store backends interpolate unvalidated collection names into SQL and CQL queries
    >= 2.4.1, < 4.6.34
  • MEDIUM6.2CVE-2026-40115PraisonAI has Unrestricted Upload Size in WSGI Recipe Registry Server that Enables Memory Exhaustion DoS
    from 0, < 4.5.128
  • MEDIUM5.5CVE-2026-47395PraisonAI CLI automatically resolves @url mentions in prompt text and can read loopback URLs into model context
    from 0, < 4.6.40
  • MEDIUM5.5CVE-2026-47390PraisonAI spider_tools SSRF protection bypass via alternate loopback host encodings
    from 0, < 4.6.40
  • MEDIUM5.5CVE-2026-40159PraisonAI Vulnerable to Sensitive Environment Variable Exposure via Untrusted MCP Subprocess Execution
    from 0, < 4.5.128
  • MEDIUM5.4CVE-2026-40112PraisonAI Vulnerable to Stored XSS via Unsanitized Agent Output in HTML Rendering (nh3 Not a Required Dependency)
    from 0, < 4.5.128
  • MEDIUM5.3CVE-2026-40151PraisonAI: Unauthenticated Information Disclosure of Agent Instructions via /api/agents in AgentOS
    from 0, < 4.5.128
  • CVE-2026-47397PraisonAI has an Arbitrary File Write in Python API
    from 0, < 4.6.40
  • CVE-2026-47394PraisonAI vulnerable to unauthenticated arbitrary file read via MCP workflow.show, workflow.validate, deploy.validate
    from 0, < 4.6.40
  • CVE-2026-40315PraisonAI: SQLiteConversationStore didn't validate table_prefix when constructing SQL queries
    from 0, < 4.5.133
  • CVE-2026-40157PraisonAI vulnerable to arbitrary file write via path traversal in `praisonai recipe unpack`
    >= 2.7.2, < 4.5.128
  • CVE-2026-35615PraisonAI Has Path Traversal in FileTools
    from 0, < 1.5.113