Security: MervinPraison/PraisonAI
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Server-Side Request Forgery (SSRF) in SearxNG / search_web tools via attacker-controlled searxng_url parameterGHSA-4pcv-mg8v-vrgf published
Jun 17, 2026 by MervinPraisonHigh -
A2U Incomplete Authentication Fix Leaves `praisonai serve` Unauthenticated by DefaultGHSA-jxcw-qp4h-6jfq published
Jun 17, 2026 by MervinPraisonHigh -
DiscordApproval Accepts Unrelated Channel Messages as Dangerous-Tool ApprovalsGHSA-8579-rgg5-ph2m published
Jun 17, 2026 by MervinPraisonHigh -
Dynamic Context History and Terminal Tools Read Files Outside Configured Storage via Path TraversalGHSA-22cj-m4wf-fv2c published
Jun 17, 2026 by MervinPraisonHigh -
Dynamic-Context Artifact Tools Read Arbitrary Host Files Outside Artifact StorageGHSA-j7qx-p75m-wp7g published
Jun 17, 2026 by MervinPraisonHigh -
npm Package: MCPSecurity Basic/OAuth Policies Accept Invalid CredentialsGHSA-4qq2-2j2x-x62c published
Jun 17, 2026 by MervinPraisonHigh -
npm Package: safe-command Wrapper Allowlist Bypass via Shell ChainingGHSA-5jv7-2mjm-h6qj published
Jun 17, 2026 by MervinPraisonHigh -
npm Package: SandboxExecutor Network Isolation Bypass for Non-Proxy-Aware ClientsGHSA-gqmf-56h7-rrpf published
Jun 17, 2026 by MervinPraisonHigh -
npm Package: SandboxExecutor allowedCommands Bypass via Shell ChainingGHSA-vjv9-7m7j-h833 published
Jun 17, 2026 by MervinPraisonHigh -
npm Package: AgentLoop onToolCall Approval Runs After Tool ExecutionGHSA-h2w2-v7j6-xqm4 published
Jun 17, 2026 by MervinPraisonHigh