Security: MervinPraison/PraisonAI
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
HTTPApproval Dashboard XSS Can Approve Dangerous ToolsGHSA-63v4-w882-g4x2 published
Jun 17, 2026 by MervinPraisonHigh -
GitHub Template Cache Path Traversal Allows Outside-Cache File Write and Directory DeletionGHSA-f44v-7qgw-9gh9 published
Jun 17, 2026 by MervinPraisonHigh -
Code Agent Tools Fail Open Without a Workspace BoundaryGHSA-gcq3-mfvh-3x25 published
Jun 17, 2026 by MervinPraisonHigh -
AgentOS Remains Unauthenticated After GHSA-pm96 and Allows Remote Agent InvocationGHSA-892r-p3jq-jp24 published
Jun 17, 2026 by MervinPraisonCritical -
Compute-Bridged File Tools Allow Shell Command InjectionGHSA-w6h2-fr4q-xvxv published
Jun 17, 2026 by MervinPraisonHigh -
Jobs Webhook SSRF Protection Bypass via DNS RebindingGHSA-rjvw-7vvw-549v published
Jun 17, 2026 by MervinPraisonHigh -
SpiderTools Redirect-Target SSRF Protection BypassGHSA-6h9p-93hq-q7h6 published
Jun 17, 2026 by MervinPraisonModerate -
AgentTeam.launch Exposes Unauthenticated Remote Agent Listing and Invocation EndpointsGHSA-x8cv-xmq7-p8xp published
Jun 17, 2026 by MervinPraisonCritical -
Workflow Include Bypasses tools.py Autoload Opt-In and Executes Included Recipe CodeGHSA-hxmv-c4g6-5fqc published
Jun 13, 2026 by MervinPraisonHigh -
web_crawl SSRF Protection Bypass via Unchecked Redirect TargetsGHSA-8hjw-25cg-g52h published
Jun 13, 2026 by MervinPraisonHigh