Security: MervinPraison/PraisonAI
Security
No security policy detected
This project has not set up a SECURITY.md file yet.
Report a vulnerability-
Path Traversal in FileToolsGHSA-693f-pf34-72c5 published
Apr 5, 2026 by MervinPraisonCritical -
Arbitrary File Write (Zip Slip) in Templates ExtractionGHSA-4ph2-f6pf-79wv published
Apr 5, 2026 by MervinPraisonHigh -
Arbitrary File Write / Path Traversal in Action OrchestratorGHSA-jfxc-v5g9-38xr published
Apr 5, 2026 by MervinPraisonCritical -
PraisonAI recipe registry pull path traversal writes files outside the chosen output directoryGHSA-4rx4-4r3x-6534 published
Apr 5, 2026 by MervinPraisonHigh -
PraisonAI recipe registry publish path traversal allows out-of-root file writeGHSA-r9x3-wx45-2v7f published
Apr 5, 2026 by MervinPraisonHigh -
Sandbox Escape via shell=True and Bypassable Blocklist in SubprocessSandbox -- PraisonAIGHSA-r4f2-3m54-pp7q published
Mar 31, 2026 by MervinPraisonHigh -
SSRF in FileTools.download_file() via Unvalidated URL -- PraisonAIGHSA-44c2-3rw4-5gvh published
Mar 31, 2026 by MervinPraisonHigh -
Missing Authentication in WebSocket Gateway -- PraisonAIGHSA-cfh6-vr3j-qc3g published
Mar 31, 2026 by MervinPraisonCritical -
Authentication Bypass in OAuthManager.validate_token() -- PraisonAIGHSA-98f9-fqg5-hvq5 published
Mar 31, 2026 by MervinPraisonCritical -
Second-Order SQL Injection in `get_all_user_threads` -- PraisonAIGHSA-9cq8-3v94-434g published
Mar 31, 2026 by MervinPraisonCritical
Learn more about advisories related to MervinPraison/PraisonAI in the GitHub Advisory Database