HIGH 8.6 PyPI
GHSA-44c2-3rw4-5gvh · CVE-2026-34954 PraisonAI Has SSRF in FileTools.download_file() via Unvalidated URL
Modified: 4/6/2026
package
PyPI / praisonaiagents
pkg:pypi/praisonaiagents
CRITICAL 9.9 PyPI
GHSA-4mr5-g6f9-cfrh · CVE-2026-47392 PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)
Modified: 5/29/2026
MEDIUM 5.5 PyPI
GHSA-5c6w-wwfq-7qqm · CVE-2026-47390 PraisonAI spider_tools SSRF protection bypass via alternate loopback host encodings
Modified: 5/29/2026
MEDIUM 5.5 PyPI
GHSA-5cxw-77wg-jrf3 · CVE-2026-47395 PraisonAI CLI automatically resolves @url mentions in prompt text and can read loopback URLs into model context
Modified: 5/29/2026
CRITICAL 10.0 PyPI
GHSA-6vh2-h83c-9294 · CVE-2026-34938 PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in execute_code
Modified: 4/6/2026
MEDIUM 6.5 PyPI
GHSA-766v-q9x3-g744 PraisonAI has Memory State Leakage and Path Traversal in MultiAgent Context Handling
Modified: 4/8/2026
MEDIUM 5.3 PyPI
GHSA-7j2f-xc8p-fjmq · CVE-2026-40152 PraisonAIAgents: Path Traversal via Unvalidated Glob Pattern in list_files Bypasses Workspace Boundary
Modified: 4/10/2026
HIGH 7.7 PyPI
GHSA-8f4v-xfm9-3244 · CVE-2026-40150 PraisonAIAgents has SSRF and Local File Read via Unvalidated URLs in web_crawl Tool
Modified: 4/10/2026
CRITICAL 9.1 PyPI
GHSA-8x8f-54wf-vv92 · CVE-2026-40289 PraisonAI Browser Server allows unauthenticated WebSocket clients to hijack connected extension sessions
Modified: 4/14/2026
MEDIUM 5.5 PyPI
GHSA-ffp3-3562-8cv3 PraisonAI: Coarse-Grained Tool Approval Cache Bypasses Per-Invocation Consent for Shell Commands
Modified: 4/10/2026
HIGH 8.4 PyPI
GHSA-g985-wjh9-qxxc · CVE-2026-40287 PraisonAI Vulnerable to RCE via Automatic tools.py Import
Modified: 4/14/2026
HIGH 8.6 PyPI
GHSA-gmjg-hv98-qggq · CVE-2026-44339 PraisonAI has unsafe tool resolution in `ToolExecutionMixin.execute_tool`: undeclared `__main__` callables execute
Modified: 5/11/2026
MEDIUM 6.2 PyPI
GHSA-grrg-5cg9-58pf · CVE-2026-40117 PraisonAIAgents: Arbitrary File Read via read_skill_file Missing Workspace Boundary and Approval Gate
Modified: 4/10/2026
CRITICAL 9.8 PyPI
GHSA-q9pw-vmhh-384g · CVE-2026-44335 PraisonAI has an SSRF bypass
Modified: 5/12/2026
CRITICAL 9.9 PyPI
GHSA-qf73-2hrx-xprp · CVE-2026-39888 PraisonAI has sandbox escape via exception frame traversal in `execute_code` (subprocess mode)
Modified: 4/9/2026
HIGH PyPI
GHSA-qq9r-63f6-v542 · CVE-2026-40160 PraisonAIAgents: SSRF via unvalidated URL in `web_crawl` httpx fallback
Modified: 4/10/2026
HIGH 8.1 PyPI
GHSA-rg3h-x3jw-7jm5 · CVE-2026-41496 PraisonAI: SQL Injection via unvalidated `table_prefix` in 9 conversation store backends (incomplete fix for CVE-2026-40315)
Modified: 5/12/2026
CRITICAL PyPI
GHSA-v7px-3835-7gjx · CVE-2026-40111 PraisonAIAgents has an OS Command Injection via shell=True in Memory Hooks Executor (memory/hooks.py)
Modified: 4/10/2026
HIGH 7.4 PyPI
GHSA-v8g7-9q6v-p3x8 · CVE-2026-40153 PraisonAIAgents: Environment Variable Secret Exfiltration via os.path.expandvars() Bypassing shell=False in Shell Tool
Modified: 4/10/2026
CRITICAL 9.8 PyPI
GHSA-vc46-vw85-3wvm · CVE-2026-40288 PraisonAI has critical RCE via `type: job` workflow YAML
Modified: 4/14/2026
HIGH 7.8 PyPI
GHSA-w37c-qqfp-c67f · CVE-2026-34937 PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution
Modified: 4/6/2026
HIGH 8.1 PyPI
GHSA-x462-jjpc-q4q4 PraisonAI: Cross-Origin Agent Execution via Hardcoded Wildcard CORS and Missing Authentication on AGUI Endpoint
Modified: 4/10/2026