HIGH 8.2 npm
GHSA-4qq2-2j2x-x62c npm PraisonAI MCPSecurity Basic/OAuth authentication policies accept invalid credentials without validation
Modified: 6/18/2026
package
npm / praisonai
pkg:npm/praisonai
HIGH 8.8 npm
GHSA-5jv7-2mjm-h6qj npm PraisonAI utility shell safe-command wrapper allowlist bypass via shell chaining
Modified: 6/18/2026
CRITICAL 9.4 npm
GHSA-9752-mhqh-h34f npm PraisonAI AgentOS exposes unauthenticated agent listing and invocation
Modified: 6/18/2026
HIGH 7.6 npm
GHSA-gqmf-56h7-rrpf npm PraisonAI SandboxExecutor network-isolated mode does not block non-proxy-aware network clients
Modified: 6/18/2026
HIGH 8.8 npm
GHSA-h2w2-v7j6-xqm4 npm PraisonAI AgentLoop onToolCall approval runs after tool execution
Modified: 6/18/2026
CRITICAL 9.8 npm
GHSA-j4f3-55x4-r6q2 npm PraisonAI MCPServer exposes unauthenticated HTTP tools/call
Modified: 6/18/2026
CRITICAL 9.8 npm
GHSA-p69m-4f92-2v84 PraisonAI: Remote Code Execution via Sandbox Escape in `codeMode` Tool
Modified: 6/18/2026
HIGH 8.8 npm
GHSA-vjv9-7m7j-h833 npm PraisonAI SandboxExecutor allowedCommands bypass via shell chaining
Modified: 6/18/2026
CRITICAL 9.9 npm
GHSA-vmmj-pfw7-fjwp npm PraisonAI codeMode sandbox escape via Function constructor
Modified: 6/18/2026