Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| GHSA-f38v-77qj-h4jq |
|
Authentication Bypass in praisonai-platform (GHSA-f38v-77qj-h4jq)
authentication bypass in praisonai-platform (GHSA-f38v-77qj-h4jq). Risk of unauthorized operations or information disclosure. Exploitable via `GET /{workspace_id}/members`. Mitigation: upgrade to `0.1.6` or later.
|
| GHSA-29w3-p9w9-wc47 |
|
Path Traversal in praisonai (GHSA-29w3-p9w9-wc47)
path traversal in praisonai (GHSA-29w3-p9w9-wc47). Risk of unauthorized operations or information disclosure. Exploitable via ``multiedit``. Mitigation: upgrade to `4.6.61` or later.
|
| GHSA-jxcw-qp4h-6jfq |
|
Information Disclosure in praisonai (GHSA-jxcw-qp4h-6jfq)
vulnerability in praisonai (GHSA-jxcw-qp4h-6jfq). Risk of unauthorized operations or information disclosure. Exploitable via ``praisonai``. Mitigation: upgrade to `4.6.61` or later.
|
| GHSA-7qw2-w5rc-37x2 |
|
OS Command Injection in praisonai (GHSA-7qw2-w5rc-37x2)
OS command injection in praisonai (GHSA-7qw2-w5rc-37x2). Risk of unauthorized operations or information disclosure. Exploitable via ``TEMPLATE.yaml``. Mitigation: upgrade to `4.6.61` or later.
|
| GHSA-5jv7-2mjm-h6qj |
|
OS Command Injection in praisonai (GHSA-5jv7-2mjm-h6qj)
OS command injection in praisonai (GHSA-5jv7-2mjm-h6qj). Risk of unauthorized operations or information disclosure. Exploitable via ``praisonai``. Mitigation: upgrade to `1.7.2` or later.
|
| GHSA-h2w2-v7j6-xqm4 |
|
Vulnerability in praisonai (GHSA-h2w2-v7j6-xqm4)
vulnerability in praisonai (GHSA-h2w2-v7j6-xqm4). Risk of unauthorized operations or information disclosure. Exploitable via ``praisonai``. Mitigation: upgrade to `1.7.2` or later.
|
| GHSA-j4f3-55x4-r6q2 |
|
Vulnerability in praisonai (GHSA-j4f3-55x4-r6q2)
vulnerability in praisonai (GHSA-j4f3-55x4-r6q2). Risk of unauthorized operations or information disclosure. Exploitable via ``praisonai``. Mitigation: upgrade to `1.7.2` or later.
|
| GHSA-9752-mhqh-h34f |
|
Vulnerability in praisonai (GHSA-9752-mhqh-h34f)
vulnerability in praisonai (GHSA-9752-mhqh-h34f). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/agents`. Mitigation: upgrade to `1.7.2` or later.
|
| GHSA-p69m-4f92-2v84 |
|
Code Injection in praisonai (GHSA-p69m-4f92-2v84)
code injection in praisonai (GHSA-p69m-4f92-2v84). Risk of unauthorized operations or information disclosure. Exploitable via ``codeMode``. Mitigation: upgrade to `1.7.2` or later.
|
| GHSA-vjv9-7m7j-h833 |
|
OS Command Injection in praisonai (GHSA-vjv9-7m7j-h833)
OS command injection in praisonai (GHSA-vjv9-7m7j-h833). Risk of unauthorized operations or information disclosure. Exploitable via ``praisonai``. Mitigation: upgrade to `1.7.2` or later.
|
| GHSA-vmmj-pfw7-fjwp |
|
Vulnerability in praisonai (GHSA-vmmj-pfw7-fjwp)
vulnerability in praisonai (GHSA-vmmj-pfw7-fjwp). Risk of unauthorized operations or information disclosure. Exploitable via ``praisonai``. Mitigation: upgrade to `1.7.2` or later.
|
| GHSA-gqmf-56h7-rrpf |
|
Vulnerability in praisonai (GHSA-gqmf-56h7-rrpf)
vulnerability in praisonai (GHSA-gqmf-56h7-rrpf). Risk of unauthorized operations or information disclosure. Exploitable via ``praisonai``. Mitigation: upgrade to `1.7.2` or later.
|
| GHSA-4qq2-2j2x-x62c |
|
Authentication Bypass in praisonai (GHSA-4qq2-2j2x-x62c)
authentication bypass in praisonai (GHSA-4qq2-2j2x-x62c). Risk of unauthorized operations or information disclosure. Exploitable via `Authorization header`. Mitigation: upgrade to `1.7.2` or later.
|
| GHSA-c969-5x3p-vq3v |
|
Vulnerability in praisonaiagents (GHSA-c969-5x3p-vq3v)
vulnerability in praisonaiagents (GHSA-c969-5x3p-vq3v). Risk of unauthorized operations or information disclosure. Exploitable via ``search_emails``. Mitigation: upgrade to `1.6.59` or later.
|
| GHSA-f44v-7qgw-9gh9 |
|
Path Traversal in praisonai (GHSA-f44v-7qgw-9gh9)
path traversal in praisonai (GHSA-f44v-7qgw-9gh9). Risk of unauthorized operations or information disclosure. Exploitable via ``GITHUB_PATTERN``. Mitigation: upgrade to `4.6.59` or later.
|
| GHSA-4jgr-pg2m-m988 |
|
Vulnerability in github.com/dadrus/heimdall (GHSA-4jgr-pg2m-m988)
vulnerability in github.com/dadrus/heimdall (GHSA-4jgr-pg2m-m988). Risk of unauthorized operations or information disclosure. Exploitable via `Host header`. Mitigation: upgrade to `0.17.17` or later.
|
| GHSA-38x9-25wx-7fg2 |
|
Vulnerability in https://github.com/dadrus/heimdall (GHSA-38x9-25wx-7fg2)
vulnerability in https://github.com/dadrus/heimdall (GHSA-38x9-25wx-7fg2). Risk of unauthorized operations or information disclosure. Exploitable via ``trusted_proxies``. Mitigation: upgrade to `0.17.17` or later.
|
| CVE-2026-50141 |
|
Vulnerability in CVE-2026-50141 (CVE-2026-50141)
vulnerability in CVE-2026-50141 (CVE-2026-50141). Risk of unauthorized operations or information disclosure. Exploitable via ``agent_id``.
|
| CVE-2026-11958 |
|
Vulnerability in c (CVE-2026-11958)
vulnerability in c (CVE-2026-11958). Risk of unauthorized operations or information disclosure.
|
| GHSA-gcq3-mfvh-3x25 |
|
Path Traversal in praisonai (GHSA-gcq3-mfvh-3x25)
path traversal in praisonai (GHSA-gcq3-mfvh-3x25). Risk of unauthorized operations or information disclosure. Exploitable via ``CODE_TOOLS``. Mitigation: upgrade to `4.6.59` or later.
|
| GHSA-p75f-6fp4-p57w |
|
OS Command Injection in praisonai (GHSA-p75f-6fp4-p57w)
OS command injection in praisonai (GHSA-p75f-6fp4-p57w). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/mcp/connect`. Mitigation: upgrade to `4.6.59` or later.
|
| GHSA-x92v-rpx6-p6cw |
|
Vulnerability in praisonai (GHSA-x92v-rpx6-p6cw)
vulnerability in praisonai (GHSA-x92v-rpx6-p6cw). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.6.59` or later.
|
| GHSA-rh39-9c67-59mh |
|
Vulnerability in praisonai-platform (GHSA-rh39-9c67-59mh)
vulnerability in praisonai-platform (GHSA-rh39-9c67-59mh). Risk of unauthorized operations or information disclosure. Exploitable via `DELETE /api/v1/workspaces/{workspace_id}/projects/{project_id}`. Mitigation: upgrade to `0.1.6` or later.
|
| GHSA-892r-p3jq-jp24 |
|
Information Disclosure in praisonai (GHSA-892r-p3jq-jp24)
vulnerability in praisonai (GHSA-892r-p3jq-jp24). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/agents`. Mitigation: upgrade to `4.6.59` or later.
|
| GHSA-x8cv-xmq7-p8xp |
|
Vulnerability in praisonaiagents (GHSA-x8cv-xmq7-p8xp)
vulnerability in praisonaiagents (GHSA-x8cv-xmq7-p8xp). Risk of unauthorized operations or information disclosure. Exploitable via `GET /{path}/list`. Mitigation: upgrade to `1.6.59` or later.
|
| GHSA-rjvw-7vvw-549v |
|
Vulnerability in praisonai (GHSA-rjvw-7vvw-549v)
vulnerability in praisonai (GHSA-rjvw-7vvw-549v). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/runs`. Mitigation: upgrade to `4.6.59` or later.
|
| GHSA-fq2m-6wqh-x44g |
|
Code Injection in praisonai (GHSA-fq2m-6wqh-x44g)
code injection in praisonai (GHSA-fq2m-6wqh-x44g). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/runs`. Mitigation: upgrade to `4.6.59` or later.
|
| GHSA-2rcg-mm5h-xchx |
|
Path Traversal in praisonaiagents (GHSA-2rcg-mm5h-xchx)
path traversal in praisonaiagents (GHSA-2rcg-mm5h-xchx). Risk of unauthorized operations or information disclosure. Exploitable via ``workspace_path``. Mitigation: upgrade to `1.6.59` or later.
|
| GHSA-j4hj-7hfh-g2f4 |
|
Vulnerability in praisonai (GHSA-j4hj-7hfh-g2f4)
vulnerability in praisonai (GHSA-j4hj-7hfh-g2f4). Risk of unauthorized operations or information disclosure. Exploitable via `X-API-Key header`. Mitigation: upgrade to `4.6.59` or later.
|
| GHSA-vxgj-xg5c-p4h7 |
|
SSRF (Server-Side Request Forgery) in praisonaiagents (GHSA-vxgj-xg5c-p4h7)
SSRF in praisonaiagents (GHSA-vxgj-xg5c-p4h7). Risk of unauthorized operations or information disclosure. Exploitable via ``SpiderTools._validate_url``. Mitigation: upgrade to `1.6.59` or later.
|
| GHSA-4869-x4pr-q22x |
|
Vulnerability in praisonai (GHSA-4869-x4pr-q22x)
vulnerability in praisonai (GHSA-4869-x4pr-q22x). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/runs`. Mitigation: upgrade to `4.6.59` or later.
|
| GHSA-p4pj-vh7h-6cqh |
|
Path Traversal in praisonai (GHSA-p4pj-vh7h-6cqh)
path traversal in praisonai (GHSA-p4pj-vh7h-6cqh). Risk of unauthorized operations or information disclosure. Exploitable via ``agent_file``. Mitigation: upgrade to `4.6.59` or later.
|
| GHSA-x227-pf99-vffg |
|
Vulnerability in praisonaiagents (GHSA-x227-pf99-vffg)
vulnerability in praisonaiagents (GHSA-x227-pf99-vffg). Risk of unauthorized operations or information disclosure. Exploitable via `Authorization header`. Mitigation: upgrade to `1.6.59` or later.
|
| GHSA-pv2j-rghr-v5r9 |
|
Vulnerability in praisonaiagents (GHSA-pv2j-rghr-v5r9)
vulnerability in praisonaiagents (GHSA-pv2j-rghr-v5r9). Risk of unauthorized operations or information disclosure. Exploitable via ``execute_code``. Mitigation: upgrade to `1.6.59` or later.
|
| GHSA-6h9p-93hq-q7h6 |
|
SSRF (Server-Side Request Forgery) in praisonaiagents (GHSA-6h9p-93hq-q7h6)
SSRF in praisonaiagents (GHSA-6h9p-93hq-q7h6). Risk of unauthorized operations or information disclosure. Exploitable via ``Location``. Mitigation: upgrade to `1.6.59` or later.
|
| GHSA-w6h2-fr4q-xvxv |
|
OS Command Injection in praisonai (GHSA-w6h2-fr4q-xvxv)
OS command injection in praisonai (GHSA-w6h2-fr4q-xvxv). Risk of unauthorized operations or information disclosure. Exploitable via ``LocalManagedAgent``. Mitigation: upgrade to `4.6.59` or later.
|
| GHSA-v847-hxxw-3pxg |
|
OS Command Injection in praisonai (GHSA-v847-hxxw-3pxg)
OS command injection in praisonai (GHSA-v847-hxxw-3pxg). Risk of unauthorized operations or information disclosure. Exploitable via `POST /v1/recipes/stream`. Mitigation: upgrade to `4.6.59` or later.
|
| GHSA-63v4-w882-g4x2 |
|
Cross-Site Scripting (XSS) in praisonai (GHSA-63v4-w882-g4x2)
cross-site scripting in praisonai (GHSA-63v4-w882-g4x2). Risk of unauthorized operations or information disclosure. Exploitable via ``praisonai.bots.HTTPApproval``. Mitigation: upgrade to `4.6.59` or later.
|
| GHSA-fc26-m9pf-v56q |
|
Authentication Bypass in praisonai (GHSA-fc26-m9pf-v56q)
authentication bypass in praisonai (GHSA-fc26-m9pf-v56q). Risk of unauthorized operations or information disclosure. Exploitable via ``LINEAR_WEBHOOK_SECRET``. Mitigation: upgrade to `4.6.59` or later.
|
| GHSA-j7qx-p75m-wp7g |
|
Path Traversal in praisonai (GHSA-j7qx-p75m-wp7g)
path traversal in praisonai (GHSA-j7qx-p75m-wp7g). Risk of unauthorized operations or information disclosure. Exploitable via ``artifact_tail``. Mitigation: upgrade to `4.6.59` or later.
|
| GHSA-qvpf-j64c-jmhr |
|
Vulnerability in praisonai (GHSA-qvpf-j64c-jmhr)
vulnerability in praisonai (GHSA-qvpf-j64c-jmhr). Risk of unauthorized operations or information disclosure. Exploitable via ``app_mention``. Mitigation: upgrade to `4.6.59` or later.
|
| GHSA-5qw8-f2g9-ff29 |
|
Authentication Bypass in praisonai (GHSA-5qw8-f2g9-ff29)
authentication bypass in praisonai (GHSA-5qw8-f2g9-ff29). Risk of unauthorized operations or information disclosure. Exploitable via `GET /v1/recipes`. Mitigation: upgrade to `4.6.59` or later.
|
| GHSA-vmf9-xx9w-86wx |
|
Vulnerability in praisonaiagents (GHSA-vmf9-xx9w-86wx)
vulnerability in praisonaiagents (GHSA-vmf9-xx9w-86wx). Risk of unauthorized operations or information disclosure. Exploitable via ``mcp.server.sse.SseServerTransport``. Mitigation: upgrade to `1.6.59` or later.
|
| GHSA-22cj-m4wf-fv2c |
|
Path Traversal in praisonai (GHSA-22cj-m4wf-fv2c)
path traversal in praisonai (GHSA-22cj-m4wf-fv2c). Risk of unauthorized operations or information disclosure. Exploitable via ``history_search``. Mitigation: upgrade to `4.6.59` or later.
|
| GHSA-8579-rgg5-ph2m |
|
Vulnerability in praisonai (GHSA-8579-rgg5-ph2m)
vulnerability in praisonai (GHSA-8579-rgg5-ph2m). Risk of unauthorized operations or information disclosure. Exploitable via ``praisonai.bots.DiscordApproval``. Mitigation: upgrade to `4.6.59` or later.
|
| CVE-2026-55669 |
|
Vulnerability in github.com/zitadel/zitadel (CVE-2026-55669)
vulnerability in github.com/zitadel/zitadel (CVE-2026-55669). Risk of unauthorized operations or information disclosure. Exploitable via ``iss``. Mitigation: upgrade to `1.80.0-v2.20.0.20260615132747-d184e976fc79` or later.
|
| GHSA-wxg7-w2v3-w38g |
|
Vulnerability in github.com/zitadel/zitadel (GHSA-wxg7-w2v3-w38g)
vulnerability in github.com/zitadel/zitadel (GHSA-wxg7-w2v3-w38g). Risk of unauthorized operations or information disclosure. Exploitable via ``exp``. Mitigation: upgrade to `1.80.0-v2.20.0.20260615122908-fad02c6d9f45` or later.
|
| CVE-2026-55672 |
|
Authentication Bypass in github.com/zitadel/zitadel (CVE-2026-55672)
authentication bypass in github.com/zitadel/zitadel (CVE-2026-55672). Confidential information can be exposed externally. Exploitable via ``CodeExchange``. Mitigation: upgrade to `1.80.0-v2.20.0.20260616131956-0973b074b488` or later.
|
| GHSA-35w5-pcw4-jx94 |
|
Vulnerability in praisonaiagents (GHSA-35w5-pcw4-jx94)
vulnerability in praisonaiagents (GHSA-35w5-pcw4-jx94). Risk of unauthorized operations or information disclosure. Exploitable via ``ServerConfig``. Mitigation: upgrade to `1.6.59` or later.
|
| CVE-2026-55670 |
|
Vulnerability in github.com/zitadel/zitadel (CVE-2026-55670)
vulnerability in github.com/zitadel/zitadel (CVE-2026-55670). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.80.0-v2.20.0.20260615092437-6082e59d47c1` or later.
|