Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-49276 Vulnerability in getkirby/cms (CVE-2026-49276)
vulnerability in getkirby/cms (CVE-2026-49276). Risk of unauthorized operations or information disclosure. Exploitable via ``writer``. Mitigation: upgrade to `5.4.4` or later.
CVE-2026-49274 Vulnerability in getkirby/cms (CVE-2026-49274)
vulnerability in getkirby/cms (CVE-2026-49274). Risk of unauthorized operations or information disclosure. Exploitable via ``pages``. Mitigation: upgrade to `5.4.4` or later.
CVE-2026-47256 Path Traversal in github.com/open-telemetry/opentelemetry-collector-contrib/exporter/sentryexporter (CVE-2026-47256)
path traversal in github.com/open-telemetry/opentelemetry-collector-contrib/exporter/sentryexporter (CVE-2026-47256). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.154.0` or later.
CVE-2026-44727 Cross-Site Scripting (XSS) in jupyter-server (CVE-2026-44727)
cross-site scripting in jupyter-server (CVE-2026-44727). Risk of unauthorized operations or information disclosure. Exploitable via ``nbconvert.HTMLExporter``. Mitigation: upgrade to `2.20.0` or later.
CVE-2026-12567 Vulnerability in bbot (CVE-2026-12567)
vulnerability in bbot (CVE-2026-12567). Risk of unauthorized operations or information disclosure. Exploitable via ``github_workflows``. Mitigation: upgrade to `2.8.5` or later.
CVE-2026-12568 Path Traversal in bbot (CVE-2026-12568)
path traversal in bbot (CVE-2026-12568). Data can be tampered with by attackers. Exploitable via ``postman_download``. Mitigation: upgrade to `2.8.6` or later.
CVE-2026-12566 SSRF (Server-Side Request Forgery) in bbot (CVE-2026-12566)
SSRF in bbot (CVE-2026-12566). Risk of unauthorized operations or information disclosure. Exploitable via ``docker_pull``. Mitigation: upgrade to `2.8.5` or later.
CVE-2026-12565 Path Traversal in bbot (CVE-2026-12565)
path traversal in bbot (CVE-2026-12565). Data can be tampered with by attackers. Exploitable via ``unarchive``. Mitigation: upgrade to `2.8.5` or later.
CVE-2026-55890 Cross-Site Scripting (XSS) in getgrav/grav (CVE-2026-55890)
cross-site scripting in getgrav/grav (CVE-2026-55890). Risk of unauthorized operations or information disclosure. Exploitable via ``style``. Mitigation: upgrade to `2.0.0-rc.9` or later.
GHSA-2fjj-qqg8-fg7x Vulnerability in praisonai-platform (GHSA-2fjj-qqg8-fg7x)
vulnerability in praisonai-platform (GHSA-2fjj-qqg8-fg7x). Risk of unauthorized operations or information disclosure. Exploitable via `GET /workspaces/W_A/projects/P_A/stats`. Mitigation: upgrade to `0.1.4` or later.
CVE-2026-55885 Vulnerability in getgrav/grav (CVE-2026-55885)
vulnerability in getgrav/grav (CVE-2026-55885). Confidential information can be exposed externally. Exploitable via ``root``. Mitigation: upgrade to `1.7.53` or later.
GHSA-j99q-93c9-h869 Vulnerability in @bitbonsai/mcpvault (GHSA-j99q-93c9-h869)
vulnerability in @bitbonsai/mcpvault (GHSA-j99q-93c9-h869). Risk of unauthorized operations or information disclosure. Exploitable via ``node_modules``. Mitigation: upgrade to `0.11.4` or later.
GHSA-jm82-fx9c-mx94 Vulnerability in pypdf (GHSA-jm82-fx9c-mx94)
vulnerability in pypdf (GHSA-jm82-fx9c-mx94). Risk of unauthorized operations or information disclosure. Exploitable via ``MAX_DECLARED_STREAM_LENGTH``. Mitigation: upgrade to `6.13.3` or later.
CVE-2026-55686 Vulnerability in github.com/containers/podman/v5 (CVE-2026-55686)
vulnerability in github.com/containers/podman/v5 (CVE-2026-55686). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.7.1` or later.
GHSA-p6gq-j5cr-w38f Vulnerability in nodemailer (GHSA-p6gq-j5cr-w38f)
vulnerability in nodemailer (GHSA-p6gq-j5cr-w38f). Risk of unauthorized operations or information disclosure. Exploitable via ``raw``. Mitigation: upgrade to `9.0.1` or later.
GHSA-cmwh-pvxp-8882 Cross-Site Scripting (XSS) in dompurify (GHSA-cmwh-pvxp-8882)
cross-site scripting in dompurify (GHSA-cmwh-pvxp-8882). Risk of unauthorized operations or information disclosure. Exploitable via ``uponSanitizeAttribute``. Mitigation: upgrade to `3.4.11` or later.
GHSA-cwj8-7gp2-ggcw Vulnerability in praisonai-platform (GHSA-cwj8-7gp2-ggcw)
vulnerability in praisonai-platform (GHSA-cwj8-7gp2-ggcw). Risk of unauthorized operations or information disclosure. Exploitable via ``PLATFORM_JWT_SECRET``. Mitigation: upgrade to `0.1.6` or later.
GHSA-6jcq-6546-qrrw Vulnerability in praisonai (GHSA-6jcq-6546-qrrw)
vulnerability in praisonai (GHSA-6jcq-6546-qrrw). Risk of unauthorized operations or information disclosure. Exploitable via ``praisonai.sandbox.SandlockSandbox``. Mitigation: upgrade to `4.6.61` or later.
GHSA-8ccj-p46r-jwqq Authentication Bypass in praisonai (GHSA-8ccj-p46r-jwqq)
authentication bypass in praisonai (GHSA-8ccj-p46r-jwqq). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/agents/any-agent/invoke`. Mitigation: upgrade to `4.6.61` or later.
GHSA-4pcv-mg8v-vrgf Vulnerability in praisonaiagents (GHSA-4pcv-mg8v-vrgf)
vulnerability in praisonaiagents (GHSA-4pcv-mg8v-vrgf). Risk of unauthorized operations or information disclosure. Exploitable via ``search_web``. Mitigation: upgrade to `1.6.61` or later.
GHSA-f38v-77qj-h4jq Authentication Bypass in praisonai-platform (GHSA-f38v-77qj-h4jq)
authentication bypass in praisonai-platform (GHSA-f38v-77qj-h4jq). Risk of unauthorized operations or information disclosure. Exploitable via `GET /{workspace_id}/members`. Mitigation: upgrade to `0.1.6` or later.
GHSA-29w3-p9w9-wc47 Path Traversal in praisonai (GHSA-29w3-p9w9-wc47)
path traversal in praisonai (GHSA-29w3-p9w9-wc47). Risk of unauthorized operations or information disclosure. Exploitable via ``multiedit``. Mitigation: upgrade to `4.6.61` or later.
GHSA-jxcw-qp4h-6jfq Information Disclosure in praisonai (GHSA-jxcw-qp4h-6jfq)
vulnerability in praisonai (GHSA-jxcw-qp4h-6jfq). Risk of unauthorized operations or information disclosure. Exploitable via ``praisonai``. Mitigation: upgrade to `4.6.61` or later.
GHSA-7qw2-w5rc-37x2 OS Command Injection in praisonai (GHSA-7qw2-w5rc-37x2)
OS command injection in praisonai (GHSA-7qw2-w5rc-37x2). Risk of unauthorized operations or information disclosure. Exploitable via ``TEMPLATE.yaml``. Mitigation: upgrade to `4.6.61` or later.
GHSA-5jv7-2mjm-h6qj OS Command Injection in praisonai (GHSA-5jv7-2mjm-h6qj)
OS command injection in praisonai (GHSA-5jv7-2mjm-h6qj). Risk of unauthorized operations or information disclosure. Exploitable via ``praisonai``. Mitigation: upgrade to `1.7.2` or later.
GHSA-h2w2-v7j6-xqm4 Vulnerability in praisonai (GHSA-h2w2-v7j6-xqm4)
vulnerability in praisonai (GHSA-h2w2-v7j6-xqm4). Risk of unauthorized operations or information disclosure. Exploitable via ``praisonai``. Mitigation: upgrade to `1.7.2` or later.
GHSA-j4f3-55x4-r6q2 Vulnerability in praisonai (GHSA-j4f3-55x4-r6q2)
vulnerability in praisonai (GHSA-j4f3-55x4-r6q2). Risk of unauthorized operations or information disclosure. Exploitable via ``praisonai``. Mitigation: upgrade to `1.7.2` or later.
GHSA-9752-mhqh-h34f Vulnerability in praisonai (GHSA-9752-mhqh-h34f)
vulnerability in praisonai (GHSA-9752-mhqh-h34f). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/agents`. Mitigation: upgrade to `1.7.2` or later.
GHSA-p69m-4f92-2v84 Code Injection in praisonai (GHSA-p69m-4f92-2v84)
code injection in praisonai (GHSA-p69m-4f92-2v84). Risk of unauthorized operations or information disclosure. Exploitable via ``codeMode``. Mitigation: upgrade to `1.7.2` or later.
GHSA-vjv9-7m7j-h833 OS Command Injection in praisonai (GHSA-vjv9-7m7j-h833)
OS command injection in praisonai (GHSA-vjv9-7m7j-h833). Risk of unauthorized operations or information disclosure. Exploitable via ``praisonai``. Mitigation: upgrade to `1.7.2` or later.
GHSA-vmmj-pfw7-fjwp Vulnerability in praisonai (GHSA-vmmj-pfw7-fjwp)
vulnerability in praisonai (GHSA-vmmj-pfw7-fjwp). Risk of unauthorized operations or information disclosure. Exploitable via ``praisonai``. Mitigation: upgrade to `1.7.2` or later.
GHSA-gqmf-56h7-rrpf Vulnerability in praisonai (GHSA-gqmf-56h7-rrpf)
vulnerability in praisonai (GHSA-gqmf-56h7-rrpf). Risk of unauthorized operations or information disclosure. Exploitable via ``praisonai``. Mitigation: upgrade to `1.7.2` or later.
GHSA-4qq2-2j2x-x62c Authentication Bypass in praisonai (GHSA-4qq2-2j2x-x62c)
authentication bypass in praisonai (GHSA-4qq2-2j2x-x62c). Risk of unauthorized operations or information disclosure. Exploitable via `Authorization header`. Mitigation: upgrade to `1.7.2` or later.
GHSA-c969-5x3p-vq3v Vulnerability in praisonaiagents (GHSA-c969-5x3p-vq3v)
vulnerability in praisonaiagents (GHSA-c969-5x3p-vq3v). Risk of unauthorized operations or information disclosure. Exploitable via ``search_emails``. Mitigation: upgrade to `1.6.59` or later.
GHSA-f44v-7qgw-9gh9 Path Traversal in praisonai (GHSA-f44v-7qgw-9gh9)
path traversal in praisonai (GHSA-f44v-7qgw-9gh9). Risk of unauthorized operations or information disclosure. Exploitable via ``GITHUB_PATTERN``. Mitigation: upgrade to `4.6.59` or later.
GHSA-4jgr-pg2m-m988 Vulnerability in github.com/dadrus/heimdall (GHSA-4jgr-pg2m-m988)
vulnerability in github.com/dadrus/heimdall (GHSA-4jgr-pg2m-m988). Risk of unauthorized operations or information disclosure. Exploitable via `Host header`. Mitigation: upgrade to `0.17.17` or later.
GHSA-38x9-25wx-7fg2 Vulnerability in https://github.com/dadrus/heimdall (GHSA-38x9-25wx-7fg2)
vulnerability in https://github.com/dadrus/heimdall (GHSA-38x9-25wx-7fg2). Risk of unauthorized operations or information disclosure. Exploitable via ``trusted_proxies``. Mitigation: upgrade to `0.17.17` or later.
CVE-2026-50141 Vulnerability in CVE-2026-50141 (CVE-2026-50141)
vulnerability in CVE-2026-50141 (CVE-2026-50141). Risk of unauthorized operations or information disclosure. Exploitable via ``agent_id``.
CVE-2026-11958 Vulnerability in c (CVE-2026-11958)
vulnerability in c (CVE-2026-11958). Risk of unauthorized operations or information disclosure.
GHSA-gcq3-mfvh-3x25 Path Traversal in praisonai (GHSA-gcq3-mfvh-3x25)
path traversal in praisonai (GHSA-gcq3-mfvh-3x25). Risk of unauthorized operations or information disclosure. Exploitable via ``CODE_TOOLS``. Mitigation: upgrade to `4.6.59` or later.
GHSA-p75f-6fp4-p57w OS Command Injection in praisonai (GHSA-p75f-6fp4-p57w)
OS command injection in praisonai (GHSA-p75f-6fp4-p57w). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/mcp/connect`. Mitigation: upgrade to `4.6.59` or later.
GHSA-x92v-rpx6-p6cw Vulnerability in praisonai (GHSA-x92v-rpx6-p6cw)
vulnerability in praisonai (GHSA-x92v-rpx6-p6cw). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.6.59` or later.
GHSA-rh39-9c67-59mh Vulnerability in praisonai-platform (GHSA-rh39-9c67-59mh)
vulnerability in praisonai-platform (GHSA-rh39-9c67-59mh). Risk of unauthorized operations or information disclosure. Exploitable via `DELETE /api/v1/workspaces/{workspace_id}/projects/{project_id}`. Mitigation: upgrade to `0.1.6` or later.
GHSA-892r-p3jq-jp24 Information Disclosure in praisonai (GHSA-892r-p3jq-jp24)
vulnerability in praisonai (GHSA-892r-p3jq-jp24). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/agents`. Mitigation: upgrade to `4.6.59` or later.
GHSA-x8cv-xmq7-p8xp Vulnerability in praisonaiagents (GHSA-x8cv-xmq7-p8xp)
vulnerability in praisonaiagents (GHSA-x8cv-xmq7-p8xp). Risk of unauthorized operations or information disclosure. Exploitable via `GET /{path}/list`. Mitigation: upgrade to `1.6.59` or later.
GHSA-rjvw-7vvw-549v Vulnerability in praisonai (GHSA-rjvw-7vvw-549v)
vulnerability in praisonai (GHSA-rjvw-7vvw-549v). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/runs`. Mitigation: upgrade to `4.6.59` or later.
GHSA-fq2m-6wqh-x44g Code Injection in praisonai (GHSA-fq2m-6wqh-x44g)
code injection in praisonai (GHSA-fq2m-6wqh-x44g). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/runs`. Mitigation: upgrade to `4.6.59` or later.
GHSA-2rcg-mm5h-xchx Path Traversal in praisonaiagents (GHSA-2rcg-mm5h-xchx)
path traversal in praisonaiagents (GHSA-2rcg-mm5h-xchx). Risk of unauthorized operations or information disclosure. Exploitable via ``workspace_path``. Mitigation: upgrade to `1.6.59` or later.
GHSA-j4hj-7hfh-g2f4 Vulnerability in praisonai (GHSA-j4hj-7hfh-g2f4)
vulnerability in praisonai (GHSA-j4hj-7hfh-g2f4). Risk of unauthorized operations or information disclosure. Exploitable via `X-API-Key header`. Mitigation: upgrade to `4.6.59` or later.
GHSA-vxgj-xg5c-p4h7 SSRF (Server-Side Request Forgery) in praisonaiagents (GHSA-vxgj-xg5c-p4h7)
SSRF in praisonaiagents (GHSA-vxgj-xg5c-p4h7). Risk of unauthorized operations or information disclosure. Exploitable via ``SpiderTools._validate_url``. Mitigation: upgrade to `1.6.59` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →