Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-44340 |
|
Path Traversal in PraisonAI (CVE-2026-44340)
path traversal in PraisonAI (CVE-2026-44340). Data can be tampered with by attackers. Exploitable via ``_safe_extractall``. Mitigation: upgrade to `4.6.37` or later.
|
| CVE-2026-44334 |
|
Code Injection in praisonai (CVE-2026-44334)
code injection in praisonai (CVE-2026-44334). Successful exploitation can lead to full system takeover. Exploitable via `POST /v1/recipes/run`. Mitigation: upgrade to `4.5.139` or later.
|
| CVE-2026-44335 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44335)
SSRF in ssrf (CVE-2026-44335). Successful exploitation can lead to full system takeover. Exploitable via ``requests``. Mitigation: upgrade to `>= 1.6.32` or later.
|
| CVE-2026-44336 |
|
Vulnerability in praison (CVE-2026-44336)
vulnerability in praison (CVE-2026-44336). Successful exploitation can lead to full system takeover. Exploitable via ``praisonai.rules.create``.
|
| CVE-2026-44337 |
|
Vulnerability in PraisonAI (CVE-2026-44337)
vulnerability in PraisonAI (CVE-2026-44337). Risk of unauthorized operations or information disclosure. Exploitable via ``name``. Mitigation: upgrade to `4.6.34` or later.
|
| CVE-2026-44338 |
|
Vulnerability in PraisonAI (CVE-2026-44338)
vulnerability in PraisonAI (CVE-2026-44338). Risk of unauthorized operations or information disclosure. Exploitable via `POST /chat`. Mitigation: upgrade to `4.6.34` or later.
|
| CVE-2026-44339 |
|
Vulnerability in praisonaiagents (CVE-2026-44339)
vulnerability in praisonaiagents (CVE-2026-44339). Data can be tampered with by attackers. Exploitable via ``praisonaiagents``. Mitigation: upgrade to `1.6.37` or later.
|
| CVE-2026-41496 |
|
SQL Injection in praisonai (CVE-2026-41496)
SQL injection in praisonai (CVE-2026-41496). Confidential information can be exposed externally. Exploitable via ``SQLiteConversationStore``. Mitigation: upgrade to `4.5.149` or later.
|
| CVE-2026-41497 |
|
Command Injection in praison (CVE-2026-41497)
command injection in praison (CVE-2026-41497). Successful exploitation can lead to full system takeover. Exploitable via ``bash``. Mitigation: upgrade to `>= 4.6.9` or later.
|