pkg:PyPI/praisonaiagents

19 total CVEsCRITICAL6HIGH7MEDIUM4

✅ Check your installed version

All known vulnerabilities

  • CRITICAL10.0CVE-2026-34938PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in execute_code
    from 0, < 1.5.90
  • CRITICAL9.9CVE-2026-47392PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)
    from 0, < 1.6.40
  • CRITICAL9.9CVE-2026-39888PraisonAI has sandbox escape via exception frame traversal in `execute_code` (subprocess mode)
    from 0, < 1.5.115
  • CRITICAL9.8CVE-2026-44335PraisonAI has an SSRF bypass
    from 0, < 1.6.32
  • CRITICAL9.8CVE-2026-40288PraisonAI has critical RCE via `type: job` workflow YAML
    from 0, < 1.5.140
  • CRITICAL9.1CVE-2026-40289PraisonAI Browser Server allows unauthenticated WebSocket clients to hijack connected extension sessions
    from 0, < 1.5.140
  • HIGH8.6CVE-2026-44339PraisonAI has unsafe tool resolution in `ToolExecutionMixin.execute_tool`: undeclared `__main__` callables execute
    from 0, < 1.6.37
  • HIGH8.6CVE-2026-34954PraisonAI Has SSRF in FileTools.download_file() via Unvalidated URL
    from 0, < 1.5.95
  • HIGH8.4CVE-2026-40287PraisonAI Vulnerable to RCE via Automatic tools.py Import
    from 0, < 1.5.140
  • HIGH8.1CVE-2026-41496PraisonAI: SQL Injection via unvalidated `table_prefix` in 9 conversation store backends (incomplete fix for CVE-2026-40315)
    from 0, < 1.6.8
  • HIGH7.8CVE-2026-34937PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution
    from 0, < 1.5.90
  • HIGH7.7CVE-2026-40150PraisonAIAgents has SSRF and Local File Read via Unvalidated URLs in web_crawl Tool
    from 0, < 1.5.128
  • HIGH7.4CVE-2026-40153PraisonAIAgents: Environment Variable Secret Exfiltration via os.path.expandvars() Bypassing shell=False in Shell Tool
    from 0, < 1.5.128
  • MEDIUM6.2CVE-2026-40117PraisonAIAgents: Arbitrary File Read via read_skill_file Missing Workspace Boundary and Approval Gate
    from 0, < 1.5.128
  • MEDIUM5.5CVE-2026-47395PraisonAI CLI automatically resolves @url mentions in prompt text and can read loopback URLs into model context
    from 0, < 1.6.40
  • MEDIUM5.5CVE-2026-47390PraisonAI spider_tools SSRF protection bypass via alternate loopback host encodings
    from 0, < 1.6.40
  • MEDIUM5.3CVE-2026-40152PraisonAIAgents: Path Traversal via Unvalidated Glob Pattern in list_files Bypasses Workspace Boundary
    from 0, < 1.5.128
  • CVE-2026-40160PraisonAIAgents: SSRF via unvalidated URL in `web_crawl` httpx fallback
    >= 0.13.23, < 1.5.128
  • CVE-2026-40111PraisonAIAgents has an OS Command Injection via shell=True in Memory Hooks Executor (memory/hooks.py)
    from 0, < 1.5.128