Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-2763-cj5r-c79m
  • PyPI/praisonai
 PraisonAI Vulnerable to OS Command Injection 4 hours ago
  • Fix available
  • Severity - 9.6 (Critical)
GHSA-926x-3r5x-gfhw
  • PyPI/langchain-core
 LangChain has incomplete f-string validation in prompt templates 4 hours ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-2679-6mx9-h9xc
  • PyPI/marimo
 Marimo: Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass 4 hours ago
  • Fix available
  • Severity - 9.3 (Critical)
MAL-2026-2517
  • PyPI/kraken-trader
 Malicious code in kraken-trader (PyPI) 5 hours ago
  • No fix available
GHSA-5gfj-64gh-mgmw
  • PyPI/agixt
 AGiXT Vulnerable to Path Traversal in safe_join() 6 hours ago
  • Fix available
  • Severity - 8.8 (High)
GHSA-p423-j2cm-9vmq
  • PyPI/cryptography
 Cryptography vulnerable to buffer overflow if non-contiguous buffers were passed to APIs 6 hours ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-766v-q9x3-g744
  • PyPI/praisonaiagents
 PraisonAI has Memory State Leakage and Path Traversal in MultiAgent Context Handling 6 hours ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-hwg5-x759-7wjg
  • PyPI/praisonai
 PraisonAI has Template Injection in Agent Tool Definitions 6 hours ago
  • Fix available
  • Severity - 8.8 (High)
GHSA-f292-66h9-fpmf
  • PyPI/praisonai
 PraisonAI Has Unauthenticated SSE Event Stream that Exposes All Agent Activity in A2U Server 6 hours ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-qf73-2hrx-xprp
  • PyPI/praisonaiagents
 PraisonAI has sandbox escape via exception frame traversal in `execute_code` (subprocess mode) 6 hours ago
  • Fix available
  • Severity - 9.9 (Critical)
GHSA-32vr-5gcf-3pw2
  • PyPI/praisonai
 PraisonAI Vulnerable to Remote Code Execution via YAML Deserialization in Agent Definition Loading 6 hours ago
  • Fix available
  • Severity - 9.8 (Critical)
GHSA-jpcj-7wfg-mqxv
  • PyPI/stata-mcp
 stata-mcp has insufficient validation of user-supplied Stata do-file content that can lead to command execution 7 hours ago
  • Fix available
  • Severity - 8.7 (High)
MAL-2026-2516
  • PyPI/sentinel-tool
 Malicious code in sentinel-tool (PyPI) 9 hours ago
  • No fix available
GHSA-wr8q-c73g-m7gp
  • PyPI/pretix
 pretix: API leaks check-in data between events of the same organizer 10 hours ago
  • Fix available
  • Severity - 5.5 (Medium)
GHSA-p8xc-w3q4-h64x
  • PyPI/openexr
 OpenEXR: DWA Lossy Decoder Heap Out-of-Bounds Write 10 hours ago
  • Fix available
  • Severity - 8.4 (High)
GHSA-588r-cr5c-w6hf
  • PyPI/openexr
 OpenEXR has a signed 32-bit Overflow in PIZ Decoder Leads to OOB Read/Write 10 hours ago
  • Fix available
  • Severity - 8.6 (High)
Load more...