Security: MervinPraison/PraisonAI
Security
No security policy detected
This project has not set up a SECURITY.md file yet.
Report a vulnerability-
Authorization Bypass Through User-Controlled Key in praisonai-platformGHSA-2fjj-qqg8-fg7x published
Jun 17, 2026 by MervinPraisonModerate -
Server-Side Request Forgery (SSRF) in SearxNG / search_web tools via attacker-controlled searxng_url parameterGHSA-4pcv-mg8v-vrgf published
Jun 17, 2026 by MervinPraisonHigh -
A2U Incomplete Authentication Fix Leaves `praisonai serve` Unauthenticated by DefaultGHSA-jxcw-qp4h-6jfq published
Jun 17, 2026 by MervinPraisonHigh -
DiscordApproval Accepts Unrelated Channel Messages as Dangerous-Tool ApprovalsGHSA-8579-rgg5-ph2m published
Jun 17, 2026 by MervinPraisonHigh -
Dynamic Context History and Terminal Tools Read Files Outside Configured Storage via Path TraversalGHSA-22cj-m4wf-fv2c published
Jun 17, 2026 by MervinPraisonHigh -
Dynamic-Context Artifact Tools Read Arbitrary Host Files Outside Artifact StorageGHSA-j7qx-p75m-wp7g published
Jun 17, 2026 by MervinPraisonHigh -
npm Package: MCPSecurity Basic/OAuth Policies Accept Invalid CredentialsGHSA-4qq2-2j2x-x62c published
Jun 17, 2026 by MervinPraisonHigh -
npm Package: safe-command Wrapper Allowlist Bypass via Shell ChainingGHSA-5jv7-2mjm-h6qj published
Jun 17, 2026 by MervinPraisonHigh -
npm Package: SandboxExecutor Network Isolation Bypass for Non-Proxy-Aware ClientsGHSA-gqmf-56h7-rrpf published
Jun 17, 2026 by MervinPraisonHigh -
npm Package: SandboxExecutor allowedCommands Bypass via Shell ChainingGHSA-vjv9-7m7j-h833 published
Jun 17, 2026 by MervinPraisonHigh
Learn more about advisories related to MervinPraison/PraisonAI in the GitHub Advisory Database