Security: MervinPraison/PraisonAI
Security
No security policy detected
This project has not set up a SECURITY.md file yet.
Report a vulnerability-
PraisonAI `deploy --type api` emits a Flask server with authentication disabled by defaultGHSA-8444-4fhq-fxpq published
May 19, 2026 by MervinPraisonCritical -
Cross-Workspace IDOR and Privilege Escalation in Platform APIGHSA-gv23-xrm3-8c62 published
May 19, 2026 by MervinPraisonHigh -
Arbitrary File Write in Python APIGHSA-hvhp-v2gc-268q published
May 19, 2026 by MervinPraisonHigh -
PraisonAI Platform workspace-scoped routes allow cross-workspace object access by global object IDGHSA-6h6v-6m7w-7vxx published
May 19, 2026 by MervinPraisonHigh -
PraisonAI call server exposes unauthenticated agent listing, invocation, and deletion when CALL_SERVER_TOKEN is unsetGHSA-86qc-r5v2-v6x6 published
May 19, 2026 by MervinPraisonCritical -
PraisonAI spider_tools SSRF protection bypass via alternate loopback host encodingsGHSA-5c6w-wwfq-7qqm published
May 19, 2026 by MervinPraisonModerate -
PraisonAI CLI automatically resolves @url mentions in prompt text and can read loopback URLs into model contextGHSA-5cxw-77wg-jrf3 published
May 19, 2026 by MervinPraisonModerate -
PraisonAI Platform missing role checks let any workspace member become owner and take over workspace membershipGHSA-h37g-4h4p-9x97 published
May 19, 2026 by MervinPraisonHigh -
Unauthenticated A2A official example can reach real LLM-driven `eval()` tool executionGHSA-vg22-4gmj-prxw published
May 19, 2026 by MervinPraisonCritical -
Cross-workspace IDOR + member-role privilege escalation in PraisonAI PlatformGHSA-h8q5-cp56-rr65 published
May 19, 2026 by MervinPraisonCritical
Learn more about advisories related to MervinPraison/PraisonAI in the GitHub Advisory Database