82 matches found
CVE-2026-59807
Composio SDK before 0.2.32-beta.283 contains a path validation bypass vulnerability that allows attackers to read and exfiltrate sensitive files by exploiting a missing assertSafeFileUploadPath check in the readFileFromDisk function within tool-file-uploads.ts. Attackers can exploit prompt...
CVE-2026-59807 Composio SDK < 0.2.32-beta.283 - Sensitive File Upload via tool-file-uploads.ts
Composio SDK before 0.2.32-beta.283 contains a path validation bypass vulnerability that allows attackers to read and exfiltrate sensitive files by exploiting a missing assertSafeFileUploadPath check in the readFileFromDisk function within tool-file-uploads.ts. Attackers can exploit prompt...
CVE-2026-59807
CVE-2026-59807 affects Composio SDK prior to 0.2.32-beta.283. A path validation bypass in readFileFromDisk (tool-file-uploads.ts) can enable an attacker to read and exfiltrate sensitive files by manipulating file_uploadable parameters via prompt injection, referencing sensitive paths such as SSH ...
EUVD-2026-42377
Composio SDK before 0.2.32-beta.283 contains a path validation bypass vulnerability that allows attackers to read and exfiltrate sensitive files by exploiting a missing assertSafeFileUploadPath check in the readFileFromDisk function within tool-file-uploads.ts. Attackers can exploit prompt...
CVE-2026-59807 Composio SDK < 0.2.32-beta.283 - Sensitive File Upload via tool-file-uploads.ts
Composio SDK before 0.2.32-beta.283 contains a path validation bypass vulnerability that allows attackers to read and exfiltrate sensitive files by exploiting a missing assertSafeFileUploadPath check in the readFileFromDisk function within tool-file-uploads.ts. Attackers can exploit prompt...
PYSEC-2026-1268 Composio Command Execution vulnerability
composio =0.5.40 is vulnerable to Command Execution in composioopenai, composioclaude, and composiojulep via the handletoolcalls function...
agentic-fleet (>=0.1.6 <=0.4.81), composio (=0.1.1) +37 more potentially affected by CVE-2025-56427 via composio-core (>=0.3.13 <=0.7.21)
composio-core PYPI version =0.3.13, =0.1.6, =0.7.1, =0.3.13, =0.3.17, =0.3.13, =0.3.13, =0.7.1, =0.5.26, =0.3.13, =0.3.13, =0.3.13, =0.3.24, =0.7.15, =0.3.13, =0.7.20 and more Source cves: CVE-2025-56427 Source advisory: SNYK:PYTHON-COMPOSIOCORE-14191990...
Directory Traversal
Overview composio-core is a Core package to act as a bridge between composio platform and other services. Affected versions of this package are vulnerable to Directory Traversal via the downloadfileordir function. An attacker can access sensitive files outside the intended directory by supplying...
Composio SDK 安全漏洞
Composio SDK is a developer toolkit from Composio Open Source. A security vulnerability exists in Composio SDK version 0.7.20, which stems from the presence of path traversal in the downloadfileordir function, which could lead to the disclosure of sensitive information...
EUVD-2024-2838
Malicious code in bioql PyPI...
EUVD-2025-6877
Malicious code in bioql PyPI...
EUVD-2025-0213
Malicious code in bioql PyPI...
EUVD-2025-6881
Malicious code in bioql PyPI...
EUVD-2024-2729
Malicious code in bioql PyPI...
EUVD-2025-6884
Malicious code in bioql PyPI...
CVE-2024-8865
A vulnerability was found in composiohq composio up to 0.5.8 and classified as problematic. Affected by this issue is the function path of the file composio\server\api.py. The manipulation of the argument file leads to path traversal. The exploit has been disclosed to the public and may be used...
CVE-2024-8864
A vulnerability has been found in composiohq composio up to 0.5.6 and classified as critical. Affected by this vulnerability is the function Calculator of the file python/composio/tools/local/mathematical/actions/calculator.py. The manipulation leads to code injection. The exploit has been...
CVE-2024-53526
composio =0.5.40 is vulnerable to Command Execution in composioopenai, composioclaude, and composiojulep via the handletoolcalls function...
CVE-2024-8955
A Server-Side Request Forgery SSRF vulnerability exists in composiohq/composio version v0.4.4. This vulnerability allows an attacker to read the contents of any file in the system by exploiting the BROWSERTOOLGOTOPAGE and BROWSERTOOLGETPAGEDETAILS actions...
CVE-2024-8952
A Server-Side Request Forgery SSRF vulnerability exists in composiohq/composio version v0.4.2, specifically in the /api/actions/execute/WEBTOOLSCRAPEWEBSITECONTENT endpoint. This vulnerability allows an attacker to read files, access AWS metadata, and interact with local services on the system...