36 matches found
CVE-2026-2287 CVE-2026-2287
CrewAI does not properly check that Docker is still running during runtime, and will fall back to a sandbox setting that allows for RCE exploitation...
CVE-2026-2287 CVE-2026-2287
CrewAI does not properly check that Docker is still running during runtime, and will fall back to a sandbox setting that allows for RCE exploitation...
CVE-2026-2275 CVE-2026-2275
The CrewAI CodeInterpreter tool falls back to SandboxPython when it cannot reach Docker, which can enable RCE through arbitrary C function calling...
CVE-2026-2275 CVE-2026-2275
The CrewAI CodeInterpreter tool falls back to SandboxPython when it cannot reach Docker, which can enable RCE through arbitrary C function calling...
CrewAI 安全漏洞
CrewAI is an open-source code execution and analysis tool component developed by CrewAI. CrewAI has a security vulnerability that stems from the ability to revert to SandboxPython, allowing arbitrary C function calls, which may lead to remote code execution...
PT-2026-29048
Name of the Vulnerable Software and Affected Versions CrewAI versions affected versions not specified Description The CodeInterpreter tool within CrewAI reverts to SandboxPython when Docker is unreachable. This fallback can allow for Remote Code Execution RCE through the ability to call arbitrary...
CrewAI 安全漏洞
CrewAI is an open-source code execution and analysis tool component developed by CrewAI. CrewAI has a security vulnerability, which stems from the RAG search tool failing to properly validate URLs, potentially leading to server-side request forgeing attacks...
CrewAI 安全漏洞
CrewAI is an open-source code execution and analysis tool component developed by CrewAI. CrewAI has a security vulnerability, which stems from a lack of path validation in the JSON loading mechanism, potentially allowing arbitrary local file reading...
CrewAI 安全漏洞
CrewAI is an open-source code execution and analysis tool component developed by CrewAI. CrewAI has a security vulnerability that stems from incorrect checking of Docker’s running status and reverting to a sandbox setting, which may lead to remote code execution...
gotham-recon
Documentation Complete du Systeme d'Agents CrewAI Guide t...
Many Hands Make Light Work: An LLM-Based Multi-Agent System for Detecting Malicious PyPI Packages
Malicious code in open-source repositories such as PyPI poses a growing threat to software supply chains. Traditional rule-based tools often overlook the semantic patterns in source code that are crucial for identifying adversarial components. Large language models LLMs show promise for software...
agentic-fleet (>=0.1.6 <=0.4.81), composio (=0.1.1) +37 more potentially affected by CVE-2024-8952 via composio-core (>=0.3.13 <=0.7.21)
composio-core PYPI version =0.3.13, =0.1.6, =0.7.1, =0.3.13, =0.3.17, =0.3.13, =0.3.13, =0.7.1, =0.5.26, =0.3.13, =0.3.13, =0.3.13, =0.3.24, =0.7.15, =0.3.13, =0.7.20 and more Source cves: CVE-2024-8952 Source advisory: SNYK:PYTHON-COMPOSIOCORE-9637813...
composio-autogen (>=0.3.13 <=0.5.42), composio-camel (>=0.3.17 <=0.5.42) +13 more potentially affected by CVE-2024-8953 via composio-core (>=0.3.13 <=0.5.42)
composio-core PYPI version =0.3.13, =0.3.13, =0.3.17, =0.3.13, =0.3.13, =0.5.26, =0.3.13, =0.3.13, =0.3.13, =0.3.24, =0.3.13, =0.3.13, =0.3.13, =0.4.2, =0.3.24, =0.2.31, =0.2.40 Source cves: CVE-2024-8953 Source advisory: SNYK:PYTHON-COMPOSIOCORE-9637814...
composio-autogen (>=0.3.13 <=0.5.52rc2), composio-camel (>=0.3.17 <=0.5.52rc2) +15 more potentially affected by CVE-2024-8865 via composio-core (>=0.3.13 <=0.5.8)
composio-core PYPI version =0.3.13, =0.3.13, =0.3.17, =0.3.13, =0.3.13, =0.5.26, =0.3.13, =0.3.13, =0.3.13, =0.3.24, =0.3.13, =0.3.13, =0.3.13, =0.4.2, =0.3.24, =0.5.43 - gensphere =0.1.9 and more Source cves: CVE-2024-8865 Source advisory: OSV:GHSA-66R2-XM28-74W9...
01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +43116 more potentially affected by CVE-2024-30251 via aiohttp (>=0.13.1 <=3.9.3)
aiohttp PYPI version =0.13.1, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 and more Source cves: CVE-2024-30251 Source advisory: OSV:GHSA-5M98-QGG9-WH84...
01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +43009 more potentially affected by CVE-2023-49082 via aiohttp (>=0.13.1 <=3.8.6)
aiohttp PYPI version =0.13.1, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 and more Source cves: CVE-2023-49082 Source advisory: OSV:PYSEC-2023-251...