427 matches found
EUVD-2026-21508
PraisonAI Vulnerable to Implicit Execution of Arbitrary Code via Automatic tools.py Loading...
EUVD-2026-21166
PraisonAI Vulnerable to Decompression Bomb DoS via Recipe Bundle Extraction Without Size Limits...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...
GHSA-F2H6-7XFR-XM8W PraisonAI Vulnerable to Decompression Bomb DoS via Recipe Bundle Extraction Without Size Limits
Summary The safeextractall function in PraisonAI's recipe registry validates archive members against path traversal attacks but performs no checks on individual member sizes, cumulative extracted size, or member count before calling tar.extractall. An attacker can publish a malicious recipe bundl...
EUVD-2026-21212
PraisonAI Vulnerable Untrusted Remote Template Code Execution...
Unsafe Dependency Resolution
Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...
Incorrect Authorization
Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...
EUVD-2026-21510
PraisonAI Vulnerable to Code Injection and Protection Mechanism Failure...
GHSA-3C4R-6P77-XWR7 PraisonAI Vulnerable to Code Injection and Protection Mechanism Failure
PraisonAI's AST-based Python sandbox can be bypassed using type.getattribute trampoline, allowing arbitrary code execution when running untrusted agent code. Description The executecodedirect function in praisonaiagents/tools/pythontools.py uses AST filtering to block dangerous Python attributes...
Exposure of Sensitive Information Through Environmental Variables
Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...
Declaration of Catch for Generic Exception
Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...
EUVD-2026-21170
PraisonAIAgents has SSRF and Local File Read via Unvalidated URLs in webcrawl Tool...
Missing Authorization
Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Missing Authorization via the readskillfile function. An attacker can access sensitive files on the filesystem by supplying arbitrary paths ...
EUVD-2026-21160
PraisonAI has Unrestricted Upload Size in WSGI Recipe Registry Server that Enables Memory Exhaustion DoS...
Allocation of Resources Without Limits or Throttling
Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...
Allocation of Resources Without Limits or Throttling
Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...
EUVD-2026-21156
PraisonAI Vulnerable to Argument Injection into Cloud Run Environment Variables via Unsanitized Comma in gcloud --set-env-vars...
GHSA-FVXX-GGMX-3CJG PraisonAI Vulnerable to Argument Injection into Cloud Run Environment Variables via Unsanitized Comma in gcloud --set-env-vars
Summary deploy.py constructs a single comma-delimited string for the gcloud run deploy --set-env-vars argument by directly interpolating openaimodel, openaikey, and openaibase without validating that these values do not contain commas. gcloud uses a comma as the key-value pair separator for...
PraisonAI Vulnerable to Argument Injection into Cloud Run Environment Variables via Unsanitized Comma in gcloud --set-env-vars
Summary deploy.py constructs a single comma-delimited string for the gcloud run deploy --set-env-vars argument by directly interpolating openaimodel, openaikey, and openaibase without validating that these values do not contain commas. gcloud uses a comma as the key-value pair separator for...
EUVD-2026-21154
PraisonAI Vulnerable to Stored XSS via Unsanitized Agent Output in HTML Rendering nh3 Not a Required Dependency...