autoxx (>=0.0.11 <=0.0.13), vuln-demo-math-ops (=1.0.0) potentially affected by CVE-2026-24780 via agpt (=0.2.2)

agpt PYPI version =0.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on agpt and may be impacted: - autoxx =0.0.11, =0.0.13 - vuln-demo-math-ops =1.0.0 Source cves: CVE-2026-24780 Source advisory: OSV:GHSA-R277-3XC5-C79V...

autoxx (>=0.0.11 <=0.0.13), vuln-demo-math-ops (=1.0.0) potentially affected by CVE-2025-31494 via agpt (=0.2.2)

agpt PYPI version =0.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on agpt and may be impacted: - autoxx =0.0.11, =0.0.13 - vuln-demo-math-ops =1.0.0 Source cves: CVE-2025-31494 Source advisory: SNYK:PYTHON-AGPT-9802206...

autoxx (>=0.0.11 <=0.0.13), vuln-demo-math-ops (=1.0.0) potentially affected by CVE-2025-31491 via agpt (=0.2.2)

agpt PYPI version =0.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on agpt and may be impacted: - autoxx =0.0.11, =0.0.13 - vuln-demo-math-ops =1.0.0 Source cves: CVE-2025-31491 Source advisory: SNYK:PYTHON-AGPT-9802316...

autoxx (>=0.0.11 <=0.0.13), vuln-demo-math-ops (=1.0.0) potentially affected by CVE-2025-31490 via agpt (=0.2.2)

agpt PYPI version =0.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on agpt and may be impacted: - autoxx =0.0.11, =0.0.13 - vuln-demo-math-ops =1.0.0 Source cves: CVE-2025-31490 Source advisory: SNYK:PYTHON-AGPT-9802320...

Server-side Request Forgery (SSRF)

Overview agpt is an An open-source attempt to make GPT-4 autonomous Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the requests wrapper. An attacker can manipulate the request process to access unauthorized data or interact with internal services by...

autoxx (>=0.0.11 <=0.0.13), vuln-demo-math-ops (=1.0.0) potentially affected by CVE-2024-6091 via agpt (=0.2.2)

agpt PYPI version =0.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on agpt and may be impacted: - autoxx =0.0.11, =0.0.13 - vuln-demo-math-ops =1.0.0 Source cves: CVE-2024-6091 Source advisory: OSV:GHSA-G84Q-54HF-36RG...

Information Disclosure

agpt is vulnerable to Information Disclosure. The vulnerability exists because it does not properly restrict writing to the docker-compose.yml, which allows an attacker to inject malicious custom Python code into the system the next time the docker container is run by overwriting the compose file...

Arbitrary Code Execution

agpt is vulnerable to Arbitrary Code Execution. The vulnerability exists in executecode.py due to using a dedicated Docker container which Auto-GPT uses on the host system through run.sh or run.bat files while sandboxing customized Python code. It is possible to take advantage of this to execute...