composio-praisonai (>=0.3.24 <=0.7.20), praisonai (>=0.0.34 <=4.6.37) +9 more potentially affected by unknown CVE via praisonaiagents (=1.6.37)

praisonaiagents PYPI version =1.6.37 is affected by a known vulnerability. The following packages have a transitive dependency on praisonaiagents and may be impacted: - composio-praisonai =0.3.24, =0.0.34, =0.1.1, =0.1.0, =0.1.0, =0.0.2, =0.1.5, =0.0.1, =0.1.1 - praisonaibench-python =0.1.0 -...

composio-griptape (>=0.3.13 <=0.7.20), griptape-cli (=0.1.0) +4 more potentially affected by CVE-2026-5596 via griptape (>=1.10.1 <=1.8.13)

griptape PYPI version =1.10.1, =0.3.13, =0.26.4, =0.8.0, =2.0.3, =2.2.9 Source cves: CVE-2026-5596 Source advisory: SNYK:PYTHON-GRIPTAPE-15915642...

composio-griptape (>=0.5.44 <=0.5.52rc2), griptape-cli (=0.1.0) potentially affected by CVE-2026-5595 via griptape (>=1.5.0 <=1.8.13)

griptape PYPI version =1.5.0, =0.5.44, =0.5.52rc2 - griptape-cli =0.1.0 Source cves: CVE-2026-5595 Source advisory: SNYK:PYTHON-GRIPTAPE-15915635...

Directory Traversal

Overview composio-core is a Core package to act as a bridge between composio platform and other services. Affected versions of this package are vulnerable to Directory Traversal via the downloadfileordir function. An attacker can access sensitive files outside the intended directory by supplying...

agentic-fleet (>=0.1.6 <=0.4.1), composio (=0.1.1) +35 more potentially affected by CVE-2025-56427 via composio-core (>=0.3.13 <=0.7.21)

composio-core PYPI version =0.3.13, =0.1.6, =0.7.1, =0.3.13, =0.3.17, =0.3.13, =0.3.13, =0.7.1, =0.5.26, =0.3.13, =0.3.13, =0.3.13, =0.3.24, =0.7.15, =0.3.13, =0.7.20 and more Source cves: CVE-2025-56427 Source advisory: SNYK:PYTHON-COMPOSIOCORE-14191990...

Composio SDK 安全漏洞

Composio SDK is a developer toolkit from Composio Open Source. A security vulnerability exists in Composio SDK version 0.7.20, which stems from the presence of path traversal in the downloadfileordir function, which could lead to the disclosure of sensitive information...

EUVD-2025-6877

Malicious code in bioql PyPI...

EUVD-2024-2729

Malicious code in bioql PyPI...

EUVD-2024-2838

Malicious code in bioql PyPI...

EUVD-2025-6884

Malicious code in bioql PyPI...

EUVD-2025-6881

Malicious code in bioql PyPI...

EUVD-2025-0213

Malicious code in bioql PyPI...

CVE-2024-8865

A vulnerability was found in composiohq composio up to 0.5.8 and classified as problematic. Affected by this issue is the function path of the file composio\server\api.py. The manipulation of the argument file leads to path traversal. The exploit has been disclosed to the public and may be used...

CVE-2024-8864

A vulnerability has been found in composiohq composio up to 0.5.6 and classified as critical. Affected by this vulnerability is the function Calculator of the file python/composio/tools/local/mathematical/actions/calculator.py. The manipulation leads to code injection. The exploit has been...

CVE-2024-53526

composio =0.5.40 is vulnerable to Command Execution in composioopenai, composioclaude, and composiojulep via the handletoolcalls function...

CVE-2024-8955

A Server-Side Request Forgery SSRF vulnerability exists in composiohq/composio version v0.4.4. This vulnerability allows an attacker to read the contents of any file in the system by exploiting the BROWSERTOOLGOTOPAGE and BROWSERTOOLGETPAGEDETAILS actions...

CVE-2024-8952

A Server-Side Request Forgery SSRF vulnerability exists in composiohq/composio version v0.4.2, specifically in the /api/actions/execute/WEBTOOLSCRAPEWEBSITECONTENT endpoint. This vulnerability allows an attacker to read files, access AWS metadata, and interact with local services on the system...

CVE-2024-8953

In composiohq/composio version 0.4.3, the mathematicalcalculator endpoint uses the unsafe eval function to perform mathematical operations. This can lead to arbitrary code execution if untrusted input is passed to the eval function...

CVE-2024-8954

In composiohq/composio version 0.5.10, the API does not validate the x-api-key header's value during the authentication step. This vulnerability allows an attacker to bypass authentication by providing any random value in the x-api-key header, thereby gaining unauthorized access to the server...

Server-side Request Forgery (SSRF)

Overview composio-core is a Core package to act as a bridge between composio platform and other services. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the /api/actions/execute/WEBTOOLSCRAPEWEBSITECONTENT endpoint. An attacker with high privileges ca...