19 matches found
EUVD-2025-6877
Malicious code in bioql PyPI...
EUVD-2025-6881
Malicious code in bioql PyPI...
EUVD-2025-0213
Malicious code in bioql PyPI...
CVE-2024-53526
composio =0.5.40 is vulnerable to Command Execution in composioopenai, composioclaude, and composiojulep via the handletoolcalls function...
CVE-2024-8952
A Server-Side Request Forgery SSRF vulnerability exists in composiohq/composio version v0.4.2, specifically in the /api/actions/execute/WEBTOOLSCRAPEWEBSITECONTENT endpoint. This vulnerability allows an attacker to read files, access AWS metadata, and interact with local services on the system...
CVE-2024-8954
In composiohq/composio version 0.5.10, the API does not validate the x-api-key header's value during the authentication step. This vulnerability allows an attacker to bypass authentication by providing any random value in the x-api-key header, thereby gaining unauthorized access to the server...
GHSA-38MG-WM59-G64X composio allows Server-Side Request Forgery (SSRF) in BROWSERTOOL
A Server-Side Request Forgery SSRF vulnerability exists in composiohq/composio version v0.4.4. This vulnerability allows an attacker to read the contents of any file in the system by exploiting the BROWSERTOOLGOTOPAGE and BROWSERTOOLGETPAGEDETAILS actions...
Composio Eval Injection Vulnerability
In composiohq/composio version 0.4.3, the mathematicalcalculator endpoint uses the unsafe eval function to perform mathematical operations. This can lead to arbitrary code execution if untrusted input is passed to the eval function...
composio allows Server-Side Request Forgery (SSRF) in BROWSERTOOL
A Server-Side Request Forgery SSRF vulnerability exists in composiohq/composio version v0.4.4. This vulnerability allows an attacker to read the contents of any file in the system by exploiting the BROWSERTOOLGOTOPAGE and BROWSERTOOLGETPAGEDETAILS actions...
CVE-2024-8952
A Server-Side Request Forgery SSRF vulnerability exists in composiohq/composio version v0.4.2, specifically in the /api/actions/execute/WEBTOOLSCRAPEWEBSITECONTENT endpoint. This vulnerability allows an attacker to read files, access AWS metadata, and interact with local services on the system...
CVE-2024-8952 SSRF in composiohq/composio
A Server-Side Request Forgery SSRF vulnerability exists in composiohq/composio version v0.4.2, specifically in the /api/actions/execute/WEBTOOLSCRAPEWEBSITECONTENT endpoint. This vulnerability allows an attacker to read files, access AWS metadata, and interact with local services on the system...
CVE-2024-8954 Authentication Bypass in composiohq/composio
In composiohq/composio version 0.5.10, the API does not validate the x-api-key header's value during the authentication step. This vulnerability allows an attacker to bypass authentication by providing any random value in the x-api-key header, thereby gaining unauthorized access to the server...
GHSA-8H93-28HG-FJ84 Composio Command Execution vulnerability
composio =0.5.40 is vulnerable to Command Execution in composioopenai, composioclaude, and composiojulep via the handletoolcalls function...
CVE-2024-53526
composio =0.5.40 is vulnerable to Command Execution in composioopenai, composioclaude, and composiojulep via the handletoolcalls function...
Composio 安全漏洞
Composio is a production-ready toolset for AI agents open-sourced by Composio. Composio has a security vulnerability that stems from the ease of executing commands in composioopenai, composioclaude, and composiojulep via the handletoolcalls function...
CVE-2024-53526
CVE-2024-53526 affects the Composio suite: versions 0.5.40 and later are vulnerable to arbitrary command execution via the handle_tool_calls function in the modules composio_openai, composio_claude, and composio_julep. The root cause is improper input sanitization enabling command injection. Impa...
CVE-2024-53526
composio =0.5.40 is vulnerable to Command Execution in composioopenai, composioclaude, and composiojulep via the handletoolcalls function...
Composio Path Traversal Vulnerability
Composio is a production-ready toolset for AI agents open-sourced by Composio. A path traversal vulnerability exists in Composio version 0.5.8 and prior versions, which stems from the fact that incorrect manipulation of the parameter file can lead to path traversal. No details of the vulnerabilit...
Composio 代码注入漏洞
Composio is a production-ready toolset for AI agents open-sourced by Composio. A code injection vulnerability exists in Composio version 0.5.6 and earlier. An attacker can inject arbitrary code by exploiting this vulnerability...