CVE-2026-40112 PraisonAI has Stored XSS via Unsanitized Agent Output in HTML Rendering (nh3 Not a Required Dependency)

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the Flask API endpoint in src/praisonai/api.py renders agent output as HTML without effective sanitization. The sanitizehtml function relies on the nh3 library, which is not listed as a required or optional dependency in pyproject.toml...

Perl CryptX 安全漏洞

Perl CryptX is a versatile and powerful, high-performance cryptographic toolkit for Perl open source. A security vulnerability exists in Perl CryptX versions prior to 0.065, which stems from a dependency library that may be vulnerable to a malformed unicode attack...

SVG Formatter - Critical - Cross Site Scripting - SA-CONTRIB-2022-028

SVG Formatter module provides support for using SVG images on your website. Our dependency library enshrined/svg-sanitize has a cross-site scripting vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with permission that enables them to upload SVG images...

编号撤回

libsolv is a library for checking package dependencies. libsolv has a security vulnerability, and no details of the vulnerability are currently provided...