CVE-2026-6582

A flaw has been found in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function getvectordbdetails of the file superagi/controllers/vectordbs.py of the component Vector Database Management Endpoint. Executing a manipulation can lead to missing authentication. The attack...

EUVD-2024-19201

Malicious code in bioql PyPI...

EUVD-2025-6850

Malicious code in bioql PyPI...

EUVD-2025-6842

Malicious code in bioql PyPI...

CVE-2023-48055

SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. This vulnerability can lead to the disclosure of information and communications...

CVE-2024-12048

An IDOR Insecure Direct Object Reference vulnerability exists in transformeroptimus/superagi version v0.0.14. The application fails to properly check authorization for multiple API endpoints, allowing attackers to view, edit, and delete other users' information without proper authorization...

CVE-2024-9439

SuperAGI is vulnerable to remote code execution in the latest version. The agent template update API allows attackers to control certain parameters, which are then fed to the eval function without any sanitization or checks in place. This vulnerability can lead to full system compromise...

CVE-2024-9437

SuperAGI version v0.0.14 is vulnerable to an unauthenticated Denial of Service DoS attack. The vulnerability exists in the resource upload request, where appending characters, such as dashes -, to the end of a multipart boundary in an HTTP request causes the server to continuously process each...

CVE-2024-9437

CVE-2024-9437 affects SuperAGI version v0.0.14. The issue is an unauthenticated Denial of Service caused by how the server handles multipart boundary characters in resource upload requests: appending characters (e.g., “-”) to the boundary makes the server process each character, leading to unboun...

CVE-2024-9439

CVE-2024-9439 affects SuperAGI. The vulnerability stems from the agent template update API feeding unsanitized parameters to eval, enabling remote code execution and potentially full system compromise. Public details do not specify affected versions or a fix; no explicit exploit status is provide...

CVE-2024-9439 Remote Code Execution in transformeroptimus/superagi

SuperAGI is vulnerable to remote code execution in the latest version. The agent template update API allows attackers to control certain parameters, which are then fed to the eval function without any sanitization or checks in place. This vulnerability can lead to full system compromise...

CVE-2024-9439 Remote Code Execution in transformeroptimus/superagi

SuperAGI is vulnerable to remote code execution in the latest version. The agent template update API allows attackers to control certain parameters, which are then fed to the eval function without any sanitization or checks in place. This vulnerability can lead to full system compromise...

PT-2025-12284 · Superagi · Superagi

Name of the Vulnerable Software and Affected Versions: SuperAGI affected versions not specified Description: SuperAGI is vulnerable to remote code execution. The agent template update API allows attackers to control certain parameters, which are then fed to the eval function without any...

PT-2025-12283 · Superagi · Superagi

Name of the Vulnerable Software and Affected Versions: SuperAGI version v0.0.14 Description: SuperAGI version v0.0.14 is vulnerable to an unauthenticated Denial of Service DoS attack. The vulnerability exists in the resource upload request, where appending characters, such as dashes -, to the end...

CVE-2023-48055

SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. This vulnerability can lead to the disclosure of information and communications...

CVE-2023-48055

SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. This vulnerability can lead to the disclosure of information and communications...