CVE-2026-11455

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.2. Affected by this issue is the function checkcmdexists of the file metagpt/utils/common.py. This manipulation of the argument mermaid.path causes command injection. The attack may be initiated remotely. A high degree of...

MetaGPT 命令注入漏洞

MetaGPT is a multi-agent framework developed by MetaGPT Inc. Versions of MetaGPT 0.8.2 and earlier contained a command injection vulnerability. This vulnerability stemmed from the erroneous handling of the parameter mermaid.path in the function checkcmdexists found in the file...

CVE-2026-31951

LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc1 through 0.8.3-rc1, user-created MCP Model Context Protocol servers can include arbitrary HTTP headers that undergo credential placeholder substitution. An attacker can create a malicious MCP server with headers containin...

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +218 more potentially affected by CVE-2025-11200 via mlflow (>=0.8.2 <=2.22.0)

mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.1.0, =0.1.9, =0.0.1, =1.0.4, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =0.2.17rc1 and more Source cves: CVE-2025-11200 Source advisory: OSV:GHSA-6XJ8-RRQX-R4CV...

PT-2024-10546 · Mikexstudios · Xcomic

Name of the Vulnerable Software and Affected Versions: mikexstudios Xcomic versions up to 0.8.2 Description: A critical vulnerability has been found in mikexstudios Xcomic, affecting an unknown part of the software. The manipulation of the cmd argument leads to os command injection, allowing for...

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +159 more potentially affected by CVE-2024-2928 via mlflow (>=0.8.2 <=2.11.1)

mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =3.0.0, =0.1.0, =0.2.0, =0.3.5, =0.8.0, =1.0.0 and more Source cves: CVE-2024-2928 Source advisory: OSV:PYSEC-2024-242...

a2 (>=0.1.0 <=0.3.17), abadpour (>=6.13.1 <=7.24.1) +940 more potentially affected by CVE-2024-37059 via mlflow (>=0.8.2 <=3.4.0)

mlflow PYPI version =0.8.2, =0.1.0, =6.13.1, =9.273.1, =1.1.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.0.5, =1.0.0, =0.1.0, =1.1.1 - ai-helpers-pytorch-utils =0.1.0a1 - ailine-core =0.5.5 and more Source cves: CVE-2024-37059 Source advisory: OSV:GHSA-WF7F-8FXF-XFXC...

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +151 more potentially affected by CVE-2024-4263 via mlflow (>=0.8.2 <=2.10.0)

mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =3.0.0, =0.1.0, =0.2.0, =0.3.5, =0.8.0, =1.0.0 and more Source cves: CVE-2024-4263 Source advisory: OSV:GHSA-P4JX-Q62P-X5JR...

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +345 more potentially affected by CVE-2024-1560 via mlflow (>=0.8.2 <=2.9.2)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2024-1560 Source advisory: OSV:GHSA-5MVJ-WMGJ-7Q8C...

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +149 more potentially affected by CVE-2024-27132 via mlflow (>=0.8.2 <=2.0.1)

mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =3.0.0, =0.1.0, =0.2.0, =0.3.5, =0.8.0, =1.0.0 and more Source cves: CVE-2024-27132 Source advisory: OSV:GHSA-6749-M5CP-6CG7...

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +340 more potentially affected by CVE-2023-6753 via mlflow (>=0.8.2 <=2.9.1)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2023-6753 Source advisory: OSV:GHSA-V945-R3RC-6FJM...

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +322 more potentially affected by CVE-2023-2356 via mlflow (>=0.8.2 <=2.3.0)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2023-2356 Source advisory: OSV:GHSA-X422-6QHV-P29G...

discourse-sso-oidc-bridge-consideratio (>=0.2.0 <=0.2.1), flask-pyoidc (>=3.1.0 <=3.6.0) +3 more potentially affected by CVE-2020-26244 via oic (>=0.8.2 <=1.1.2)

oic PYPI version =0.8.2, =0.2.0, =3.1.0, =0.0.9, =2.0.0, =0.6.1, =3.4.8 Source cves: CVE-2020-26244 Source advisory: OSV:PYSEC-2020-69...