Autogpt Security Vulnerabilities and Issues — Autogpt CVE List

Lucene search

AgptAutogpt

9 matches found

CVE•added 2024/06/06 6:15 p.m.•68 views

CVE-2024-1879

A Cross-Site Request Forgery (CSRF) vulnerability in significant-gravitas/autogpt version v0.5.0 allows attackers to execute arbitrary commands on the AutoGPT server. The vulnerability stems from the lack of protections on the API endpoint receiving instructions, enabling an attacker to direct a us...

8.8CVSS8.9AI score0.00388EPSS

CVE•added 2024/06/06 7:15 p.m.•62 views

CVE-2024-1881

AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command ('OS Command Injection') due to a flaw in its shell command validation function. Specifically, the vulnerability exists in versions v0.5.0 up to but not includ...

9.8CVSS9.1AI score0.00611EPSS

CVE•added 2025/04/14 11:15 p.m.•60 views

CVE-2025-31490

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.1, AutoGPT allows SSRF due to DNS Rebinding in requests wrapper. AutoGPT is built with a wrapper around Python's requests library, hardening ...

7.5CVSS7.5AI score0.00064EPSS

CVE•added 2025/04/15 12:15 a.m.•55 views

CVE-2025-31491

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.1, AutoGPT allows of leakage of cross-domain cookies and protected headers in requests redirect. AutoGPT uses a wrapper around the requests p...

8.6CVSS8.4AI score0.00064EPSS

CVE•added 2025/03/20 10:15 a.m.•53 views

CVE-2025-1040

AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection (SSTI) that could lead to Remote Code Execution (RCE). The vulnerability arises from the improper handling of user-supplied format strings in the AgentOutputBlock implementation, where malicious input is passed to...

8.8CVSS9.1AI score0.00719EPSS

CVE•added 2024/06/06 7:15 p.m.•50 views

CVE-2024-1880

An OS command injection vulnerability exists in the MacOS Text-To-Speech class MacOSTTS of the significant-gravitas/autogpt project, affecting versions up to v0.5.0. The vulnerability arises from the improper neutralization of special elements used in an OS command within the _speech method of the ...

7.8CVSS7.9AI score0.00174EPSS

CVE•added 2025/04/15 12:15 a.m.•48 views

CVE-2025-31494

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. The AutoGPT Platform's WebSocket API transmitted node execution updates to subscribers based on the graph_id+graph_version. Additionally, there was no che...

3.5CVSS4AI score0.00035EPSS

CVE•added 2025/03/20 10:15 a.m.•39 views

CVE-2024-8156

A command injection vulnerability exists in the workflow-checker.yml workflow of significant-gravitas/autogpt. The untrusted user input github.head.ref is used insecurely, allowing an attacker to inject arbitrary commands. This vulnerability affects versions up to and including the latest version. ...

9.8CVSS8.8AI score0.00599EPSS

CVE•added 2024/09/11 1:15 p.m.•38 views

CVE-2024-6091

A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the shell commands denylist settings. The issue arises when the denylist is configured to block specific commands, such as 'whoami' and '/bin/whoami'. An attacker can circumvent this restriction by executing ...

9.8CVSS9.6AI score0.00381EPSS