Security: MervinPraison/PraisonAI
Security
No security policy detected
This project has not set up a SECURITY.md file yet.
Report a vulnerability-
SQL Injection via unvalidated `table_prefix` in 9 conversation store backends (incomplete fix for CVE-2026-40315)GHSA-rg3h-x3jw-7jm5 published
Apr 16, 2026 by MervinPraisonHigh -
Incomplete fix for CVE-2026-34935: Command Injection in MervinPraison/PraisonAIGHSA-9qhq-v63v-fv3j published
Apr 16, 2026 by MervinPraisonModerate -
[Security Report] ArtiPACKED Vulnerability – GitHub Actions Credential Persistence (`artipacked`)GHSA-3959-6v5q-45q2 published
Apr 10, 2026 by MervinPraisonCritical -
RCE via Automatic tools.py ImportGHSA-g985-wjh9-qxxc published
Apr 10, 2026 by MervinPraisonHigh -
Critical RCE via `type: job` workflow YAMLGHSA-vc46-vw85-3wvm published
Apr 10, 2026 by MervinPraisonCritical -
PraisonAI Browser Server allows unauthenticated WebSocket clients to hijack connected extension sessionsGHSA-8x8f-54wf-vv92 published
Apr 10, 2026 by MervinPraisonCritical -
SQLiteConversationStore didn't validate table_prefix when constructing SQL queriesGHSA-x783-xp3g-mqhp published
Apr 9, 2026 by MervinPraisonHigh -
OS Command Injection via shell=True in Memory Hooks Executor (memory/hooks.py)GHSA-v7px-3835-7gjx published
Apr 9, 2026 by MervinPraisonCritical -
Argument Injection into Cloud Run Environment Variables via Unsanitized Comma in gcloud --set-env-varsGHSA-fvxx-ggmx-3cjg published
Apr 9, 2026 by MervinPraisonHigh -
Stored XSS via Unsanitized Agent Output in HTML Rendering (nh3 Not a Required Dependency)GHSA-cfg2-mxfj-j6pw published
Apr 9, 2026 by MervinPraisonModerate
Learn more about advisories related to MervinPraison/PraisonAI in the GitHub Advisory Database