Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

MervinPraison — Vulnerabilities & Security Advisories 54

Browse all 54 CVE security advisories affecting MervinPraison. AI-powered Chinese analysis, POCs, and references for each vulnerability.

mervinpraison is primarily associated with open-source automation and scripting tools, often utilized for system administration and data processing tasks. Security audits have identified forty-five Common Vulnerabilities and Exposures (CVEs) linked to this entity, predominantly stemming from legacy codebases and insufficient input validation. The most frequently observed vulnerability classes include Remote Code Execution (RCE) and Cross-Site Scripting (XSS), which arise from improper sanitization of user-supplied data. Additionally, several instances of insecure direct object references and privilege escalation flaws have been documented, reflecting gaps in access control mechanisms. These issues typically affect older versions of the software suite, with patches available for recent releases. The profile indicates a pattern of reactive security maintenance rather than proactive secure development, necessitating careful version management for users relying on these tools in production environments.

Top products by MervinPraison: PraisonAI praisonaiagents Featured Image
CVE IDTitleCVSSSeverityPublished
CVE-2026-40113 PraisonAI has an Argument Injection into Cloud Run Environment Variables via Unsanitized Comma in gcloud --set-env-vars — PraisonAICWE-88 8.4 High2026-04-09
CVE-2026-40112 PraisonAI has Stored XSS via Unsanitized Agent Output in HTML Rendering (nh3 Not a Required Dependency) — PraisonAICWE-79 5.4 Medium2026-04-09
CVE-2026-40111 PraisonAIAgents has an OS Command Injection via shell=True in Memory Hooks Executor (memory/hooks.py) — PraisonAIAgentsCWE-78 7.8AIHighAI2026-04-09
CVE-2026-40088 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in praisonai — PraisonAICWE-78 9.7 Critical2026-04-09
CVE-2026-39891 PraisonAI has a Template Injection in Agent Tool Definitions — PraisonAICWE-94 8.8 High2026-04-08
CVE-2026-39890 PraisonAI Affected by Remote Code Execution via YAML Deserialization in Agent Definition Loading — PraisonAICWE-502 9.8 Critical2026-04-08
CVE-2026-39889 PraisonAI has Unauthenticated SSE Event Stream Exposes All Agent Activity in A2U Server — PraisonAICWE-200 7.5 High2026-04-08
CVE-2026-39888 PraisonAIAgents has a sandbox escape via exception frame traversal in `execute_code` (subprocess mode) — praisonaiagentsCWE-657 10.0 Critical2026-04-08
CVE-2026-39307 PraisonAI has an Arbitrary File Write (Zip Slip) in Templates Extraction — PraisonAICWE-22 8.1 High2026-04-07
CVE-2026-39308 PraisonAI recipe registry publish path traversal allows out-of-root file write — PraisonAICWE-22 7.1 High2026-04-07
CVE-2026-39306 PraisonAI recipe registry pull path traversal writes files outside the chosen output directory — PraisonAICWE-22 7.3 High2026-04-07
CVE-2026-39305 Arbitrary File Write / Path Traversal in Action Orchestrator — PraisonAICWE-22 9.0 Critical2026-04-07
CVE-2026-35615 PraisonAI has a Path Traversal in FileTools — PraisonAICWE-22 8.1AIHighAI2026-04-07
CVE-2026-34955 PraisonAI: Sandbox Escape via shell=True and Bypassable Blocklist in SubprocessSandbox — PraisonAICWE-78 8.8 High2026-04-03
CVE-2026-34954 PraisonAI: SSRF in FileTools.download_file() via Unvalidated URL — PraisonAICWE-918 8.6 High2026-04-03
CVE-2026-34953 PraisonAI: Authentication Bypass in OAuthManager.validate_token() — PraisonAICWE-863 9.1 Critical2026-04-03
CVE-2026-34952 PraisonAI: Missing Authentication in WebSocket Gateway — PraisonAICWE-306 9.1 Critical2026-04-03
CVE-2026-34939 PraisonAI: ReDoS via Unvalidated User-Controlled Regex in MCPToolIndex.search_tools() — PraisonAICWE-1333 6.5 Medium2026-04-03
CVE-2026-34938 PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in execute_code — PraisonAICWE-693 10.0 Critical2026-04-03
CVE-2026-34937 PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution — PraisonAICWE-78 7.8 High2026-04-03
CVE-2026-34936 PraisonAI: SSRF via Unvalidated api_base in passthrough() Fallback — PraisonAICWE-918 7.7 High2026-04-03
CVE-2026-34934 PraisonAI: Second-Order SQL Injection in `get_all_user_threads` — PraisonAICWE-89 9.8 Critical2026-04-03
CVE-2026-34935 PraisonAI: OS Command Injection in MCPHandler.parse_mcp_command() — PraisonAICWE-78 9.8 Critical2026-04-03
CVE-2025-12019 Featured Image <= 2.1 - Authenticated (Admin+) Stored Cross-Site Scripting — Featured ImageCWE-79 4.4 Medium2025-11-11

This page lists every published CVE security advisory associated with MervinPraison. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.