Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

MervinPraison — Vulnerabilities & Security Advisories 54

Browse all 54 CVE security advisories affecting MervinPraison. AI-powered Chinese analysis, POCs, and references for each vulnerability.

mervinpraison is primarily associated with open-source automation and scripting tools, often utilized for system administration and data processing tasks. Security audits have identified forty-five Common Vulnerabilities and Exposures (CVEs) linked to this entity, predominantly stemming from legacy codebases and insufficient input validation. The most frequently observed vulnerability classes include Remote Code Execution (RCE) and Cross-Site Scripting (XSS), which arise from improper sanitization of user-supplied data. Additionally, several instances of insecure direct object references and privilege escalation flaws have been documented, reflecting gaps in access control mechanisms. These issues typically affect older versions of the software suite, with patches available for recent releases. The profile indicates a pattern of reactive security maintenance rather than proactive secure development, necessitating careful version management for users relying on these tools in production environments.

Found 46 results / 54Clear Filters
Top products by MervinPraison: PraisonAI praisonaiagents Featured Image
CVE IDTitleCVSSSeverityPublished
CVE-2026-44340 PraisonAI: Symlink-extraction bypass of `_safe_extractall` writes outside `dest_dir` — PraisonAICWE-22 7.1AIHighAI2026-05-08
CVE-2026-44339 PraisonAI has unsafe tool resolution in `ToolExecutionMixin.execute_tool`: undeclared `__main__` callables execute — PraisonAICWE-470 8.6 High2026-05-08
CVE-2026-44338 PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution — PraisonAICWE-306 7.3 High2026-05-08
CVE-2026-44337 PraisonAI knowledge-store backends interpolate unvalidated collection names into SQL and CQL queries — PraisonAICWE-20 6.3 Medium2026-05-08
CVE-2026-44336 PraisonAI MCP `tools/call` path-traversal and RCE via Python `.pth` injection — PraisonAICWE-20 5.4AIMediumAI2026-05-08
CVE-2026-44335 SSRF bypass in PraisonAI — PraisonAICWE-918 9.1AICriticalAI2026-05-08
CVE-2026-44334 PraisonAI: Unauthenticated RCE via `tool_override.py` — PraisonAICWE-94 8.4 High2026-05-08
CVE-2026-41497 Incomplete fix for CVE-2026-34935: Command Injection in MervinPraison/PraisonAI — PraisonAICWE-78 9.8 Critical2026-05-08
CVE-2026-41496 PraisonAI: SQL Injection via unvalidated `table_prefix` in 9 conversation store backends (incomplete fix for CVE-2026-40315) — PraisonAICWE-89 8.1 High2026-05-08
CVE-2026-40313 PraisonAI: ArtiPACKED Vulnerability via GitHub Actions Credential Persistence — PraisonAICWE-829 9.1 Critical2026-04-14
CVE-2026-40289 PraisonAI Browser Server allows unauthenticated WebSocket clients to hijack connected extension sessions — PraisonAICWE-306 9.1 Critical2026-04-14
CVE-2026-40288 PraisonAI: Critical RCE via `type: job` workflow YAML — PraisonAICWE-78 9.8 Critical2026-04-14
CVE-2026-40287 PraisonAI has RCE via Automatic tools.py Import — PraisonAICWE-94 8.4 High2026-04-14
CVE-2026-40315 PraisonAI: SQLiteConversationStore didn't validate table_prefix when constructing SQL queries — PraisonAICWE-89 8.1 -2026-04-14
CVE-2026-40159 PraisonAI Exposes Sensitive Environment Variable via Untrusted MCP Subprocess Execution — PraisonAICWE-200 5.5 Medium2026-04-10
CVE-2026-40158 PraisonAI has Improper Control of Generation of Code ('Code Injection') and Protection Mechanism Failure in praisonai — PraisonAICWE-94 8.6 High2026-04-10
CVE-2026-40157 PraisonAI affected by arbitrary file write via path traversal in `praisonai recipe unpack` — PraisonAICWE-22 8.1 -2026-04-10
CVE-2026-40156 PraisonAI Affected by Implicit Execution of Arbitrary Code via Automatic `tools.py` Loading — PraisonAICWE-94 7.8 High2026-04-10
CVE-2026-40154 PraisonAI Affected by Untrusted Remote Template Code Execution — PraisonAICWE-829 9.3 Critical2026-04-09
CVE-2026-40151 PraisonAI Affected by Unauthenticated Information Disclosure of Agent Instructions via /api/agents in AgentOS — PraisonAICWE-200 5.3 Medium2026-04-09
CVE-2026-40149 PraisonAI has an Unauthenticated Allow-List Manipulation Bypasses Agent Tool Approval Safety Controls — PraisonAICWE-396 7.9 High2026-04-09
CVE-2026-40148 PraisonAI Affected by Decompression Bomb DoS via Recipe Bundle Extraction Without Size Limits — PraisonAICWE-409 6.5 Medium2026-04-09
CVE-2026-40116 PraisonAI's Unauthenticated WebSocket Endpoint Proxies to Paid OpenAI Realtime API Without Rate Limits — PraisonAICWE-770 7.5 High2026-04-09
CVE-2026-40115 PraisonAI has an Unrestricted Upload Size in WSGI Recipe Registry Server Enables Memory Exhaustion DoS — PraisonAICWE-770 6.2 Medium2026-04-09
CVE-2026-40114 PraisonAI has Server-Side Request Forgery via Unvalidated webhook_url in Jobs API — PraisonAICWE-918 7.2 High2026-04-09
CVE-2026-40113 PraisonAI has an Argument Injection into Cloud Run Environment Variables via Unsanitized Comma in gcloud --set-env-vars — PraisonAICWE-88 8.4 High2026-04-09
CVE-2026-40112 PraisonAI has Stored XSS via Unsanitized Agent Output in HTML Rendering (nh3 Not a Required Dependency) — PraisonAICWE-79 5.4 Medium2026-04-09
CVE-2026-40088 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in praisonai — PraisonAICWE-78 9.7 Critical2026-04-09
CVE-2026-39891 PraisonAI has a Template Injection in Agent Tool Definitions — PraisonAICWE-94 8.8 High2026-04-08
CVE-2026-39890 PraisonAI Affected by Remote Code Execution via YAML Deserialization in Agent Definition Loading — PraisonAICWE-502 9.8 Critical2026-04-08

This page lists every published CVE security advisory associated with MervinPraison. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.