Browse all 7 CVE security advisories affecting composiohq. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Composiohq provides an integration platform connecting AI agents with enterprise applications through its SDK and API framework. Historically, the platform has been associated with multiple critical vulnerabilities, including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws, primarily stemming from improper input validation and insecure API endpoints. While no major public security incidents have been documented, the seven disclosed CVEs highlight consistent weaknesses in access controls and parameter handling. The platform's extensive third-party integrations increase its attack surface, making input sanitization and authentication mechanisms critical areas requiring ongoing security hardening.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-8958 | Unrestricted File Write and Read in composiohq/composio — composiohq/composioCWE-434 | 9.8 | - | 2025-03-20 |
| CVE-2024-8952 | SSRF in composiohq/composio — composiohq/composioCWE-918 | 9.1 | - | 2025-03-20 |
| CVE-2024-8953 | Unsafe eval usage in composiohq/composio — composiohq/composioCWE-627 | 9.8 | - | 2025-03-20 |
| CVE-2024-8954 | Authentication Bypass in composiohq/composio — composiohq/composioCWE-304 | 9.8 | - | 2025-03-20 |
| CVE-2024-8955 | SSRF in composiohq/composio — composiohq/composioCWE-918 | 7.5 | - | 2025-03-20 |
| CVE-2024-8865 | composiohq composio api.py path path traversal — composioCWE-22 | 3.5 | Low | 2024-09-15 |
| CVE-2024-8864 | composiohq composio calculator.py Calculator code injection — composioCWE-94 | 5.5 | Medium | 2024-09-15 |
This page lists every published CVE security advisory associated with composiohq. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.