Security: MervinPraison/PraisonAI
Security
No security policy detected
This project has not set up a SECURITY.md file yet.
Report a vulnerability-
praisonai-platform: Any workspace member can promote themselves (or any other member) to owner via PATCH /workspaces/{id}/members/{user_id}GHSA-c2m8-4gcg-v22g published
May 19, 2026 by MervinPraisonCritical -
praisonai-platform: Label endpoints accept any label_id and any issue_id without workspace ownership check, cross-workspace label edit/delete and issue-label-link IDORGHSA-5jx9-w35f-vp65 published
May 19, 2026 by MervinPraisonHigh -
praisonai-platform: Comment endpoints accept any issue_id without workspace ownership check, cross-workspace comment read and post IDORGHSA-cp4f-5m9r-5jc2 published
May 19, 2026 by MervinPraisonHigh -
praisonai-platform: Project endpoints accept any project_id without workspace ownership check, cross-workspace read/update/delete IDORGHSA-943m-6wx2-rc2j published
May 19, 2026 by MervinPraisonHigh -
praisonai-platform: Issue endpoints accept any issue_id without workspace ownership check, cross-workspace read/update/delete IDORGHSA-xwq8-frcg-77q8 published
May 19, 2026 by MervinPraisonHigh -
praisonai-platform: Agent endpoints accept any agent_id without workspace ownership check, cross-workspace read/update/delete IDORGHSA-7p8g-6c6g-h9w7 published
May 19, 2026 by MervinPraisonHigh -
Sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)GHSA-4mr5-g6f9-cfrh published
May 19, 2026 by MervinPraisonCritical -
Symlink-extraction bypass of `_safe_extractall` writes outside `dest_dir`GHSA-9q28-ghcr-c4x3 published
May 4, 2026 by MervinPraisonHigh -
Unsafe tool resolution in `ToolExecutionMixin.execute_tool`: undeclared `__main__` callables executeGHSA-gmjg-hv98-qggq published
May 4, 2026 by MervinPraisonHigh -
PraisonAI MCP `tools/call` path-traversal => RCE via Python `.pth` injectionGHSA-9mqq-jqxf-grvw published
May 3, 2026 by MervinPraisonCritical
Learn more about advisories related to MervinPraison/PraisonAI in the GitHub Advisory Database