Package impact
PyPI / praisonaiagents
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44335 | critical | 9.8 | 9.8 | 22d ago | PraisonAI has an SSRF bypass | |||
| CVE-2026-44339 | high | 8.6 | 8.6 | 22d ago | PraisonAI has unsafe tool resolution in `ToolExecutionMixin.execute_tool`: undeclared `__main__` callables execute | |||
| CVE-2026-41496 | high | 8.1 | 8.1 | 22d ago | PraisonAI: SQL Injection via unvalidated `table_prefix` in 9 conversation store backends (incomplete fix for CVE-2026-40315) | |||
| CVE-2026-47392 | unknown | — | — | 23h ago | PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode) | |||
| CVE-2026-47395 | unknown | — | — | 23h ago | PraisonAI CLI automatically resolves @url mentions in prompt text and can read loopback URLs into model context | |||
| CVE-2026-47390 | unknown | — | — | 23h ago | PraisonAI spider_tools SSRF protection bypass via alternate loopback host encodings |