Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

11 advisories

Loading
PraisonAI Vulnerable to OS Command Injection Critical
CVE-2026-40088 was published for PraisonAI (pip) Apr 8, 2026
l3tchupkt Credited to l3tchupkt
PraisonAI Vulnerable to Code Injection and Protection Mechanism Failure High
CVE-2026-40158 was published for PraisonAI (pip) Apr 10, 2026
l3tchupkt Credited to l3tchupkt
PraisonAI Vulnerable Untrusted Remote Template Code Execution Critical
CVE-2026-40154 was published for PraisonAI (pip) Apr 10, 2026
l3tchupkt Credited to l3tchupkt
PraisonAI Vulnerable to Implicit Execution of Arbitrary Code via Automatic `tools.py` Loading High
CVE-2026-40156 was published for praisonai (pip) Apr 10, 2026
l3tchupkt Credited to l3tchupkt
PraisonAI Vulnerable to Sensitive Environment Variable Exposure via Untrusted MCP Subprocess Execution Moderate
CVE-2026-40159 was published for PraisonAI (pip) Apr 10, 2026
l3tchupkt Credited to l3tchupkt
PraisonAI Vulnerable to RCE via Automatic tools.py Import High
CVE-2026-40287 was published for PraisonAI (pip) Apr 10, 2026
l3tchupkt Credited to l3tchupkt
PraisonAI has critical RCE via `type: job` workflow YAML Critical
CVE-2026-40288 was published for PraisonAI (pip) Apr 10, 2026
l3tchupkt Credited to l3tchupkt
compliance-trestle - jinja has an Arbitrary File Write via Path Traversal High
CVE-2026-46345 was published for compliance-trestle (pip) May 28, 2026
l3tchupkt Credited to l3tchupkt
compliance-trestle Vulnerable to SSRF in Remote Fetching Subsystem Moderate
CVE-2026-46380 was published for compliance-trestle (pip) May 28, 2026
yantongggg Credited to yantongggg and l3tchupkt l3tchupkt l3tchupkt
compliance-trestle Vulnerable to Remote Code Execution via Recursive Server-Side Template Injection (SSTI) High
CVE-2026-46439 was published for compliance-trestle (pip) May 28, 2026
l3tchupkt Credited to l3tchupkt
PyLoad Vulnerable to Path Traversal via Package Folder Name Moderate
CVE-2026-42314 was published for pyload-ng (pip) May 5, 2026
l3tchupkt Credited to l3tchupkt
ProTip! Advisories are also available from the GraphQL API