AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.6.34 through 0.6.51, the backend deserializes Redis cache bytes
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in SendDiscordF
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijack
FastGPT is an AI Agent building platform. In versions 4.14.13 and prior, the code-sandbox component suffers from insufficient resource isolation and uncontrolled resource consumption. The service reli
A vulnerability in imartinez/privategpt version 0.5.0 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.1, AutoGPT allows of leakage of cross-doma
FastGPT is an open-source project that provides a platform for building, deploying, and operating AI-driven workflows and conversational agents. The Sandbox container (fastgpt-sandbox) is a specialize
AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection (SSTI) that could lead to Remote Code Execution (RCE). The vulnerability arises from the improper handling of user
A Server-Side Request Forgery (SSRF) vulnerability was identified in the Requests utility of significant-gravitas/autogpt versions prior to v0.4.0. The vulnerability arises due to a hostname confusion
A Denial of Service (DoS) vulnerability in the multipart request boundary processing mechanism of eosphoros-ai/db-gpt v0.6.0 allows unauthenticated attackers to cause excessive resource consumption. T
A command injection vulnerability exists in the workflow-checker.yml workflow of significant-gravitas/autogpt. The untrusted user input `github.head.ref` is used insecurely, allowing an attacker to in
FastGPT is an AI Agent building platform. Prior to version 4.11.1, in the workflow file reading node, the network link is not security-verified, posing a risk of SSRF attacks. This issue has been patc
In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations
A vulnerability has been found in eosphoros-ai DB-GPT up to 0.7.5. This issue affects the function module_plugin.refresh_plugins of the file packages/dbgpt-serve/src/dbgpt_serve/agent/hub/controller.p
FastGPT is an AI Agent building platform. Due to the fact that FastGPT's web page acquisition nodes, HTTP nodes, etc. need to initiate data acquisition requests from the server, there are certain secu
FastGPT is an AI Agent building platform. From 4.14.0 to 4.14.5, attackers can directly access the plugin system through FastGPT/api/plugin/xxx without authentication, thereby threatening the plugin s
FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery (SSRF) vulnerability allows an authenticated attacker to bypass the global isInternalAddress network prot
In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /v1/personal/agent/upload` is vulnerable to Arbitrary File Upload with Path Traversal. This vulnerability allows unauthorized attackers to uplo
FastGPT is an AI Agent building platform. Prior to 4.14.10.3, the /api/core/app/mcpTools/runTool endpoint accepts arbitrary URLs without authentication. The internal IP check in isInternalAddress() on
A Denial of Service (DoS) vulnerability exists in the file upload feature of imartinez/privategpt version v0.6.2. The vulnerability is due to improper handling of form-data with a large filename in th