VYPR

Metagpt

by Deepwisdom

pypi: metagpt

Source repositories

CVEs (14)

  • CVE-2026-5971HigApr 9, 2026
    risk 0.47cvss 7.3epss 0.00

    A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xml_fill of the file metagpt/actions/action_node.py of the component XML Handler. Executing a manipulation can lead to improper neutralization of directives in…

  • CVE-2026-5972HigApr 9, 2026
    risk 0.41cvss 7.3epss 0.02

    A vulnerability has been found in FoundationAgents MetaGPT up to 0.8.1. This issue affects the function Terminal.run_command in the library metagpt/tools/libs/terminal.py. The manipulation leads to os command injection. Remote exploitation of the attack is possible. The exploit…

  • CVE-2026-4516MedMar 21, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/write_analysis_code.py of the component DataInterpreter. The manipulation results in injection. It is possible to launch the attack…

  • CVE-2026-4515MedMar 21, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in Foundation Agents MetaGPT up to 0.8.1. This affects the function code_generate of the file metagpt/ext/aflow/scripts/operator.py. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been…

  • CVE-2026-6110HigApr 12, 2026
    risk 0.40cvss 7.3epss 0.00

    A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generate_thoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack…

  • CVE-2026-5974HigApr 9, 2026
    risk 0.40cvss 7.3epss 0.02

    A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The affected element is the function Bash.run in the library metagpt/tools/libs/terminal.py. This manipulation causes os command injection. The attack is possible to be carried out remotely. The project was…

  • CVE-2026-5973HigApr 9, 2026
    risk 0.40cvss 7.3epss 0.02

    A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is the function get_mime_type of the file metagpt/utils/common.py. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be…

  • CVE-2026-5970HigApr 9, 2026
    risk 0.40cvss 7.3epss 0.00

    A vulnerability was detected in FoundationAgents MetaGPT up to 0.8.1. This affects the function check_solution of the component HumanEvalBenchmark/MBPPBenchmark. Performing a manipulation results in code injection. The attack may be initiated remotely. The exploit is now public…

  • CVE-2026-10566MedJun 2, 2026
    risk 0.34cvss 5.3epss 0.00

    A weakness has been identified in FoundationAgents MetaGPT up to 0.8.2. This affects the function Message.check_instruct_content of the file metagpt/schema.py. Executing a manipulation of the argument mapping can lead to deserialization. The attack is restricted to local…

  • CVE-2026-6111MedApr 12, 2026
    risk 0.34cvss 6.3epss 0.00

    A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. This impacts the function decode_image of the file metagpt/utils/common.py. The manipulation of the argument img_url_or_b64 results in server-side request forgery. It is possible to launch the attack…

  • CVE-2026-11455MedJun 7, 2026
    risk 0.33cvss 5.0epss 0.01

    A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.2. Affected by this issue is the function check_cmd_exists of the file metagpt/utils/common.py. This manipulation of the argument mermaid.path causes command injection. The attack may be initiated remotely. A…

  • CVE-2026-6109MedApr 12, 2026
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The impacted element is the function evaluateCode of the file metagpt/environment/minecraft/mineflayer/index.js of the component Mineflayer HTTP API. Executing a manipulation can lead to cross-site request…

  • CVE-2026-0761Jan 23, 2026
    risk 0.00cvss epss 0.01

    Foundation Agents MetaGPT actionoutput_str_to_mapping Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foundation Agents MetaGPT. Authentication is not required to exploit this…

  • CVE-2026-0760Jan 23, 2026
    risk 0.00cvss epss 0.01

    Foundation Agents MetaGPT deserialize_message Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foundation Agents MetaGPT. Authentication is not required to…