Superagi
Source repositories
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-6280 | Med | 0.36 | 5.5 | 0.01 | Jun 19, 2025 | A vulnerability, which was classified as critical, was found in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function download_attachment of the file SuperAGI/superagi/helper/read_email.py of the component EmailToolKit. The manipulation of the argument filename… | ||
| CVE-2026-6583 | Med | 0.35 | 5.4 | 0.00 | Apr 19, 2026 | A vulnerability has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the function delete_api_key/edit_api_key of the file superagi/controllers/api_key.py of the component API Key Management Endpoint. The manipulation leads to authorization bypass. The attack… | ||
| CVE-2024-9437 | 0.00 | — | 0.01 | Mar 20, 2025 | SuperAGI version v0.0.14 is vulnerable to an unauthenticated Denial of Service (DoS) attack. The vulnerability exists in the resource upload request, where appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request causes the server to… | |||
| CVE-2024-9439 | 0.00 | — | 0.01 | Mar 20, 2025 | SuperAGI is vulnerable to remote code execution in the latest version. The `agent template update` API allows attackers to control certain parameters, which are then fed to the eval function without any sanitization or checks in place. This vulnerability can lead to full system… | |||
| CVE-2024-9447 | 0.00 | — | 0.01 | Mar 20, 2025 | An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. The `/get/organisation/` endpoint does not verify the user's organization, allowing any authenticated user to retrieve sensitive configuration details, including API keys, of any… | |||
| CVE-2024-10267 | 0.00 | — | 0.01 | Mar 20, 2025 | An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. An attacker can leak sensitive user information, including names, emails, and passwords, by attempting to register a new account with an email that is already in use. The server… | |||
| CVE-2024-9415 | 0.00 | — | 0.01 | Mar 20, 2025 | A Path Traversal vulnerability exists in the file upload functionality of transformeroptimus/superagi version 0.0.14. This vulnerability allows an attacker to upload an arbitrary file to the server, potentially leading to remote code execution or overwriting any file on the… | |||
| CVE-2023-48055 | 0.00 | — | 0.00 | Nov 16, 2023 | SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. This vulnerability can lead to the disclosure of information and communications. |
- risk 0.36cvss 5.5epss 0.01
A vulnerability, which was classified as critical, was found in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function download_attachment of the file SuperAGI/superagi/helper/read_email.py of the component EmailToolKit. The manipulation of the argument filename…
- risk 0.35cvss 5.4epss 0.00
A vulnerability has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the function delete_api_key/edit_api_key of the file superagi/controllers/api_key.py of the component API Key Management Endpoint. The manipulation leads to authorization bypass. The attack…
- CVE-2024-9437Mar 20, 2025risk 0.00cvss —epss 0.01
SuperAGI version v0.0.14 is vulnerable to an unauthenticated Denial of Service (DoS) attack. The vulnerability exists in the resource upload request, where appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request causes the server to…
- CVE-2024-9439Mar 20, 2025risk 0.00cvss —epss 0.01
SuperAGI is vulnerable to remote code execution in the latest version. The `agent template update` API allows attackers to control certain parameters, which are then fed to the eval function without any sanitization or checks in place. This vulnerability can lead to full system…
- CVE-2024-9447Mar 20, 2025risk 0.00cvss —epss 0.01
An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. The `/get/organisation/` endpoint does not verify the user's organization, allowing any authenticated user to retrieve sensitive configuration details, including API keys, of any…
- CVE-2024-10267Mar 20, 2025risk 0.00cvss —epss 0.01
An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. An attacker can leak sensitive user information, including names, emails, and passwords, by attempting to register a new account with an email that is already in use. The server…
- CVE-2024-9415Mar 20, 2025risk 0.00cvss —epss 0.01
A Path Traversal vulnerability exists in the file upload functionality of transformeroptimus/superagi version 0.0.14. This vulnerability allows an attacker to upload an arbitrary file to the server, potentially leading to remote code execution or overwriting any file on the…
- CVE-2023-48055Nov 16, 2023risk 0.00cvss —epss 0.00
SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. This vulnerability can lead to the disclosure of information and communications.