VYPR
Vendor

TransformerOptimus

Products
1
CVEs
17
Across products
17
Status
Private

Products

1

Recent CVEs

17
  • CVE-2024-21552CriJul 22, 2024
    risk 0.64cvss 9.8epss 0.01

    All versions of `SuperAGI` are vulnerable to Arbitrary Code Execution due to unsafe use of the ‘eval’ function. An attacker could induce the LLM output to exploit this vulnerability and gain arbitrary code execution on the SuperAGI application server.

  • CVE-2026-6615HigApr 20, 2026
    risk 0.47cvss 7.3epss 0.01

    A weakness has been identified in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function Upload of the file superagi/controllers/resources.py of the component Multipart Upload Handler. This manipulation of the argument Name causes path traversal. It is…

  • CVE-2026-6582HigApr 19, 2026
    risk 0.47cvss 7.3epss 0.00

    A flaw has been found in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function get_vector_db_details of the file superagi/controllers/vector_dbs.py of the component Vector Database Management Endpoint. Executing a manipulation can lead to missing…

  • CVE-2026-6616MedApr 20, 2026
    risk 0.41cvss 6.3epss 0.00

    A security vulnerability has been detected in TransformerOptimus SuperAGI up to 0.0.14. This affects the function extract_with_bs4/extract_with_3k/extract_with_lxml of the file superagi/helper/webpage_extractor.py of the component WebScraperTool. Such manipulation leads to…

  • CVE-2026-6614MedApr 20, 2026
    risk 0.41cvss 6.3epss 0.00

    A security flaw has been discovered in TransformerOptimus SuperAGI up to 0.0.14. Affected by this vulnerability is the function get_project/update_project/get_projects_organisation of the file superagi/controllers/project.py. The manipulation results in authorization bypass. The…

  • CVE-2026-6613MedApr 20, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function delete_agent/stop_schedule/get_schedule_data of the file superagi/controllers/agent.py. The manipulation of the argument agent_id leads to authorization bypass. The attack is…

  • CVE-2026-6612MedApr 20, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This impacts the function get_agent_execution/update_agent_execution of the file superagi/controllers/agent_execution.py of the component Agent Execution Endpoint. Executing a manipulation of the…

  • CVE-2026-6586MedApr 20, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Impacted is the function get_budget/update_budget of the file superagi/controllers/budget.py of the component Budget Endpoint. Such manipulation leads to authorization bypass. It is possible to launch…

  • CVE-2025-6280MedJun 19, 2025
    risk 0.36cvss 5.5epss 0.01

    A vulnerability, which was classified as critical, was found in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function download_attachment of the file SuperAGI/superagi/helper/read_email.py of the component EmailToolKit. The manipulation of the argument filename…

  • CVE-2026-6585MedApr 20, 2026
    risk 0.35cvss 5.4epss 0.00

    A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This issue affects the function update_organisation of the file superagi/controllers/organisation.py of the component Organisation Update Endpoint. This manipulation of the argument organisation_id…

  • CVE-2026-6584MedApr 20, 2026
    risk 0.35cvss 5.4epss 0.00

    A vulnerability was found in TransformerOptimus SuperAGI up to 0.0.14. This vulnerability affects the function update_user of the file superagi/controllers/user.py of the component User Update Endpoint. The manipulation of the argument user_id results in authorization bypass.…

  • CVE-2026-6583MedApr 19, 2026
    risk 0.35cvss 5.4epss 0.00

    A vulnerability has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the function delete_api_key/edit_api_key of the file superagi/controllers/api_key.py of the component API Key Management Endpoint. The manipulation leads to authorization bypass. The attack…

  • CVE-2025-51475Jul 22, 2025
    risk 0.00cvss epss 0.01

    Arbitrary File Overwrite (AFO) in superagi.controllers.resources.upload in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to overwrite arbitrary files via unsanitised filenames submitted to the file upload endpoint, due to improper handling of directory traversal in…

  • CVE-2025-51472Jul 22, 2025
    risk 0.00cvss epss 0.00

    Code Injection in AgentTemplate.eval_agent_config in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to execute arbitrary Python code via malicious values in agent template configurations such as the goal, constraints, or instruction field, which are evaluated using…

  • CVE-2024-12048Mar 20, 2025
    risk 0.00cvss epss 0.01

    An IDOR (Insecure Direct Object Reference) vulnerability exists in transformeroptimus/superagi version v0.0.14. The application fails to properly check authorization for multiple API endpoints, allowing attackers to view, edit, and delete other users' information without proper…

  • CVE-2024-9431Mar 20, 2025
    risk 0.00cvss epss 0.01

    In version v0.0.14 of transformeroptimus/superagi, there is an improper privilege management vulnerability. After logging into the system, users can change the passwords of other users, leading to potential account takeover.

  • CVE-2024-9418Mar 20, 2025
    risk 0.00cvss epss 0.01

    In version 0.0.14 of transformeroptimus/superagi, the API endpoint `/api/users/get/{id}` returns the user's password in plaintext. This vulnerability allows an attacker to retrieve the password of another user, leading to potential account takeover.