Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

SuperAGI

Source -

CNA

CNA CVEs -

2

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
2Vulnerabilities found
CVE-2025-6280
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.10% / 27.29%
||
7 Day CHG~0.00%
Published-19 Jun, 2025 | 21:27
Updated-09 Jul, 2025 | 23:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TransformerOptimus SuperAGI EmailToolKit read_email.py download_attachment path traversal

A vulnerability, which was classified as critical, was found in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function download_attachment of the file SuperAGI/superagi/helper/read_email.py of the component EmailToolKit. The manipulation of the argument filename leads to path traversal. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-superagiTransformerOptimus
Product-superagiSuperAGI
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-21552
Assigner-Snyk
ShareView Details
Assigner-Snyk
CVSS Score-9.8||CRITICAL
EPSS-0.48% / 64.30%
||
7 Day CHG~0.00%
Published-22 Jul, 2024 | 14:18
Updated-01 Aug, 2024 | 22:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All versions of `SuperAGI` are vulnerable to Arbitrary Code Execution due to unsafe use of the ‘eval’ function. An attacker could induce the LLM output to exploit this vulnerability and gain arbitrary code execution on the SuperAGI application server.

Action-Not Available
Vendor-n/asuperagi
Product-SuperAGIsuperagi
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')