Openagentplatform Dive vulnerabilities
3 known vulnerabilities affecting openagentplatform/dive.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2
Vulnerabilities
Page 1 of 1
CVE-2025-58176P2HIGHCVSS 8.8≥ 0.9.0, < 0.9.4v>= 0.9.0, < 0.9.42025-09-03
CVE-2025-58176 [HIGH] CWE-94 CVE-2025-58176: Dive is an open-source MCP Host Desktop Application that enables integration with function-calling L
Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. In versions 0.9.0 through 0.9.3, there is a one-click Remote Code Execution vulnerability triggered through a custom url value, `transport` in the JSON object. An attacker can exploit the vulnerability in the following two scenarios: a victim visits
nvd
CVE-2026-23523P2HIGHCVSS 8.8fixed in 0.13.02026-01-16
CVE-2026-23523 [HIGH] CWE-94 CVE-2026-23523: Dive is an open-source MCP Host Desktop Application that enables integration with function-calling L
Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. Prior to 0.13.0, crafted deeplink can install an attacker-controlled MCP server configuration without sufficient user confirmation and can lead to arbitrary local command execution on the victim’s machine. This vulnerability is fixed in 0.13.0.
nvd
CVE-2025-66580P3CRITICALCVSS 9.6fixed in 0.11.12025-12-19
CVE-2025-66580 [CRITICAL] CWE-94 CVE-2025-66580: Dive is an open-source MCP Host Desktop Application that enables integration with function-calling L
Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. A critical Stored Cross-Site Scripting (XSS) vulnerability exists in versions prior to 0.11.1 in the Mermaid diagram rendering component. The application allows the execution of arbitrary JavaScript via `javascript:`. An attacker can exploit thi
nvd