Significant-Gravitas Autogpt vulnerabilities
8 known vulnerabilities affecting significant-gravitas/significant-gravitas_autogpt.
Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH4MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-1881P2CRITICALCVSS 9.8≥ unspecified, < 5.1.02024-06-06
CVE-2024-1881 [CRITICAL] CWE-78 CVE-2024-1881: AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of
AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command ('OS Command Injection') due to a flaw in its shell command validation function. Specifically, the vulnerability exists in versions v0.5.0 up to but not including 5.1.0. The issue arises from the application's me
nvd
CVE-2024-8156P2CRITICALCVSS 9.8≥ unspecified, < 0.5.12025-03-20
CVE-2024-8156 [CRITICAL] CWE-77 CVE-2024-8156: A command injection vulnerability exists in the workflow-checker.yml workflow of significant-gravita
A command injection vulnerability exists in the workflow-checker.yml workflow of significant-gravitas/autogpt. The untrusted user input `github.head.ref` is used insecurely, allowing an attacker to inject arbitrary commands. This vulnerability affects versions up to and including the latest version. An attacker can exploit this by creating a branch n
nvd
CVE-2025-1040P2HIGHCVSS 8.8≥ unspecified, < v0.4.02025-03-20
CVE-2025-1040 [HIGH] CWE-1336 CVE-2025-1040: AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection (SSTI) that co
AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection (SSTI) that could lead to Remote Code Execution (RCE). The vulnerability arises from the improper handling of user-supplied format strings in the `AgentOutputBlock` implementation, where malicious input is passed to the Jinja2 templating engine without adequate securi
nvd
CVE-2024-6091P3CRITICALCVSS 9.8≥ unspecified, < 0.5.12024-09-11
CVE-2024-6091 [CRITICAL] CWE-78 CVE-2024-6091: A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the shell
A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the shell commands denylist settings. The issue arises when the denylist is configured to block specific commands, such as 'whoami' and '/bin/whoami'. An attacker can circumvent this restriction by executing commands with a modified path, such as '/bin/./whoami
nvd
CVE-2024-1879P3HIGHCVSS 8.8≥ unspecified, < 5.12024-06-06
CVE-2024-1879 [HIGH] CWE-352 CVE-2024-1879: A Cross-Site Request Forgery (CSRF) vulnerability in significant-gravitas/autogpt version v0.5.0 all
A Cross-Site Request Forgery (CSRF) vulnerability in significant-gravitas/autogpt version v0.5.0 allows attackers to execute arbitrary commands on the AutoGPT server. The vulnerability stems from the lack of protections on the API endpoint receiving instructions, enabling an attacker to direct a user running AutoGPT in their local network to a malicious
nvd
CVE-2024-1880P3HIGHCVSS 7.8≥ unspecified, < 5.1.02024-06-06
CVE-2024-1880 [HIGH] CWE-78 CVE-2024-1880: An OS command injection vulnerability exists in the MacOS Text-To-Speech class MacOSTTS of the signi
An OS command injection vulnerability exists in the MacOS Text-To-Speech class MacOSTTS of the significant-gravitas/autogpt project, affecting versions up to v0.5.0. The vulnerability arises from the improper neutralization of special elements used in an OS command within the `_speech` method of the MacOSTTS class. Specifically, the use of `os.system` to
nvd
CVE-2025-0454P3HIGHCVSS 7.5≥ unspecified, < v0.4.02025-03-20
CVE-2025-0454 [HIGH] CWE-918 CVE-2025-0454: A Server-Side Request Forgery (SSRF) vulnerability was identified in the Requests utility of signifi
A Server-Side Request Forgery (SSRF) vulnerability was identified in the Requests utility of significant-gravitas/autogpt versions prior to v0.4.0. The vulnerability arises due to a hostname confusion between the `urlparse` function from the `urllib.parse` library and the `requests` library. A malicious user can exploit this by submitting a specially cr
nvd
CVE-2024-10457P3MEDIUMCVSS 6.5≥ unspecified, < autogpt-platform-beta-v0.2.12025-03-20
CVE-2024-10457 [MEDIUM] CWE-918 CVE-2024-10457: Multiple Server-Side Request Forgery (SSRF) vulnerabilities were identified in the significant-gravi
Multiple Server-Side Request Forgery (SSRF) vulnerabilities were identified in the significant-gravitas/autogpt repository, specifically in the GitHub Integration and Web Search blocks. These vulnerabilities affect version agpt-platform-beta-v0.1.1. The issues arise when block inputs are controlled by untrusted sources, leading to potential credenti
nvd