Bounties
Partners
Community
Info
geekan / metagpt
Project repository
🌟 The Multi-Agent Framework: First AI Software Company, Towards Natural Language Programming
Submit a report
FIRST INTERACTION
WITHIN
N/A DAYS
REVIEW
WITHIN
35 DAYS
FIX
WITHIN
N/A DAYS
Unsafe eval() on LLM Output in action_node.py Enables Remote Code Execution via...
Mar 19th 2026
mom3gool2030
•
duplicate
None
The Programmer component contains a remote code execution vulnerability that can...
Jan 3rd 2026
ka7arotto
•
duplicate
Critical
MetaGPT Has Blacklist bypass RCE
Apr 2nd 2026
to-be-w1th0ut
•
pending
metagpt Has Unsafe Dynamic Function Invocation
Apr 2nd 2026
to-be-w1th0ut
•
pending
MetaGPT has a path traversal vulnerability
Apr 2nd 2026
to-be-w1th0ut
•
pending
MetaGPT has exec() for remote code execution (via web UI)
Apr 2nd 2026
to-be-w1th0ut
•
pending
MetaGPT has eval() remote code execution
Apr 2nd 2026
to-be-w1th0ut
•
pending
Remote Code Execution (RCE) via insecure eval() in ActionNode.xml_fill
Mar 16th 2026
0xamino
•
pending
Insecure Use of `pull_request_target` with Untrusted PR Checkout in GitHub Actio...
Sep 17th 2024
arunstar
•
informative
Critical
Command injection in rebuild_class_views
Oct 9th 2024
zhcy2018
•
informative
High
Zipslip when parsing invoice zip file via InvoiceOCRAssistant
Jul 22nd 2024
sunrisexu
•
informative
High
Command Injection Vulnerability in MetaGPT Minecraft Integration
Jul 3rd 2024
piyush-bhor
•
not applicable
Code Injection in metagpt.strategy.tot in geekan/metagpt
May 13th 2024
yuligesec
•
informative
Critical
RCE in DataInterpreter
Jun 10th 2024
d4rkd0g
•
informative
Critical
Code Injection via the load() Function of the Message Class
May 8th 2024
williwollo
•
informative
High
Remote code execution caused by prompt injection.
Apr 29th 2024
lyutoon
•
informative
Critical
CRITICAL
$0
HIGH
$0
MEDIUM
$0
LOW
$0
