Nixpkgs security tracker

Login with GitHub

Suggestions search

Published
Filter by:
With package: crewai

Found 4 matching suggestions

View:
Compact
Detailed
Permalink CVE-2026-2287
updated 1 month ago by @mweinelt Activity log
  • Created suggestion 1 month ago
  • @mweinelt ignored
    5 packages
    • pkgsRocm.crewai
    • python312Packages.crewai
    • python313Packages.crewai
    • python314Packages.crewai
    • pkgsRocm.python3Packages.crewai
    1 month ago
  • @mweinelt accepted 1 month ago
  • @mweinelt published on GitHub 1 month ago
CVE-2026-2287

CrewAI does not properly check that Docker is still running during runtime, and will fall back to a sandbox setting that allows for RCE exploitation.

Affected products

CrewAI
  • ==1.0

Matching in nixpkgs

pkgs.crewai

Framework for orchestrating role-playing, autonomous AI agents

Ignored packages (5)

Package maintainers

https://www.kb.cert.org/vuls/id/221883
Permalink CVE-2026-2286
updated 1 month ago by @mweinelt Activity log
  • Created suggestion 1 month ago
  • @mweinelt ignored
    5 packages
    • pkgsRocm.crewai
    • python312Packages.crewai
    • python313Packages.crewai
    • python314Packages.crewai
    • pkgsRocm.python3Packages.crewai
    1 month ago
  • @mweinelt accepted 1 month ago
  • @mweinelt published on GitHub 1 month ago
CVE-2026-2286

CrewAI contains a server-side request forgery vulnerability that enables content acquisition from internal and cloud services, facilitated by the RAG search tools not properly validating URLs provided at runtime.

Affected products

CrewAI
  • ==1.0

Matching in nixpkgs

pkgs.crewai

Framework for orchestrating role-playing, autonomous AI agents

Ignored packages (5)

Package maintainers

https://www.kb.cert.org/vuls/id/221883
Permalink CVE-2026-2285
updated 1 month ago by @mweinelt Activity log
  • Created suggestion 1 month ago
  • @mweinelt ignored
    5 packages
    • pkgsRocm.crewai
    • python312Packages.crewai
    • python313Packages.crewai
    • python314Packages.crewai
    • pkgsRocm.python3Packages.crewai
    1 month ago
  • @mweinelt accepted 1 month ago
  • @mweinelt published on GitHub 1 month ago
CVE-2026-2285

CrewAI contains a arbitrary local file read vulnerability in the JSON loader tool that reads files without path validation, enabling access to files on the server.

Affected products

CrewAI
  • ==1.0

Matching in nixpkgs

pkgs.crewai

Framework for orchestrating role-playing, autonomous AI agents

Ignored packages (5)

Package maintainers

https://www.kb.cert.org/vuls/id/221883
Permalink CVE-2026-2275
updated 1 month ago by @mweinelt Activity log
  • Created suggestion 1 month ago
  • @mweinelt ignored
    5 packages
    • pkgsRocm.python3Packages.crewai
    • python314Packages.crewai
    • python313Packages.crewai
    • python312Packages.crewai
    • pkgsRocm.crewai
    1 month ago
  • @mweinelt accepted 1 month ago
  • @mweinelt published on GitHub 1 month ago
CVE-2026-2275

The CrewAI CodeInterpreter tool falls back to SandboxPython when it cannot reach Docker, which can enable RCE through arbitrary C function calling.

Affected products

CrewAI
  • ==1.0

Matching in nixpkgs

pkgs.crewai

Framework for orchestrating role-playing, autonomous AI agents

Ignored packages (5)

Package maintainers

https://www.kb.cert.org/vuls/id/221883