composio-core

PyPI3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting composio-corepage 1 of 1

CVE-2024-8864MEDIUMCVSS 5.5EG 5.5
2024-09-15
vulnerable: 0.1.100 ... 0.5.6 (126 versions)
A vulnerability has been found in composiohq composio up to 0.5.6 and classified as critical. Affected by this vulnerability is the function Calculator of the file python/composio/tools/local/mathematical/actions/calculator.py. The manipul…
CVE-2024-8865LOWCVSS 3.5EG 3.5
2024-09-15
vulnerable: 0.1.100 ... 0.5.8 (128 versions)
A vulnerability was found in composiohq composio up to 0.5.8 and classified as problematic. Affected by this issue is the function path of the file composio\server\api.py. The manipulation of the argument file leads to path traversal. The …
CVE-2024-8953CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.5.43
2025-03-20
vulnerable: 0.1.100 ... 0.5.9 (162 versions)
In composiohq/composio version 0.4.3, the mathematical_calculator endpoint uses the unsafe eval() function to perform mathematical operations. This can lead to arbitrary code execution if untrusted input is passed to the eval() function.

Check whether composio-core is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for composio-core CVEs against the assets you own.

Start Free Scan →