Security Advisories
Nixer Security Advisories
Independent vulnerability research from the Nixer security team. Each advisory includes technical details, affected versions, CVSS scores, and remediation steps.
2
Critical
3
High
5
Total
| ID | Published | Advisory | Project | Severity | CVSS | Category | Status |
|---|---|---|---|---|---|---|---|
| NIXER-2026-0001 | Jun 1, 2026 | AutoGPT: Unvalidated Tool Call Chain |
AutoGPT
Significant-Gravitas/AutoGPT
|
Critical | 9.1 | Prompt Injection | Patched |
| NIXER-2026-0002 | Jun 1, 2026 | LangChain: Serialization Injection (CVE-2025-68664) |
langchain
langchain-ai/langchain
|
Critical | 9.8 | Supply Chain | Patched |
| NIXER-2026-0003 | Jun 1, 2026 | crewAI: Docker Fallback Vulnerability (CVE-2026-2287) |
crewAI
joaomdmoura/crewAI
|
High | 8.2 | Supply Chain | Patched |
| NIXER-2026-0004 | Jun 1, 2026 | gpt-researcher: Unauthenticated RAG + MCP |
gpt-researcher
assafelovic/gpt-researcher
|
High | 7.5 | MCP | Disclosed |
| NIXER-2026-0005 | Jun 1, 2026 | gpt-pilot: Prompt Injection + MCP Tool Sprawl |
gpt-pilot
Pythagora-io/gpt-pilot
|
High | 7.2 | Prompt Injection | Disclosed |
Run your own security scan
Find vulnerabilities in your own repos before attackers do. Free scan in under 60 seconds.
Scan your repo free →