AI Component

Plugin

Plugins and tools are the bridge between an LLM and the world outside it: a web-fetch tool, a code interpreter, a shell, an email API, a calendar integration. Each tool the agent can invoke is a new piece of attack surface, and the agent's prompt-injection problem becomes the tool's authorization problem. Common patterns we see in CVEs and AIID reports include over-broad tool permissions (an email-sending tool with no recipient allowlist), SSRF in browse-the-web tools, RCE in code-interpreter sandboxes that escape too easily, and confused-deputy attacks where the agent invokes a tool on behalf of an attacker-controlled prompt instead of the legitimate user. OpenAI's plugin ecosystem and ChatGPT's tool framework have shipped published vulnerabilities; LangChain, LangGraph, CrewAI, and AutoGen have each had agent-tool CVEs. Defenses: least-privilege tool scopes, human-in-the-loop on irreversible actions, separate trust contexts, and auditable tool invocation logs.

455
Total CVEs
23
Pages
Page 22 of 23
Current
Severity CVE CVSS
MEDIUM GHSA-qh2f-99mv-mrcf -
HIGH GHSA-xww8-gqvh-92x9 8.0
HIGH GHSA-p73f-w79w-jqr5 -
HIGH GHSA-j472-gf56-x589 -
HIGH GHSA-77q5-rr5v-x43q -
HIGH GHSA-w5ww-7chg-mxcq -
MEDIUM GHSA-4m3v-q747-pc6h -
MEDIUM GHSA-275c-xpvc-jgfw -
LOW GHSA-3wqp-prf6-2m72 3.1
MEDIUM GHSA-77pv-3w4q-vrj5 -
HIGH GHSA-xr4f-mjxj-w6w5 8.3
MEDIUM GHSA-hcm3-8f6r-6xwg 6.5
CRITICAL GHSA-w4v6-g3wm-w36c -
MEDIUM GHSA-gp79-m99v-gjmh -
HIGH GHSA-c29c-2q9c-pc86 -
MEDIUM GHSA-cqwv-9qjx-vxw2 5.3
HIGH GHSA-jvm4-4j77-39p6 -
HIGH GHSA-83w9-h5wv-j9xm -
MEDIUM GHSA-wv26-j37q-2g7p -
MEDIUM GHSA-p2fh-f5fc-44hr 6.5

Page 22 of 23