0.18.0
1 months ago
3 days ago
Known vulnerabilities in the hermes-agent package. This does not include vulnerabilities belonging to this package’s dependencies.
Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
hermes-agent is a The self-improving AI agent — creates skills from experience, improves them during use, and runs anywhere Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in the How to fix Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')? Upgrade | [,0.15.0) |
hermes-agent is a The self-improving AI agent — creates skills from experience, improves them during use, and runs anywhere Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') via the How to fix Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')? Upgrade | [,0.15.0) |
hermes-agent is a The self-improving AI agent — creates skills from experience, improves them during use, and runs anywhere Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the handling of WebSocket upgrade requests on How to fix Missing Authentication for Critical Function? Upgrade | [,0.16.0) |
hermes-agent is a The self-improving AI agent — creates skills from experience, improves them during use, and runs anywhere Affected versions of this package are vulnerable to Incorrect Default Permissions due to the creation of How to fix Incorrect Default Permissions? Upgrade | [,0.16.0) |