letta-ai/letta

letta-ai/letta

Releases179

Frequency5 days 5 hours

Last Release 20 days ago

Stars23.1K

Letta is the platform for building stateful agents: AI with advanced memory that can learn and self-improve over time.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-51482 ↗	Jul 22, 2025Tuesday, 22 July 2025, 17:15	8.8 HIGH	—
Remote Code Execution in letta.server.rest_api.routers.v1.tools.run_tool_from_source in letta-ai Letta 0.7.12 allows remote attackers to execute arbitrary Python code and system commands via crafted payloads to the /v1/tools/run endpoint, bypassing intended sandbox restrictions.
CVE-2025-6101 ↗	Jun 16, 2025Monday, 16 June 2025, 03:15	5.5 MEDIUM	5.2 MEDIUM
A vulnerability classified as critical has been found in letta-ai letta up to 0.4.1. Affected is the function function_message of the file letta/letta/interface.py. The manipulation of the argument function_name/function_args leads to improper neutralization of directives in dynamically evaluated code. The exploit has been disclosed to the public and may be used.
CVE-2024-39025 ↗	Dec 27, 2024Friday, 27 December 2024, 20:15	7.5 HIGH	—
Incorrect access control in the /users endpoint of Cpacker MemGPT v0.3.17 allows attackers to access sensitive data.