U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2025-48491 Detail

Description

Project AI is a platform designed to create AI agents. Prior to the pre-beta version, a hardcoded API key was present in the source code. This issue has been patched in the pre-beta version.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

Nist CVSS score does not match with CNA score
CNA:  GitHub, Inc.
CVSS-BT 2.7 LOW
Vector:  CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
https://github.com/aryan6673/project-ai/commit/142252c43f1dacb3fed99e3336f5cd863b028bc2 GitHub, Inc.
https://github.com/aryan6673/project-ai/commit/1de910f353eb2a68c980149b906e7495459296ad GitHub, Inc.
https://github.com/aryan6673/project-ai/commit/54a69c3ccd301d35f3d54f4844d9910e609beb73 GitHub, Inc.
https://github.com/aryan6673/project-ai/commit/7f3b93f9aa9085d5413b4019172b0e56676346d7 GitHub, Inc.
https://github.com/aryan6673/project-ai/commit/8db90e3d9777850741804533ebde5824b4a5795c GitHub, Inc.
https://github.com/aryan6673/project-ai/commit/99e0e0718edb0e59c5d3c5a69903b87c69fcfe7a GitHub, Inc.
https://github.com/aryan6673/project-ai/commit/ab67979a46b0e343dc20a95a2b65d3c4994c31e7 GitHub, Inc.
https://github.com/aryan6673/project-ai/commit/c1fb156418d98a1e6c60bb680db57e9558785093 GitHub, Inc.
https://github.com/aryan6673/project-ai/security/advisories/GHSA-8486-vrcp-69rv GitHub, Inc.

Weakness Enumeration

CWE-ID CWE Name Source
CWE-798 Use of Hard-coded Credentials GitHub, Inc.  

Change History

1 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2025-48491
NVD Published Date:
05/30/2025
NVD Last Modified:
05/30/2025
Source:
GitHub, Inc.