Please email disclosures@daily.co.
Security: pipecat-ai/pipecat
Security
SECURITY.md
-
Telephony WebSocket `/ws` Unauthenticated Call-Control Abuse via Attacker-Supplied Call SIDGHSA-j8cv-x86q-rj85 published
Jun 17, 2026 by markbackmanHigh -
Path Traversal in Pipecat Runner `/files` Endpoint — Arbitrary File Read via `%2F`-Encoded SeparatorGHSA-3363-2ph6-35wh published
May 15, 2026 by markbackmanHigh -
Remote Code Execution by Pickle Deserialization via LivekitFrameSerializer in pipecat-ai/pipecatGHSA-c2jg-5cp7-6wc7 published
Apr 23, 2026 by markbackmanCritical
Learn more about advisories related to pipecat-ai/pipecat in the GitHub Advisory Database