mem0ai
PyPI4 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting mem0aipage 1 of 1
- CVE-2026-31240HIGHCVSS 7.5EG 7.52026-05-12
vulnerable: 0.0.1 ... 1.0.0b0 (155 versions)
The mem0 1.0.0 server lacks authentication and authorization controls for its memory management API endpoints. Critical functions such as updating memory records (PUT /memories/{memory_id}) are exposed without any verification of the reque…
- CVE-2026-31241MEDIUMCVSS 6.5EG 6.52026-05-12
vulnerable: 0.0.1 ... 1.0.0b0 (155 versions)
The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint (DELETE /memories). The endpoint allows unauthenticated users to delete memory records by specifying arbitrary user identifiers (e.g…
- CVE-2026-31245MEDIUMCVSS 5.3EG 5.32026-05-12
vulnerable: 0.0.1 ... 1.0.0b0 (155 versions)
The mem0 1.0.0 server lacks authentication and authorization controls for its memory creation API endpoint (POST /memories). The endpoint allows unauthenticated users to submit arbitrary memory records without verifying their identity or p…
- CVE-2026-7597MEDIUMCVSS 6.3EG 6.3✓ Fixed in 2.0.0b22026-05-01
vulnerable: 0.0.1 ... 2.0.0b1 (168 versions)
A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function pickle.load/pickle.dump of the file mem0/vector_stores/faiss.py. Performing a manipulation results in deserialization. It is possible to initiate the attack r…
Check whether mem0ai is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for mem0ai CVEs against the assets you own.
Start Free Scan →