Skip to content

msaad00/agent-bom

v0.88.4 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 8d Vulnerability Scanning
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

ai-agents ai-security ai-supply-chain aibom blast-radius cloud-security
+14 more
compliance container-security cyclonedx security kubernetes llm-security mcp mcp-server owasp sarif sbom security-scanner supply-chain-security vulnerability-scanning

Affected surfaces

auth breaking_upgrade

Summary

AI summary

Updates deps, graph, and chore across a mixed release.

Full changelog

What's Changed

  • fix(compose): unblock first-run env rendering by @msaad00 in https://github.com/msaad00/agent-bom/pull/2777
  • typing(models): type agent metadata mapping by @msaad00 in https://github.com/msaad00/agent-bom/pull/2778
  • feat(auth): expose scope catalog by @msaad00 in https://github.com/msaad00/agent-bom/pull/2779
  • fix(graph): explain empty exposure paths by @msaad00 in https://github.com/msaad00/agent-bom/pull/2780
  • fix(audit): chain postgres rls bypass events by @msaad00 in https://github.com/msaad00/agent-bom/pull/2781
  • chore(deps): bump docker/login-action from 4.1.0 to 4.2.0 by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/2784
  • chore(deps): bump github/codeql-action from 4.35.5 to 4.36.0 by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/2786
  • chore(deps): bump docker/setup-buildx-action from 4.0.0 to 4.1.0 by @dependabot[bot] in https://github.com/msaad00/agent-bom/pull/2785
  • chore: weekly uv.lock upgrade 2026-05-25 by @github-actions[bot] in https://github.com/msaad00/agent-bom/pull/2782
  • chore: sync MCP registry — 0 new, 7 versions, 0 CVE-enriched by @github-actions[bot] in https://github.com/msaad00/agent-bom/pull/2783
  • fix(registry): prefer official mcp sync source by @msaad00 in https://github.com/msaad00/agent-bom/pull/2787
  • fix(api): require middleware tenant context by @msaad00 in https://github.com/msaad00/agent-bom/pull/2788
  • feat(sdk): expand typescript control-plane client by @msaad00 in https://github.com/msaad00/agent-bom/pull/2789
  • docs(cloud): clarify posture and iac lanes by @msaad00 in https://github.com/msaad00/agent-bom/pull/2790
  • feat(evals): add control-plane evaluation runs by @msaad00 in https://github.com/msaad00/agent-bom/pull/2791
  • fix(graph): expose unified scan context graph by @msaad00 in https://github.com/msaad00/agent-bom/pull/2792
  • fix(prompts): emit unified prompt findings by @msaad00 in https://github.com/msaad00/agent-bom/pull/2793
  • chore(release): prepare v0.88.4 by @msaad00 in https://github.com/msaad00/agent-bom/pull/2794

Full Changelog: https://github.com/msaad00/agent-bom/compare/v0.88.3...v0.88.4

Security Fixes

  • Fix audit: chain PostgreSQL RLS bypass events to prevent unauthorized access
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track msaad00/agent-bom

Get notified when new releases ship.

Sign up free

About msaad00/agent-bom

AI supply chain security scanner with 18 MCP tools. Auto-discovers 20 MCP clients, scans dependencies for CVEs (OSV/NVD/EPSS/CISA KEV), maps blast radius from vulnerabilities to exposed credentials and tools, runs CIS benchmarks, generates CycloneDX/SPDX SBOMs, and enforces compliance across OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, and EU AI Act.

All releases →

Related context

Beta — feedback welcome: [email protected]