42 matches found
CVE-2026-55092
Trivy is a security scanner. Prior to 0.71.1, when Trivy downloads an OCI artifact, it uses the org.opencontainers.image.title annotation from the artifact manifest as the destination filename without validation. An attacker who can make Trivy fetch an attacker-controlled artifact can supply a...
CVE-2026-42099 Race Condition in Sparx Pro Cloud Server
Sparx Pro Cloud Server is vulnerable to a Race Condition in the /dataapi/dlinternalartifact.php endpoint. The application downloads the properties of the object pointed by guid parameter and saves loaded content in current location DIR under the specified name. An attacker with repository access...
Exploit for Command Injection in Paloaltonetworks Pan-Os
CVE-2024-3400 Author: wa6n3r | GitHubhttps://github...
PYSEC-2026-94
MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint used to download saved model artifacts. Due to missing access‑control validation, a user without permissions to a given experiment can directly query this endpoint and retrieve model artifacts they are not authorized to...
CVE-2026-33866 Authorization Bypass in MLflow AJAX Endpoint
MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint used to download saved model artifacts. Due to missing access‑control validation, a user without permissions to a given experiment can directly query this endpoint and retrieve model artifacts they are not authorized to...
EUVD-2024-3409
Malicious code in bioql PyPI...
EUVD-2022-34759
Malicious code in bioql PyPI...
EUVD-2022-1024
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-2501
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An improper access control issue in GitLab EE affecting all versions from 12.0 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an attacke...
CVE-2022-2501
An improper access control issue in GitLab EE affecting all versions from 12.0 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an attacker to bypass IP allow-listing and download artifacts. This attack only bypasses IP allow-listing, proper permissions are still required...
CVE-2025-32953
z80pack is a mature emulator of multiple platforms with 8080 and Z80 CPU. In version 1.38 and prior, the makefile-ubuntu.yml workflow file uses actions/upload-artifact@v4 to upload the z80pack-ubuntu artifact. This artifact is a zip of the current directory, which includes the automatically...
CVE-2025-32953 z80pack Vulnerable to Exposure of the GITHUB_TOKEN in Workflow Run Artifact
z80pack is a mature emulator of multiple platforms with 8080 and Z80 CPU. In version 1.38 and prior, the makefile-ubuntu.yml workflow file uses actions/upload-artifact@v4 to upload the z80pack-ubuntu artifact. This artifact is a zip of the current directory, which includes the automatically...
CBL Mariner 2.0 Security Update: gh (CVE-2024-54132)
The version of gh installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-54132 advisory. - The GitHub CLI is GitHub's official command line tool. A security vulnerability has been identified in GitHub CL...
Directory Traversal
The github.com/cli/cli is vulnerable to a Directory Traversal. The vulnerability is due to improper handling of artifact names during download when using the gh run download command. Specifically, if a malicious GitHub Actions workflow artifact is named .., the files within the artifact are...
GHSA-2M9H-R57G-45PJ Downloading malicious GitHub Actions workflow artifact results in path traversal vulnerability
Summary A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh run download. Details This vulnerability stems from a GitHub Actions workflow artifact name...
PT-2024-9531
Name of the Vulnerable Software and Affected Versions GitHub CLI versions prior to 2.63.1 Description A security issue has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh run...
Incorrect delegation lookups can make go-tuf download the wrong artifact
During the ongoing work on the TUF conformance test suite, we have come across a test that reveals what we believe is a bug in go-tuf with security implications. The bug exists in go-tuf delegation tracing and could result in downloading the wrong artifact. We have come across this issue in the...
GO-2022-0600 HashiCorp Nomad Artifact Download Race Condition in github.com/hashicorp/nomad
HashiCorp Nomad Artifact Download Race Condition in github.com/hashicorp/nomad...
Important: apache-ivy
Issue Overview: When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain "../" sequences - which ar...
GHSA-GQJ2-324P-VX73 Microcks contains a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download
Microcks up to version 1.17.1 was discovered to contain a Server-Side Request Forgery SSRF via the component /jobs and /artifact/download. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request...