230 matches found
Insecure Temporary File Usage
llama-index-core is vulnerable to Insecure Temporary File Usage. The vulnerability is due to the use of a predictable hardcoded cache directory /tmp/llamaindex in getcachedir, where attackers on multi-user Linux systems can steal cached model data, poison embeddings, or exploit symlink race...
SUSE CVE-2025-62725
Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker-supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the com.docker.compose.extends or com.docker.compose.envfile annotations in remote OCI artifact layers. An attacker can escape the intended cache directory and overwrite arbitrary files on the host system by...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the com.docker.compose.extends or com.docker.compose.envfile annotations in remote OCI artifact layers. An attacker can escape the intended cache directory and overwrite arbitrary files on the host system by...
CVE-2025-62725
Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...
UBUNTU-CVE-2025-62725
Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...
CVE-2025-62725 Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations
Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...
CVE-2025-62725
CVE-2025-62725 affects Docker Compose when resolving remote OCI artifacts. The vulnerability arises from path handling of annotations in OCI layers (com.docker.compose.file and com.docker.compose.envfile), where Docker Compose joins attacker-controlled paths with its local cache directory without...
CVE-2025-62725 Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations
Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...
GHSA-GV8H-7V7W-R22Q Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations
Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...
Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations
Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...
PT-2025-44043
Name of the Vulnerable Software and Affected Versions Docker Compose versions prior to 2.40.2 Description Docker Compose is affected by a path traversal flaw stemming from improper restriction of path names to accessible directories. This issue allows a remote attacker to overwrite arbitrary file...
EUVD-2025-34071
llama-index has Insecure Temporary File...
CVE-2025-7707 World-Writable NLTK Cache Directory Vulnerability in run-llama/llama_index
The llamaindex library version 0.12.33 sets the NLTK data directory to a subdirectory of the codebase by default, which is world-writable in multi-user environments. This configuration allows local users to overwrite, delete, or corrupt NLTK data files, leading to potential denial of service, dat...
EUVD-2018-15774
Malware in sbrugna...
EUVD-2005-2658
Malware in sbrugna...
EUVD-2017-14501
Malware in sbrugna...
EUVD-2018-4894
Malware in sbrugna...
EUVD-2024-54682
Malicious code in bioql PyPI...
EUVD-2023-0231
Malicious code in bioql PyPI...