Directory Traversal

ComposioHQ is vulnerable to Directory Traversal. The vulnerability is due to improper path validation in the downloadfileordir function, which allows an attacker to manipulate file paths and access sensitive files or directories on the system...

CVE-2025-56427

Directory Traversal vulnerability in ComposioHQ v.0.7.20 allows a remote attacker to obtain sensitive information via the downloadfileordir function...

ComposioHQ has a directory traversal vulnerability

Directory Traversal vulnerability in ComposioHQ v.0.7.20 allows a remote attacker to obtain sensitive information via the downloadfileordir function...

GHSA-3MWV-J45G-VP3W ComposioHQ has a directory traversal vulnerability

Directory Traversal vulnerability in ComposioHQ v.0.7.20 allows a remote attacker to obtain sensitive information via the downloadfileordir function...

CVE-2025-56427

Directory Traversal vulnerability in ComposioHQ v.0.7.20 allows a remote attacker to obtain sensitive information via the downloadfileordir function...

CVE-2025-56427

Directory Traversal vulnerability in ComposioHQ v.0.7.20 allows a remote attacker to obtain sensitive information via the downloadfileordir function...

PT-2025-49045

Name of the Vulnerable Software and Affected Versions ComposioHQ version 0.7.20 Description A directory traversal issue exists in ComposioHQ version 0.7.20. This allows a remote attacker to potentially access sensitive information through the download file or dir function. The issue involves...

CVE-2025-56427

Directory Traversal vulnerability in ComposioHQ v.0.7.20 allows a remote attacker to obtain sensitive information via the downloadfileordir function...

CVE-2025-56427

Directory Traversal vulnerability in ComposioHQ v.0.7.20 allows a remote attacker to obtain sensitive information via the downloadfileordir function...

EUVD-2025-201168

Directory Traversal vulnerability in ComposioHQ v.0.7.20 allows a remote attacker to obtain sensitive information via the downloadfileordir function...

CVE-2025-56427

A directory traversal vulnerability affects ComposioHQ v0.7.20, allowing remote attackers to disclose sensitive information via the _download_file_or_dir function. The issue is consistently described across multiple feeds (Red Hat, GHSA, OSS feeds) as path traversal enabling access to files outsi...

EUVD-2024-2838

Malicious code in bioql PyPI...

EUVD-2025-6889

Malicious code in bioql PyPI...

CVE-2024-8955

A Server-Side Request Forgery SSRF vulnerability exists in composiohq/composio version v0.4.4. This vulnerability allows an attacker to read the contents of any file in the system by exploiting the BROWSERTOOLGOTOPAGE and BROWSERTOOLGETPAGEDETAILS actions...

CVE-2024-8954

In composiohq/composio version 0.5.10, the API does not validate the x-api-key header's value during the authentication step. This vulnerability allows an attacker to bypass authentication by providing any random value in the x-api-key header, thereby gaining unauthorized access to the server...

CVE-2024-8958 Unrestricted File Write and Read in composiohq/composio

In composiohq/composio version 0.4.3, there is an unrestricted file write and read vulnerability in the filetools actions. Due to improper validation of file paths, an attacker can read and write files anywhere on the server, potentially leading to privilege escalation or remote code execution...

CVE-2024-8958 Unrestricted File Write and Read in composiohq/composio

In composiohq/composio version 0.4.3, there is an unrestricted file write and read vulnerability in the filetools actions. Due to improper validation of file paths, an attacker can read and write files anywhere on the server, potentially leading to privilege escalation or remote code execution...

CVE-2024-8952 SSRF in composiohq/composio

A Server-Side Request Forgery SSRF vulnerability exists in composiohq/composio version v0.4.2, specifically in the /api/actions/execute/WEBTOOLSCRAPEWEBSITECONTENT endpoint. This vulnerability allows an attacker to read files, access AWS metadata, and interact with local services on the system...

CVE-2024-8953

CVE-2024-8953 affects composiohq/composio 0.4.3, where the mathematical_calculator endpoint uses the unsafe eval() function, enabling arbitrary code execution with untrusted input. Multiple connected sources confirm the issue and its impact (potential for code execution, high/severe impact). Reme...

CVE-2024-8953 Unsafe eval usage in composiohq/composio

In composiohq/composio version 0.4.3, the mathematicalcalculator endpoint uses the unsafe eval function to perform mathematical operations. This can lead to arbitrary code execution if untrusted input is passed to the eval function...