4559 matches found
PT-2025-14858 · Acme.Sh · Acme.Sh
Name of the Vulnerable Software and Affected Versions: acme.sh versions prior to 40b6db6 Description: The issue concerns a Docker image of acme.sh that is based on a .github/workflows/dockerhub.yml file. This file lacks the "persist-credentials: false" setting for actions/checkout, which may lead...
CVE-2025-31479 canonical/get-workflow-version-action can leak a partial GITHUB_TOKEN in exception output
canonical/get-workflow-version-action is a GitHub composite action to get commit SHA that GitHub Actions reusable workflow was called with. Prior to 1.0.1, if the get-workflow-version-action step fails, the exception output may include the GITHUBTOKEN. If the full token is included in the excepti...
Deserialization Of Untrusted Data
com.aizuda, snail-job is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to improper input validation of the nodeExpression argument in the getRuntime function of the Workflow-Task Management Module, allowing an attacker to execute arbitrary code remotely...
get-workflow-version-action 日志信息泄露漏洞
get-workflow-version-action is a Canonical open source tool. A log information disclosure vulnerability exists in get-workflow-version-action versions prior to 1.0.1, which stems from the fact that the exception output may contain GITHUBTOKEN, which could lead to information disclosure...
MD5 Hash Collisions
sagemaker is vulnerable to MD5 Hash Collisions. The vulnerability is due to weak hashing in workflow identification due to the reuse of results from different configurations that produce the same MD5 hash, potentially leading to unintended workflow replacements and integrity issues...
Exploit for CVE-2025-1097
Exploit for Ingress NGINX - IngressNightmare This project pr...
Path Traversal
agentscope is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths in the save-workflow and load-workflow functionality, allowing an attacker to read and write arbitrary JSON files on the filesystem...
Security Bulletin: Multiple vulnerabilities in DITA, Apache Batik, Apache FOP may affect IBM Business Automation Workflow and IBM Case Manager
Summary IBM Business Automation Workflow and IBM Case Manager packages DITA for documentation generation in Case Management. Multiple CVEs have been reported for open source libraries repackaged in DITA. A few of the same open source libraries, such as Apache Batik and Apache FOP, are also used f...
Security Bulletin: Path traversal vulnerability affects IBM Business Monitor - CVE-2022-43864
Summary IBM Business Monitor is vulnerable to a Path Traversal attack in the Business Space component. Vulnerability Details CVEID:CVE-2022-43864 DESCRIPTION: IBM Business Automation Workflow could allow a remote attacker to traverse directories on the system. An attacker could send a specially...
GHSA-4M5H-5V4Q-4XGQ aizuda snail-job Vulnerable to Deserialization via `nodeExpression` Argument
A vulnerability was found in aizuda snail-job 1.4.0. It has been classified as critical. Affected is the function getRuntime of the file /snail-job/workflow/check-node-expression of the component Workflow-Task Management Module. The manipulation of the argument nodeExpression leads to...
CVE-2025-2622
A vulnerability was found in aizuda snail-job 1.4.0. It has been classified as critical. Affected is the function getRuntime of the file /snail-job/workflow/check-node-expression of the component Workflow-Task Management Module. The manipulation of the argument nodeExpression leads to...
CVE-2025-2622 aizuda snail-job Workflow-Task Management Module check-node-expression getRuntime deserialization
A vulnerability was found in aizuda snail-job 1.4.0. It has been classified as critical. Affected is the function getRuntime of the file /snail-job/workflow/check-node-expression of the component Workflow-Task Management Module. The manipulation of the argument nodeExpression leads to...
CVE-2025-2622 aizuda snail-job Workflow-Task Management Module check-node-expression getRuntime deserialization
A vulnerability was found in aizuda snail-job 1.4.0. It has been classified as critical. Affected is the function getRuntime of the file /snail-job/workflow/check-node-expression of the component Workflow-Task Management Module. The manipulation of the argument nodeExpression leads to...
CVE-2025-0508
A vulnerability in the SageMaker Workflow component of aws/sagemaker-python-sdk allows for the possibility of MD5 hash collisions in all versions. This can lead to workflows being inadvertently replaced due to the reuse of results from different configurations that produce the same MD5 hash. This...
CVE-2025-30154
reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code added that dumps exposed secrets to Github Actions Workflow Logs. Other reviewdog actions that use reviewdog/action-setup@v...
Expected Behavior Violation
Overview sagemaker is an Open source library for training and deploying models on Amazon SageMaker. Affected versions of this package are vulnerable to Expected Behavior Violation via to the utilities.py component. An attacker can cause integrity problems within the pipeline, potentially leading ...
GHSA-32G6-MG92-GHM2 SageMaker Workflow component allows possibility of MD5 hash collisions
A vulnerability in the SageMaker Workflow component of aws/sagemaker-python-sdk allows for the possibility of MD5 hash collisions in all versions. This can lead to workflows being inadvertently replaced due to the reuse of results from different configurations that produce the same MD5 hash. This...
SageMaker Workflow component allows possibility of MD5 hash collisions
A vulnerability in the SageMaker Workflow component of aws/sagemaker-python-sdk allows for the possibility of MD5 hash collisions in all versions. This can lead to workflows being inadvertently replaced due to the reuse of results from different configurations that produce the same MD5 hash. This...
Directory Traversal
Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Directory Traversal through the /delete-workflow endpoint. An attacker can delete arbitrary files from the filesystem by manipulating file paths to access...
Relative Path Traversal
Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Relative Path Traversal through the save-workflow functionality. An attacker can write arbitrary JSON files on the filesystem by exploiting this vulnerability. PoC...