4559 matches found
GHSA-J9RW-QM5F-R8XM AgentScope path traversal vulnerability in save-workflow
A path traversal vulnerability exists in the save-workflow and load-workflow functionality of modelscope/agentscope versions prior to the fix. This vulnerability allows an attacker to read and write arbitrary JSON files on the filesystem, potentially leading to the exposure or modification of...
AgentScope path traversal vulnerability in save-workflow
A path traversal vulnerability exists in the save-workflow and load-workflow functionality of modelscope/agentscope versions prior to the fix. This vulnerability allows an attacker to read and write arbitrary JSON files on the filesystem, potentially leading to the exposure or modification of...
CVE-2025-0508
A vulnerability in the SageMaker Workflow component of aws/sagemaker-python-sdk allows for the possibility of MD5 hash collisions in all versions. This can lead to workflows being inadvertently replaced due to the reuse of results from different configurations that produce the same MD5 hash. This...
CVE-2025-0508
A vulnerability in the SageMaker Workflow component of aws/sagemaker-python-sdk allows for the possibility of MD5 hash collisions in all versions. This can lead to workflows being inadvertently replaced due to the reuse of results from different configurations that produce the same MD5 hash. This...
CVE-2024-9096
In lunary-ai/lunary version 1.4.28, the /checklists/:id route allows low-privilege users to modify checklists by sending a PATCH request. The route lacks proper access control, such as middleware to ensure that only authorized users e.g., project owners or admins can modify checklist data. This...
CVE-2024-8537
A path traversal vulnerability exists in the modelscope/agentscope application, affecting all versions. The vulnerability is present in the /delete-workflow endpoint, allowing an attacker to delete arbitrary files from the filesystem. This issue arises due to improper input validation, enabling t...
CVE-2024-8156
A command injection vulnerability exists in the workflow-checker.yml workflow of significant-gravitas/autogpt. The untrusted user input github.head.ref is used insecurely, allowing an attacker to inject arbitrary commands. This vulnerability affects versions up to and including the latest version...
CVE-2024-8156
A command injection vulnerability exists in the workflow-checker.yml workflow of significant-gravitas/autogpt. The untrusted user input github.head.ref is used insecurely, allowing an attacker to inject arbitrary commands. This vulnerability affects versions up to and including the latest version...
CVE-2025-0508 MD5 Hash Collision in SageMaker Workflow in aws/sagemaker-python-sdk
A vulnerability in the SageMaker Workflow component of aws/sagemaker-python-sdk allows for the possibility of MD5 hash collisions in all versions. This can lead to workflows being inadvertently replaced due to the reuse of results from different configurations that produce the same MD5 hash. This...
CVE-2025-0508 MD5 Hash Collision in SageMaker Workflow in aws/sagemaker-python-sdk
A vulnerability in the SageMaker Workflow component of aws/sagemaker-python-sdk allows for the possibility of MD5 hash collisions in all versions. This can lead to workflows being inadvertently replaced due to the reuse of results from different configurations that produce the same MD5 hash. This...
CVE-2025-0508
CVE-2025-0508 affects the SageMaker Workflow component in aws/sagemaker-python-sdk, with MD5 hash collisions across all versions leading to potential workflow replacements and integrity issues in pipelines. The issue is documented across multiple feeds (including Red Hat, OSV, circl, and CVE list...
CVE-2024-8156 Command Injection in significant-gravitas/autogpt
A command injection vulnerability exists in the workflow-checker.yml workflow of significant-gravitas/autogpt. The untrusted user input github.head.ref is used insecurely, allowing an attacker to inject arbitrary commands. This vulnerability affects versions up to and including the latest version...
CVE-2024-8156 Command Injection in significant-gravitas/autogpt
A command injection vulnerability exists in the workflow-checker.yml workflow of significant-gravitas/autogpt. The untrusted user input github.head.ref is used insecurely, allowing an attacker to inject arbitrary commands. This vulnerability affects versions up to and including the latest version...
CVE-2024-8156
CVE-2024-8156 describes a command injection in the workflow-checker.yml of significant-gravitas/autogpt. The vulnerability arises from insecure use of untrusted input github.head.ref, allowing an attacker to inject arbitrary commands. Affected: significant-gravitas/autogpt, all versions up to the...
AutoGPT 安全漏洞
AutoGPT is a tool from AutoGPT Open Source. It is used to enable everyone to use and build accessible AI. AutoGPT suffers from a security vulnerability that stems from the presence of command injection in the workflow-checker.yml workflow, which allows an attacker to inject arbitrary commands by...
PT-2025-12221 · Significant Gravitas · Autogpt
Name of the Vulnerable Software and Affected Versions: significant-gravitas/autogpt versions up to and including the latest version Description: A command injection issue exists due to the insecure use of untrusted user input github.head.ref in the workflow-checker.yml workflow. This allows an...
PT-2025-12236
Name of the Vulnerable Software and Affected Versions modelscope/agentscope versions prior to the fix Description A path traversal vulnerability exists in the save-workflow and load-workflow functionality. This vulnerability allows an attacker to read and write arbitrary JSON files on the...
AgentScope 安全漏洞
AgentScope is a ModelScope open source application. Build LLM-based multi-intelligence applications more simply. AgentScope has a security vulnerability that stems from the existence of path traversal in the save-workflow and load-workflow functions, which allows an attacker to read and write...
AgentScope 安全漏洞
AgentScope is a ModelScope open source application. Build LLM-based multi-intelligence applications more simply. A security vulnerability exists in AgentScope that stems from the presence of path traversal in the /delete-workflow endpoint, which allows an attacker to delete arbitrary files in the...
sagemaker-python-sdk 安全漏洞
sagemaker-python-sdk is an Amazon Web Services open source library for training and deploying machine learning models on Amazon SageMaker. A security vulnerability exists in sagemaker-python-sdk that stems from an MD5 hash collision in the SageMaker Workflow component that could result in workflo...