EUVD-2025-7080

Malicious code in bioql PyPI...

CVE-2024-8769

A vulnerability in the LockManager.releaselocks function in aimhubio/aim commit bb76afe allows for arbitrary file deletion through relative path traversal. The runhash parameter, which is user-controllable, is concatenated without normalization as part of a path used to specify file deletion. Thi...

Aim path traversal in LockManager.release_locks

A vulnerability in the LockManager.releaselocks function in aimhubio/aim commit bb76afe allows for arbitrary file deletion through relative path traversal. The runhash parameter, which is user-controllable, is concatenated without normalization as part of a path used to specify file deletion. Thi...

CVE-2024-37680

CVE-2024-37680 affects Hangzhou Meisoft Information Technology Co.’s FineSoft

GHSA-2GGP-CMVM-F62F ScanCode.io command injection in docker image fetch process

Command Injection in docker fetch process Summary A possible command injection in the docker fetch process as it allows to append malicious commands in the dockerreference parameter. Details In the function scanpipe/pipes/fetch.py:fetchdockerimage1 the parameter dockerreference is user...

Orangescrum Path Traversal Vulnerability

Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. Orangescrum suffers from a path traversal vulnerability that stems from the application using an uncleaned attacker-controllable parameter to construct...

PYSEC-2019-124

SQLAlchemy 1.2.17 has SQL Injection when the groupby parameter can be controlled...