EUVD-2023-31326

Malicious code in bioql PyPI...

EUVD-2022-28535

Malicious code in bioql PyPI...

CVE-2023-27578

Galaxy is an open-source platform for data analysis. All supported versions of Galaxy are affected prior to 22.01, 22.05, and 23.0 are affected by an insufficient permission check. Unsupported versions are likely affected as far back as the functionality of Visualizations/Pages exists. Due to thi...

CVE-2023-42812

Galaxy is an open-source platform for FAIR data analysis. Prior to version 22.05, Galaxy is vulnerable to server-side request forgery, which allows a malicious to issue arbitrary HTTP/HTTPS requests from the application server to internal hosts and read their responses. Version 22.05 contains a...

PYSEC-2024-272

Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations endpoint, can be used to store HTML tags and trigger javascript execution upon edit operation. All...

CVE-2024-42346 Stored Cross Site Scripting (Stored XSS) in Galaxy

Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations endpoint, can be used to store HTML tags and trigger javascript execution upon edit operation. All...

Galaxy 跨站脚本漏洞

Galaxy is an open source platform for FAIR data analysis open-sourced by the Galaxy Project. A cross-site scripting vulnerability exists in Galaxy versions prior to 24.1.1, which stems from an attacker being able to trick a user into executing arbitrary javascript code when the user is visually...

Galaxy 信息泄露漏洞

Galaxy is an open source platform for FAIR data analysis open-sourced by the Galaxy Project. An information disclosure vulnerability exists in versions of Galaxy prior to 21.05 that stems from an attacker being able to replace the contents of a public dataset, which could result in data loss or...

PT-2023-28599 · Galaxy · Galaxy

Name of the Vulnerable Software and Affected Versions: Galaxy versions prior to 22.05 Description: Galaxy is an open-source platform for FAIR data analysis. It is vulnerable to server-side request forgery, which allows a malicious entity to issue arbitrary HTTP/HTTPS requests from the application...

Design/Logic Flaw

Galaxy is an open-source platform for data analysis. All supported versions of Galaxy are affected prior to 22.01, 22.05, and 23.0 are affected by an insufficient permission check. Unsupported versions are likely affected as far back as the functionality of Visualizations/Pages exists. Due to thi...

Galaxy 安全漏洞

Galaxy is an open source platform for FAIR data analysis open-sourced by the Galaxy Project. A security vulnerability exists in Galaxy versions 22.01, 22.05, and all versions prior to 23.0, which stems from the ability to modify a page/visualization without authorization due to insufficient...

CVE-2022-23470 Arbitrary file access in the Galaxy data analysis platform

Galaxy is an open-source platform for data analysis. An arbitrary file read exists in Galaxy 22.01 and Galaxy 22.05 due to the switch to Gunicorn, which can be used to read any file accessible to the operating system user under which Galaxy is running. This vulnerability affects Galaxy 22.01 and...

CVE-2022-23470 Arbitrary file access in the Galaxy data analysis platform

Galaxy is an open-source platform for data analysis. An arbitrary file read exists in Galaxy 22.01 and Galaxy 22.05 due to the switch to Gunicorn, which can be used to read any file accessible to the operating system user under which Galaxy is running. This vulnerability affects Galaxy 22.01 and...