Exploit for CVE-2024-12029

Alternative-Approach-Reverse-Shell-Callback-Test-InvokeAI-RCE...

Path Traversal

invokeai is vulnerable to Path Traversal. The vulnerability is due to insufficient validation of filename/path parameters due to the GET /api/v1/images/download/bulkdownloaditemname endpoint accepting user-controlled paths without canonicalization or sanitization. An an attacker can craft request...

EUVD-2025-29906

Malicious code in bioql PyPI...

CVE-2025-6237

A vulnerability in invokeai version v6.0.0a1 and below allows attackers to perform path traversal and arbitrary file deletion via the GET /api/v1/images/download/bulkdownloaditemname endpoint. By manipulating the filename arguments, attackers can read and delete any files on the server, including...

GHSA-VV9C-XXG7-WMV7 InvokeAI has External Control of File Name or Path

Path Traversal Vulnerability in InvokeAI A path traversal vulnerability in InvokeAI versions 6.7.0 allows an unauthenticated remote attacker to read files outside the intended media directory via the bulk downloads API. The endpoint accepts a user-controlled file/item name and concatenates it int...

External Control of File Name or Path

Overview InvokeAI is an An implementation of Stable Diffusion which provides various new features and options to aid the image generation process Affected versions of this package are vulnerable to External Control of File Name or Path via the GET /api/v1/images/download/bulkdownloaditemname...

InvokeAI has External Control of File Name or Path

Path Traversal Vulnerability in InvokeAI A path traversal vulnerability in InvokeAI versions 6.7.0 allows an unauthenticated remote attacker to read files outside the intended media directory via the bulk downloads API. The endpoint accepts a user-controlled file/item name and concatenates it int...

CVE-2025-6237

A vulnerability in invokeai version v6.0.0a1 and below allows attackers to perform path traversal and arbitrary file deletion via the GET /api/v1/images/download/bulkdownloaditemname endpoint. By manipulating the filename arguments, attackers can read and delete any files on the server, including...

CVE-2025-6237

InvokeAI (versions

CVE-2025-6237 Path Traversal and Arbitrary File Deletion in invoke-ai/invokeai

A vulnerability in invokeai version v6.0.0a1 and below allows attackers to perform path traversal and arbitrary file deletion via the GET /api/v1/images/download/bulkdownloaditemname endpoint. By manipulating the filename arguments, attackers can read and delete any files on the server, including...

CVE-2025-6237 Path Traversal and Arbitrary File Deletion in invoke-ai/invokeai

A vulnerability in invokeai version v6.0.0a1 and below allows attackers to perform path traversal and arbitrary file deletion via the GET /api/v1/images/download/bulkdownloaditemname endpoint. By manipulating the filename arguments, attackers can read and delete any files on the server, including...

Invoke 安全漏洞

Invoke is a leading creative engine for stabilizing diffusion models open-sourced by InvokeAI. A security vulnerability exists in Invoke v6.0.0a1 and earlier versions, which stems from the GET /api/v1/images/download/bulkdownloaditemname endpoint that does not properly handle the filename...

PT-2025-38303

Name of the Vulnerable Software and Affected Versions invokeai versions v6.0.0a1 and below Description A vulnerability allows attackers to perform path traversal and arbitrary file deletion. This is achieved via the GET /api/v1/images/download/bulk download item name endpoint by manipulating the...

Remote Code Execution (RCE)

InvokeAI is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization using torch.load without proper validation in the /api/v2/models/install API, allowing attackers to execute arbitrary code by embedding malicious code in model files...

InvokeAI Deserialization of Untrusted Data vulnerability

A remote code execution vulnerability exists in invoke-ai/invokeai versions 5.3.1 through 5.4.2 via the /api/v2/models/install API. The vulnerability arises from unsafe deserialization of model files using torch.load without proper validation. Attackers can exploit this by embedding malicious cod...

GHSA-MCRP-WHPW-JP68 InvokeAI Deserialization of Untrusted Data vulnerability

A remote code execution vulnerability exists in invoke-ai/invokeai versions 5.3.1 through 5.4.2 via the /api/v2/models/install API. The vulnerability arises from unsafe deserialization of model files using torch.load without proper validation. Attackers can exploit this by embedding malicious cod...

Deserialization of Untrusted Data

Overview InvokeAI is an An implementation of Stable Diffusion which provides various new features and options to aid the image generation process Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the /api/v2/models/install API. An attacker can execute...

Directory Traversal

Overview InvokeAI is an An implementation of Stable Diffusion which provides various new features and options to aid the image generation process Affected versions of this package are vulnerable to Directory Traversal through the web API POST /api/v1/images/delete. An attacker can delete arbitrar...

InvokeAI Arbitrary File Deletion vulnerability

In invoke-ai/invokeai version v5.0.2, the web API POST /api/v1/images/delete is vulnerable to Arbitrary File Deletion. This vulnerability allows unauthorized attackers to delete arbitrary files on the server, potentially including critical or sensitive system files such as SSH keys, SQLite...

GHSA-FFH5-W482-C7M5 InvokeAI Uncontrolled Resource Consumption vulnerability

A Denial of Service DoS vulnerability was discovered in the /api/v1/boards/boardid endpoint of invoke-ai/invokeai version v5.0.2. This vulnerability occurs when an excessively large payload is sent in the boardname field during a PATCH request. By sending a large payload, the UI becomes...