GHSA-CRH6-PJ8C-XRHC Open WebUI Allows Arbitrary File Write via the `/models/upload` Endpoint

In open-webui version 0.3.8, the endpoint /models/upload is vulnerable to arbitrary file write due to improper handling of user-supplied filenames. The vulnerability arises from the usage of filepath = f"UPLOADDIR/file.filename" without proper input validation or sanitization. An attacker can...

Withdrawn Advisory: Dask Vulnerable to Command Injection

Withdrawn Advisory This advisory has been withdrawn because it describes intended functionality. This link is maintained to preserve external references. Original Description Dask versions =2024.8.2 contain a vulnerability in the Dask Distributed Server where the use of pickle serialization allow...

GHSA-XQGJ-R6XV-9CW4 Withdrawn Advisory: Dask Vulnerable to Command Injection

Withdrawn Advisory This advisory has been withdrawn because it describes intended functionality. This link is maintained to preserve external references. Original Description Dask versions =2024.8.2 contain a vulnerability in the Dask Distributed Server where the use of pickle serialization allow...

Malicious code in n11-web-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 635a6c33b57671f2fb87f2c61834328fccebe10874b03573fbacc4b04c495fb3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-9880

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-9016

Rejected reason: REJECT DO NOT USE THIS CVE ID NUMBER. The Rejected CVE Record is a duplicate of CVE-2024-45595. Notes: All CVE users should reference CVE-2024-45595 instead of this CVE Record. All references and descriptions in this candidate have been removed to prevent accidental usage...

PYSEC-2025-10

A vulnerability in the downloadmodel function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files i...

CVE-2024-7776

A vulnerability in the downloadmodel function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files i...

CVE-2024-7776

A vulnerability in the downloadmodel function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files i...

CVE-2024-7034

In open-webui version 0.3.8, the endpoint /models/upload is vulnerable to arbitrary file write due to improper handling of user-supplied filenames. The vulnerability arises from the usage of filepath = f"UPLOADDIR/file.filename" without proper input validation or sanitization. An attacker can...

CVE-2024-11039

A pickle deserialization vulnerability exists in the Latex English error correction plug-in function of binary-husky/gptacademic versions up to and including 3.83. This vulnerability allows attackers to achieve remote command execution by deserializing untrusted data. The issue arises from the...

CVE-2024-11039

A pickle deserialization vulnerability exists in the Latex English error correction plug-in function of binary-husky/gptacademic versions up to and including 3.83. This vulnerability allows attackers to achieve remote command execution by deserializing untrusted data. The issue arises from the...

CVE-2024-10096

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-7776

The CVE-2024-7776 issue affects the ONNX framework (onnx) in the download_model path, vulnerable in versions up to and including 1.16.1. The root cause is inadequate prevention of path traversal in tar files, allowing an attacker to overwrite arbitrary files in the user’s directory, with potentia...

CVE-2024-7776

A vulnerability in the downloadmodel function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files i...

CVE-2024-7776 Arbitrary File Overwrite in onnx/onnx

A vulnerability in the downloadmodel function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files i...

CVE-2024-7776 Arbitrary File Overwrite in onnx/onnx

A vulnerability in the downloadmodel function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files i...

CVE-2024-11039

CVE-2024-11039 affects binary-husky/gpt_academic

CVE-2024-11039 Deserialization of Untrusted Data in binary-husky/gpt_academic

A pickle deserialization vulnerability exists in the Latex English error correction plug-in function of binary-husky/gptacademic versions up to and including 3.83. This vulnerability allows attackers to achieve remote command execution by deserializing untrusted data. The issue arises from the...

CVE-2024-11039 Deserialization of Untrusted Data in binary-husky/gpt_academic

A pickle deserialization vulnerability exists in the Latex English error correction plug-in function of binary-husky/gptacademic versions up to and including 3.83. This vulnerability allows attackers to achieve remote command execution by deserializing untrusted data. The issue arises from the...