GHSA-CRC3-H8V6-QH57 GitHub CLI: GitHub Actions log output in `gh run view` allows terminal escape sequence injection

Summary A security vulnerability has been identified in GitHub CLI that could allow terminal escape sequence injection when users view GitHub Actions workflow logs using gh run view --log or gh run view --log-failed. Details The vulnerability stems from the way GitHub CLI handles raw Actions log...

EUVD-2026-30549

GitHub CLI: GitHub Actions log output in gh run view allows terminal escape sequence injection...

CVE-2026-45803

gh is GitHub’s official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has been identified in GitHub CLI that could allow terminal escape sequence injection when users view GitHub Actions workflow logs using gh run view --log or gh run view --log-failed. The vulnerabilit...

CVE-2026-45803

GitHub CLI (gh) vulnerability: from v1.6.0 to before v2.92.0, terminal escape sequences could be injected via workflow logs when using gh run view --log or --log-failed, due to unsanitized raw log output. An attacker controlling Actions logs (e.g., PR-triggered workflows) could cause terminal man...

Eval Injection

Overview @budibase/server is a Budibase Web Server Affected versions of this package are vulnerable to Eval Injection via the runView function in the view filter mechanism, where user-controlled input is evaluated without proper sanitization. An attacker can execute arbitrary JavaScript code on t...

Arbitrary Code Injection

Overview aim is a super-easy way to record, search and compare AI experiments. Affected versions of this package are vulnerable to Arbitrary Code Injection through the RestrictedPythonQuery class. An attacker can manipulate the argument Query to bypass sandbox restrictions by leveraging the...

GHSA-GP5H-F9C5-8355 Aim Vulnerable to Sandbox Escape Leading to Remote Code Execution

A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability affects the function RestrictedPythonQuery of the file /aim/storage/query.py of the component runview Object Handler. The manipulation of the argument Query leads to sandbox issue. The attack can be...

Aim 安全漏洞

Aim is an easy-to-use and high-performance open source experiment tracker from Aim Open Source USA. Aim 3.29.1 and earlier versions have a security vulnerability that stems from improper handling of the Query parameter in the runview Object Handler component, which could lead to sandboxing issues...

Aim Web API vulnerable to Remote Code Execution

A critical Remote Code Execution RCE vulnerability was identified in the aimhubio/aim project, specifically within the /api/runs/search/run/ endpoint, affecting versions = 3.0.0. The vulnerability resides in the runsearchapi function of the aim/web/api/runs/views.py file, where improper restricti...

CVE-2024-2195

A critical Remote Code Execution RCE vulnerability was identified in the aimhubio/aim project, specifically within the /api/runs/search/run/ endpoint, affecting versions = 3.0.0. The vulnerability resides in the runsearchapi function of the aim/web/api/runs/views.py file, where improper restricti...