EUVD-2025-6893

Malicious code in bioql PyPI...

CVE-2022-43691

Concrete CMS formerly concrete5 below 8.5.10 and between 9.0.0 and 9.1.2 inadvertently disclose server-side sensitive information secrets in environment variables and server information when Debug Mode is left on in production...

CVE-2024-8238

In version 3.22.0 of aimhubio/aim, the AimQL query language uses an outdated version of the safergetattr function from RestrictedPython. This version does not protect against the str.formatmap method, allowing an attacker to leak server-side secrets or potentially gain unrestricted code execution...

GHSA-R229-5WGF-F28G Aim Improper Access Control

In version 3.22.0 of aimhubio/aim, the AimQL query language uses an outdated version of the safergetattr function from RestrictedPython. This version does not protect against the str.formatmap method, allowing an attacker to leak server-side secrets or potentially gain unrestricted code execution...

Aim Improper Access Control

In version 3.22.0 of aimhubio/aim, the AimQL query language uses an outdated version of the safergetattr function from RestrictedPython. This version does not protect against the str.formatmap method, allowing an attacker to leak server-side secrets or potentially gain unrestricted code execution...

Access Control Bypass

Overview aim is a super-easy way to record, search and compare AI experiments. Affected versions of this package are vulnerable to Access Control Bypass due to the use of an outdated safergetattr function from RestrictedPython which fails to block the str.formatmap method. An attacker can leak...

CVE-2024-8238

In version 3.22.0 of aimhubio/aim, the AimQL query language uses an outdated version of the safergetattr function from RestrictedPython. This version does not protect against the str.formatmap method, allowing an attacker to leak server-side secrets or potentially gain unrestricted code execution...

CVE-2024-8238 Unrestricted Code Execution in aimhubio/aim

In version 3.22.0 of aimhubio/aim, the AimQL query language uses an outdated version of the safergetattr function from RestrictedPython. This version does not protect against the str.formatmap method, allowing an attacker to leak server-side secrets or potentially gain unrestricted code execution...

CVE-2024-8238 Unrestricted Code Execution in aimhubio/aim

In version 3.22.0 of aimhubio/aim, the AimQL query language uses an outdated version of the safergetattr function from RestrictedPython. This version does not protect against the str.formatmap method, allowing an attacker to leak server-side secrets or potentially gain unrestricted code execution...

CVE-2022-43691

Concrete CMS formerly concrete5 below 8.5.10 and between 9.0.0 and 9.1.2 inadvertently disclose server-side sensitive information secrets in environment variables and server information when Debug Mode is left on in production...