Every CVE whose affected-product data names Mage Mage-ai, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2024-45187 — CVSS 7.1 (high): Guest users in the Mage AI framework that remain logged in after their accounts are deleted, are mistakenly given high privileges and…
CVE-2024-45188 — CVSS 6.5 (medium): Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "File…
CVE-2024-45189 — CVSS 6.5 (medium): Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Git…
CVE-2024-45190 — CVSS 6.5 (medium): Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline…
CVE-2023-31143 — CVSS 5.9 (medium): mage-ai is an open-source data pipeline tool for transforming and integrating data. Those who use Mage starting in version 0.8.34 and prior…
CVE-2024-8072 — CVSS 5.3 (medium): Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users