← Back

Mage Ai

mage-ai

Vendor: Mage • 6 CVEs

CVEs (6)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-45190
1Mage
1Mage Ai
Oct 10, 2025
Aug 23, 2024
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline Interaction" request
CVE-2024-45189
1Mage
1Mage Ai
Nov 25, 2024
Aug 23, 2024
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Git Content" request
CVE-2024-45188
1Mage
1Mage Ai
Oct 10, 2025
Aug 23, 2024
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "File Content" request
CVE-2024-45187
1Mage
1Mage Ai
Oct 10, 2025
Aug 23, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Guest users in the Mage AI framework that remain logged in after their accounts are deleted, are mistakenly given high privileges and specifically given access to remotely execute arbitrary code through the Mage AI termi...Show more
Guest users in the Mage AI framework that remain logged in after their accounts are deleted, are mistakenly given high privileges and specifically given access to remotely execute arbitrary code through the Mage AI terminal serverShow less
CVE-2024-8072
1Mage
1Mage Ai
Oct 10, 2025
Aug 22, 2024
N/A· v4
5.3 MEDIUM· v3
N/A· v2
Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users
CVE-2023-31143
1Mage
1Mage Ai
Nov 21, 2024
May 9, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
mage-ai is an open-source data pipeline tool for transforming and integrating data. Those who use Mage starting in version 0.8.34 and prior to 0.8.72 with user authentication enabled may be affected by a vulnerability. T...Show more
mage-ai is an open-source data pipeline tool for transforming and integrating data. Those who use Mage starting in version 0.8.34 and prior to 0.8.72 with user authentication enabled may be affected by a vulnerability. The terminal could be accessed by users who are not signed in or do not have editor permissions. Version 0.8.72 contains a fix for this issue.Show less