Browse all 5 CVE security advisories affecting galaxyproject. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Galaxyproject is an open-source platform for scientific workflow management and data analysis, primarily used in bioinformatics and research communities. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and insecure default configurations. The project has addressed these through regular security patches and improved documentation. While no major public security incidents have been widely reported, the presence of five CVEs indicates ongoing security challenges typical of web-based scientific tools that handle sensitive research data and enable complex computational workflows.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-42351 | Possible Data Tampering & Loss of Public Datasets in Galaxy — galaxyCWE-200 | 6.5 | Medium | 2024-09-20 |
| CVE-2024-42346 | Stored Cross Site Scripting (Stored XSS) in Galaxy — galaxyCWE-79 | 7.6 | High | 2024-09-20 |
| CVE-2023-42812 | Galaxy vulnerable to Server Side Request Forgery during data imports — galaxyCWE-918 | 6.3 | Medium | 2023-09-22 |
| CVE-2023-27578 | Galaxy vulnerable to unauthorized modification of pages/visualizations due to insufficient permission check — galaxyCWE-284 | 9.1 | Critical | 2023-03-20 |
| CVE-2022-23470 | Arbitrary file access in the Galaxy data analysis platform — galaxyCWE-22 | 8.6 | High | 2022-12-06 |
This page lists every published CVE security advisory associated with galaxyproject. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.