huntr: comfyanonymous/comfyui

comfyanonymous / comfyui

The most powerful and modular diffusion model GUI, api and backend with a graph/nodes interface.

Submit a report

FIRST INTERACTION

WITHINN/A DAYS

REVIEW

WITHIN34 DAYS

FIX

WITHINN/A DAYS

comfyanonymous

Deserializing unsafe data in comfyui leads to RCE

Feb 13th 2025

duplicate

Critical

comfyanonymous

Feb 21st 2025

pending

comfyanonymous

SSRF via POST /internal/models/download and GET /view REST APIs

Jan 21st 2025

High

•$450

High

•$450•CVE-2024-12882

comfyanonymous

Cross-Site Request Forgery to XSS at workflow

Dec 19th 2024

srivallikusumba•

duplicate

High

comfyanonymous

Cross-Site Request Forgery to XSS

Dec 18th 2024

srivallikusumba•

duplicate

High

comfyanonymous

RCE via pickle deserialization (unpickling)

Oct 21st 2024

informative

High

comfyanonymous

Denial of service via CSRF

Dec 15th 2024

duplicate

Medium

comfyanonymous

Default CORS settings leads to sensitive data exfiltration

Oct 28th 2024

informative

Medium

comfyanonymous

Unrestricted Upload of File with Dangerous Type

Oct 28th 2024

duplicate

Critical

comfyanonymous

CSRF allows for requests on behalf of authenticated users

Dec 14th 2024

Medium

Medium

•CVE-2024-10481

comfyanonymous

XSS through viewing HTML files with /view

Sep 14th 2024

Medium

Medium

•CVE-2024-10099

comfyanonymous

Race Condition Vulnerability: Concurrent File Overwrite Leading to Data Integrit...

Oct 21st 2024

informative

Medium

comfyanonymous

Delete any file on the system

Sep 13th 2024

hainguyen0207•

self closed

comfyanonymous

Path Traversal in API `/userdata/{file}

Nov 26th 2024

not applicable

comfyanonymous

Sep 13th 2024

self closed

CRITICAL

$0

HIGH

$0

MEDIUM

$0

LOW

$0