Tchen200311

#10621of 53,625
26Total CVSS
Vulnerabilities · 4
Medium
4
PT-2026-45183
6.5
2026-05-31
Aider · Aider · CVE-2026-10174
**Name of the Vulnerable Software and Affected Versions** Aider-AI Aider version 0.86.3 **Description** A remote code execution issue exists within the Pre-commit Hook Handler component in the file `aider/args.py`. Manipulation of the `git-commit-verify` argument leads to a failure of the protection mechanism, allowing the attack to be launched remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2026-45184
6.5
2026-05-31
Aider · Aider · CVE-2026-10175
**Name of the Vulnerable Software and Affected Versions** Aider-AI Aider version 0.86.3 **Description** A security flaw in the Architect Mode component allows for remote code injection. The issue resides within the `editor coder.run()` function located in the `auth.py` file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the use of the `editor coder.run()` function within the Architect Mode component.
PT-2026-45186
6.5
2026-05-31
Aider · Aider · CVE-2026-10176
**Name of the Vulnerable Software and Affected Versions** Aider-AI Aider version 0.86.3 **Description** A weakness in the Code Generation Workflow component allows for remote SQL injection, which occurs when an attacker executes a specific manipulation. SQL injection is a type of attack where malicious SQL statements are inserted into entry fields for execution, potentially allowing unauthorized access to or manipulation of the database. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2026-45187
6.5
2026-05-31
Aider · Aider · CVE-2026-10177
**Name of the Vulnerable Software and Affected Versions** Aider-AI Aider version 0.86.3 **Description** A server-side request forgery (SSRF) issue exists in the AWS EC2 Metadata Endpoint component. This occurs within the `requests.get()` function located in the `api docs.py` file, allowing a remote attacker to manipulate requests sent by the server. **Recommendations** Install the available patch for version 0.86.3. As a temporary mitigation, restrict access to the `requests.get()` function within the `api docs.py` file.