GitLab 17.5 < 18.4.6 / 18.5 < 18.5.4 / 18.6 < 18.6.2 (CVE-2025-13978)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.5 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to discover the...

Vulnerabilities fixed in GitLab CE/EE

GitLab has fixed vulnerabilities in GitLab CE/EE Specifically for versions prior to 18.6.6, 18.7.4, and 18.8.4. The vulnerabilities include server-side request forgery, unauthorized access to internal network services, injection of malicious content, unauthorized actions via the GLQL API,...

Gitlab -- vulnerabilities

Gitlab reports: Cross-site scripting issue in k8s proxy impacts GitLab CE/EE Incorrect Authorization issue in workflows impacts GitLab EE Information Disclosure issue in GraphQL subscriptions impacts GitLab CE/EE Information Disclosure issue in access control impacts GitLab CE/EE Prompt Injection...

MGASA-2025-0260 Updated mediawiki packages fix security vulnerabilities

i18n XSS vulnerability in HTMLMultiSelectField when sections are used. CVE-2025-3469 "reupload-own" restriction can be bypassed by reverting file. CVE-2025-32696 Cascading protection is not preventing file reversions. CVE-2025-32697 LogPager.php: Restriction enforcer functions do not correctly...

EUVD-2022-24840

Malicious code in bioql PyPI...

EUVD-2024-46280

Malicious code in bioql PyPI...

CVE-2023-33355

IceCMS v1.0.0 has Insecure Permissions. There is unauthorized access to the API, resulting in the disclosure of sensitive information...

CVE-2023-3709

The Royal Elementor Addons plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 1.3.70 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers to...

BIT-GITLAB-2024-5005 Incorrect Provision of Specified Functionality in GitLab

An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 11.4 before 17.2.9, all versions starting from 17.3 before 17.3.5, all versions starting from 17.4 before 17.4.2 It was possible for guest users to disclose project templates using the API...

CVE-2024-5005

An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 11.4 before 17.2.9, all versions starting from 17.3 before 17.3.5, all versions starting from 17.4 before 17.4.2 It was possible for guest users to disclose project templates using the API...

CVE-2024-5005

GitLab CVE-2024-5005 affects GitLab EE/CE with version ranges: 11.4–17.2.8, 17.3–17.3.4, and 17.4–17.4.1. Affects guests who could disclose project templates via the API. The issue is fixed in GitLab in the following patched releases: 17.2.9, 17.3.5, and 17.4.2. If you are using any vulnerable ve...

CVE-2024-5005

Removed by vendor...

CVE-2024-5005 Incorrect Provision of Specified Functionality in GitLab

An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 11.4 before 17.2.9, all versions starting from 17.3 before 17.3.5, all versions starting from 17.4 before 17.4.2 It was possible for guest users to disclose project templates using the API...

CVE-2024-5005 Incorrect Provision of Specified Functionality in GitLab

An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 11.4 before 17.2.9, all versions starting from 17.3 before 17.3.5, all versions starting from 17.4 before 17.4.2 It was possible for guest users to disclose project templates using the API...

GitLab 13.2 < 14.8.6 / 14.9 < 14.9.4 / 14.10 < 14.10.1 (CVE-2022-1545)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - It was possible to disclose details of confidential notes created via the API in Gitlab CE/EE affecting all versions from 13.2 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1 if an...

CVE-2023-31133 Ghost vulnerable to disclosure of private API fields

Ghost is an app for new-media creators with tools to build a website, publish content, send newsletters, and offer paid subscriptions to members. Prior to version 5.46.1, due to a lack of validation when filtering on the public API endpoints, it is possible to reveal private fields via a brute...

CVE-2022-1545

It was possible to disclose details of confidential notes created via the API in Gitlab CE/EE affecting all versions from 13.2 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1 if an unauthorised project member was tagged in the note...

PT-2022-13946 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: Gitlab CE/EE versions 13.2 through 14.8.5 Gitlab CE/EE versions 14.9 through 14.9.3 Gitlab CE/EE versions 14.10 through 14.10.0 Description: The issue allows disclosure of details of confidential notes created via the API if an unauthorized...

FreeBSD : Gitlab -- Multiple Vulnerabilities (33557582-3958-11ec-90ba-001b217b3468)

Gitlab reports : Stored XSS via ipynb files Pipeline schedules on imported projects can be set to automatically active after import Potential Denial of service via Workhorse Improper Access Control allows Merge Request creator to bypass locked status Projects API discloses ID and name of private...

CVE-2021-42089

An issue was discovered in Zammad before 4.1.1. The REST API discloses sensitive information...