CVE-2026-12053

GitLab EE prior to 19.1.1 (i.e., 19.1.0) was affected by an information-disclosure issue caused by insufficient output filtering in Duo Workflows, potentially allowing a user to access sensitive data already committed to a project. The issue has been remediated by patching to 19.1.1. Impact: high...

EUVD-2025-8416

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-4976

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab EE affecting all versions from 17.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under certain...

CVE-2025-4976

An issue has been discovered in GitLab EE affecting all versions from 17.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under certain circumstances, could have allowed an attacker to access internal notes in GitLab Duo responses...

UBUNTU-CVE-2025-4976

An issue has been discovered in GitLab EE affecting all versions from 17.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under certain circumstances, could have allowed an attacker to access internal notes in GitLab Duo responses...

GitLab Duo Vulnerability Enabled Attackers to Hijack AI Responses with Hidden Prompts

Cybersecurity researchers have discovered an indirect prompt injection flaw in GitLab's artificial intelligence AI assistant Duo that could have allowed attackers to steal source code and inject untrusted HTML into its responses, which could then be used to direct victims to malicious websites...

CVE-2025-2867

An issue has been discovered in the GitLab Duo with Amazon Q affecting all versions from 17.8 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A specifically crafted issue could manipulate AI-assisted development features to potentially expose sensitive project data to unauthorized...

CVE-2025-2867

An issue has been discovered in the GitLab Duo with Amazon Q affecting all versions from 17.8 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A specifically crafted issue could manipulate AI-assisted development features to potentially expose sensitive project data to unauthorized...

CVE-2025-2867

CVE-2025-2867 affects GitLab Duo with Amazon Q. Affected are GitLab releases: 17.8 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. The issue could allow a crafted input to manipulate AI-assisted development features, potentially exposing sensitive project data to unauthorized users. ...

CVE-2025-2867 Improper Control of Generation of Code ('Code Injection') in GitLab

An issue has been discovered in the GitLab Duo with Amazon Q affecting all versions from 17.8 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A specifically crafted issue could manipulate AI-assisted development features to potentially expose sensitive project data to unauthorized...

PT-2025-13198 · Gitlab · Gitlab Duo

Name of the Vulnerable Software and Affected Versions: GitLab Duo with Amazon Q versions 17.8 through 17.8.5 GitLab Duo with Amazon Q versions 17.9 through 17.9.2 GitLab Duo with Amazon Q versions 17.10 through 17.10.0 Description: An issue has been discovered in the GitLab Duo with Amazon Q that...

The vulnerability of the Single Sign-On (SSO) authentication mechanism of the GitLab Duo Chat web interface, a software platform based on git for collaborative code development on GitLab, allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the Single Sign-On SSO authentication mechanism in the GitLab Duo Chat web interface of the git-based software platform for collaborative code development in GitLab is related to insufficient protection of sensitive data. Exploiting this vulnerability could allow an attacker,...