84 matches found
EUVD-2025-1977
Malicious code in bioql PyPI...
EUVD-2021-9384
Malicious code in bioql PyPI...
EUVD-2022-25260
Malicious code in bioql PyPI...
EUVD-2023-44558
Malicious code in bioql PyPI...
EUVD-2022-24722
Malicious code in bioql PyPI...
EUVD-2025-22466
Malicious code in bioql PyPI...
EUVD-2022-34554
Malicious code in bioql PyPI...
EUVD-2021-9373
Malicious code in bioql PyPI...
EUVD-2022-24730
Malicious code in bioql PyPI...
CVE-2025-4976
CVE-2025-4976 affects GitLab EE. Affected: all versions from 17.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1. Under certain circumstances, an attacker could access internal notes in GitLab Duo responses. Root cause details are not fully disclosed in the provided documents, but reme...
CVE-2025-3396
An issue has been discovered in GitLab EE affecting all versions from 13.3 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that could have allowed authenticated project owners to bypass group-level forking restrictions by manipulating API requests...
CVE-2025-5315
An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users with Guest role permissions to add child items to incident work items by sending crafted API requests that bypassed...
CVE-2025-1754 Missing Authentication for Critical Function in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed unauthenticated attackers to upload arbitrary files to public projects by sending crafted API requests, potentially leading to resource...
CVE-2025-4278
An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html injection in new search page could lead to account takeover...
CVE-2024-2743
An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables...
CVE-2023-3909
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.3 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A Regular Expression Denial of Service was possible by adding a large string in timeout input in...
CVE-2022-1821
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for a subgroup member to access the members list of their parent group...
CVE-2021-39891
In all versions of GitLab CE/EE since version 8.0, access tokens created as part of admin's impersonation of a user are not cleared at the end of impersonation which may lead to unnecessary sensitive info disclosure...
CVE-2021-39937
A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, leads to potential elevated privileges in groups and projects under rare circumstances...
CVE-2020-13282
For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access...