106 matches found
CVE-2021-22166
An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method...
CVE-2021-22225
Insufficient input sanitization in markdown in GitLab version 13.11 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown...
BIT-GITLAB-2025-11247 Authorization Bypass Through User-Controlled Key in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 13.2 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to disclose sensitive information from private projects by executing specifically crafted GraphQL queries...
EUVD-2020-5535
Malware in sbrugna...
EUVD-2017-1263
Malware in sbrugna...
EUVD-2018-11264
Malware in sbrugna...
EUVD-2019-4043
Malware in sbrugna...
EUVD-2019-8886
Malware in sbrugna...
EUVD-2020-2542
Malware in sbrugna...
EUVD-2020-2550
Malware in sbrugna...
EUVD-2018-11531
Malware in sbrugna...
EUVD-2025-22481
Malicious code in bioql PyPI...
EUVD-2021-9367
Malicious code in bioql PyPI...
EUVD-2023-54377
Malicious code in bioql PyPI...
EUVD-2021-9364
Malicious code in bioql PyPI...
EUVD-2021-9371
Malicious code in bioql PyPI...
EUVD-2022-42858
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-22177
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Potential DoS was identified in gitlab-shell in GitLab CE/EE version 12.6.0 or above, which allows an attacker to spike the server resource utilization via...
Linux Distros Unpatched Vulnerability : CVE-2020-13300
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow...
Linux Distros Unpatched Vulnerability : CVE-2021-39890
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above. CVE-2021-39890 Note that Nessu...