3125 matches found
EUVD-2025-197690
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that could have allowed a blocked user to access sensitive information by establishing GraphQL subscriptions through WebSocket connections...
CVE-2025-2615
GitLab CE/EE is affected by CVE-2025-2615. The issue allows a blocked user to access sensitive information by establishing GraphQL subscriptions over WebSocket connections in affected releases: GitLab 16.7 up to but not including 18.3.6; 18.4 up to 18.4.3; and 18.5 up to 18.5.1. Remediation patch...
CVE-2025-2615 Insertion of Sensitive Information Into Sent Data in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that could have allowed a blocked user to access sensitive information by establishing GraphQL subscriptions through WebSocket connections...
CVE-2025-2615 Insertion of Sensitive Information Into Sent Data in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that could have allowed a blocked user to access sensitive information by establishing GraphQL subscriptions through WebSocket connections...
PT-2025-47050
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 16.7 through 18.3.6 GitLab CE/EE versions 18.4 through 18.4.4 GitLab CE/EE versions 18.5 through 18.5.2 Description A flaw exists in GitLab CE/EE that could allow a blocked user to access sensitive information. This is...
Malicious code in miranda-markdown-pdf-rate-limiter-graphql (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e691ac26ae0b92394354fcda674316914c8f0464d09a7681898100fb4da7308 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in graphql-elektra-triton-transform (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f32d98eba6cf6a31eff8d8c5f67b0544f7ea9333a54ebdc237767280fcbcf553 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-179480
Malicious code in cryptography-biohacking-xml-graphql npm...
Malicious code in dysonswarm-apex-graphql-module (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 00edc1420ef60c8781c29b4cfa9b3d8d0e4928fb48176c0fabe627e881d70830 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-176240
Malicious code in sqlite-oauth-quito-graphql npm...
EUVD-2025-176168
Malicious code in style-loader-node-sass-graphql-nashira npm...
EUVD-2025-177165
Malicious code in pino-pretty-yildun-express-graphql npm...
EUVD-2025-178678
Malicious code in graphql-elektra-triton-transform npm...
EUVD-2025-178675
Malicious code in graphql-npm-soap-fermiparadox npm...
EUVD-2025-178677
Malicious code in graphql-karma-cluster-mongodb npm...
EUVD-2025-179343
Malicious code in dendrochronology-graphql-betelgeuse-acamar npm...
EUVD-2025-179224
Malicious code in dysonswarm-apex-graphql-module npm...
EUVD-2025-179103
Malicious code in epigenetics-graphql-tailwindcss-abiogenesis npm...
EUVD-2025-178932
Malicious code in fermion-graphql-dorado-lynx npm...
EUVD-2025-179959
Malicious code in buffer-package-bionics-graphql npm...