Malicious code in local-release-it-exec-graphql (npm)

The package local-release-it-exec-graphql was found to contain malicious code...

Malicious code in magellan-ignite-graphql-innercore (npm)

The package magellan-ignite-graphql-innercore was found to contain malicious code...

Malicious code in polaris-node-config-graphql-xml (npm)

The package polaris-node-config-graphql-xml was found to contain malicious code...

Malicious code in registry-library-registry-graphql (npm)

The package registry-library-registry-graphql was found to contain malicious code...

Malicious code in scripts-mysql-package-graphql (npm)

The package scripts-mysql-package-graphql was found to contain malicious code...

Malicious code in subscription-draco-writable-graphql (npm)

The package subscription-draco-writable-graphql was found to contain malicious code...

MAL-2025-45057 Malicious code in local-release-it-exec-graphql (npm)

The package local-release-it-exec-graphql was found to contain malicious code...

MAL-2025-45784 Malicious code in registry-library-registry-graphql (npm)

The package registry-library-registry-graphql was found to contain malicious code...

MAL-2025-46159 Malicious code in subscription-draco-writable-graphql (npm)

The package subscription-draco-writable-graphql was found to contain malicious code...

MAL-2025-45575 Malicious code in polaris-node-config-graphql-xml (npm)

The package polaris-node-config-graphql-xml was found to contain malicious code...

CVE-2025-55739 api: Shared OAuth Signing Key Between Different Instances

api is a module for FreePBX@, which is an open source GUI that controls and manages Asterisk© PBX. In versions lower than 15.0.13, 16.0.2 through 16.0.14, 17.0.1 and 17.0.2, there is an identical OAuth private key used across multiple systems that installed the same FreePBX RPM or DEB package. An...

Linux Distros Unpatched Vulnerability : CVE-2022-37315

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - graphql-go aka GraphQL for Go through 0.8.0 has infinite recursion in the type definition parser. CVE-2022-37315 Note that Nessus relies on the presence of the...

PT-2025-37109

Name of the Vulnerable Software and Affected Versions Foreman affected versions not specified Description An authorization issue exists in Foreman’s GraphQL API. Low-privileged users can access metadata that they should not be able to view. The GraphQL endpoint does not enforce access controls...

CVE-2025-2246

An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have allowed unauthenticated users to access sensitive manual CI/CD variables by querying the GraphQL API...

CVE-2025-4225

An issue has been discovered in GitLab CE/EE affecting all versions from 14.1 before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that that under certain conditions could have allowed an unauthenticated attacker to cause a denial-of-service condition affecting all users by sending specially...

BIT-GITLAB-2025-4225 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 14.1 before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that that under certain conditions could have allowed an unauthenticated attacker to cause a denial-of-service condition affecting all users by sending specially...

BIT-GITLAB-2025-2246 Missing Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have allowed unauthenticated users to access sensitive manual CI/CD variables by querying the GraphQL API...

Linux Distros Unpatched Vulnerability : CVE-2021-39904

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An Improper Access Control vulnerability in the GraphQL API in all versions of GitLab CE/EE starting from 13.1 before 14.2.6, all versions starting from 14.3...

Linux Distros Unpatched Vulnerability : CVE-2020-13317

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4. An insufficient check in the GraphQL api allowed a maintainer to delete a...

Linux Distros Unpatched Vulnerability : CVE-2025-1110

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 before 18.0.1. In certain circumstances, a user with limited permissions could...