3087 matches found
EUVD-2025-197690
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that could have allowed a blocked user to access sensitive information by establishing GraphQL subscriptions through WebSocket connections...
CVE-2025-2615
GitLab CE/EE is affected by CVE-2025-2615. The issue allows a blocked user to access sensitive information by establishing GraphQL subscriptions over WebSocket connections in affected releases: GitLab 16.7 up to but not including 18.3.6; 18.4 up to 18.4.3; and 18.5 up to 18.5.1. Remediation patch...
CVE-2025-2615 Insertion of Sensitive Information Into Sent Data in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that could have allowed a blocked user to access sensitive information by establishing GraphQL subscriptions through WebSocket connections...
CVE-2025-2615 Insertion of Sensitive Information Into Sent Data in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that could have allowed a blocked user to access sensitive information by establishing GraphQL subscriptions through WebSocket connections...
PT-2025-47050
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 16.7 through 18.3.6 GitLab CE/EE versions 18.4 through 18.4.4 GitLab CE/EE versions 18.5 through 18.5.2 Description A flaw exists in GitLab CE/EE that could allow a blocked user to access sensitive information. This is...
EUVD-2025-175836
Malicious code in umbra-jekyll-foundation-graphql npm...
EUVD-2025-178678
Malicious code in graphql-elektra-triton-transform npm...
EUVD-2025-179103
Malicious code in epigenetics-graphql-tailwindcss-abiogenesis npm...
Malicious code in sqlite-oauth-quito-graphql (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 07ca71d4114f8ae4468c127def1828c69d2b57565bf13761cb5938f72ffc59da This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in umbra-iota-graphql-callback (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0216011a857c745443a164b8b961b2825a42498fd66c95b1ea56899885b894bd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in dysonswarm-apex-graphql-module (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 00edc1420ef60c8781c29b4cfa9b3d8d0e4928fb48176c0fabe627e881d70830 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-179224
Malicious code in dysonswarm-apex-graphql-module npm...
EUVD-2025-175837
Malicious code in umbra-iota-graphql-callback npm...
EUVD-2025-177165
Malicious code in pino-pretty-yildun-express-graphql npm...
EUVD-2025-176240
Malicious code in sqlite-oauth-quito-graphql npm...
EUVD-2025-179480
Malicious code in cryptography-biohacking-xml-graphql npm...
MAL-2025-187206 Malicious code in graphql-nightmare-css-loader-abiogenesis (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 827a1eab8ee4f7a8518854247fd592f6a76ba721ba6900d144ce9f687b27a255 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-175982
Malicious code in testcafe-canopus-graphql-markdownlint npm...
EUVD-2025-179343
Malicious code in dendrochronology-graphql-betelgeuse-acamar npm...
EUVD-2025-179959
Malicious code in buffer-package-bionics-graphql npm...