CVE-2025-34159

CVE-2025-34159 affects Coolify

CVE-2025-34159 Coolify Docker Compose Directive Injection in Application Deployment Workflow

Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote code execution vulnerability in the application deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary Docker Compose directives during project creation. By crafting...

CVE-2025-34159 Coolify Docker Compose Directive Injection in Application Deployment Workflow

Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote code execution vulnerability in the application deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary Docker Compose directives during project creation. By crafting...

CVE-2025-34159

Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote code execution vulnerability in the application deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary Docker Compose directives during project creation. By crafting...

CVE-2025-34161

Coolify versions prior to v4.0.0-beta.420.7 are vulnerable to a remote code execution vulnerability in the project deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary shell commands via the Git Repository field during project creatio...

PT-2025-34901

Name of the Vulnerable Software and Affected Versions: Coolify versions prior to v4.0.0-beta.420.7 Description: Coolify is vulnerable to a remote code execution issue in the project deployment workflow. Authenticated users with low-level member privileges can inject arbitrary shell commands via t...

Owl Carousel 2 - Critical - Unsupported - SA-CONTRIB-2025-104

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466s-becoming-owner-maintainer-or-co-mai...

Synchronize composer.json With Contrib Modules - Critical - Unsupported - SA-CONTRIB-2025-102

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466s-becoming-owner-maintainer-or-co-mai...

Coolify 安全漏洞

Coolify is an open source and self-hosted Heroku/Netlify/Vercel replacement from coolLabs Open Source. A security vulnerability exists in versions prior to Coolify v4.0.0-beta.420.6, which stems from the presence of stored cross-site scripting in the project creation workflow that could lead to...

PT-2025-34900

Name of the Vulnerable Software and Affected Versions: Coolify versions prior to v4.0.0-beta.420.6 Description: Coolify is susceptible to a remote code execution issue within the application deployment workflow. Authenticated users with low-level member privileges can inject arbitrary Docker...

Linux Distros Unpatched Vulnerability : CVE-2020-26411

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A potential DOS vulnerability was discovered in all versions of Gitlab starting from 13.4.x =13.4 to =13.5 to =13.6 to =13.4 to =13.5 to =13.6 to 13.6.2. Using ...

Linux Distros Unpatched Vulnerability : CVE-2020-13305

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not invalidating project invitation link upon removing a user fr...

Linux Distros Unpatched Vulnerability : CVE-2023-29935

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - llvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.countop && operation was already replaced. CVE-2023-29935 Note that...

Linux Distros Unpatched Vulnerability : CVE-2024-12244

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in access controls could allow users to view certain restricted project information even when related features are disabled in GitL...

Linux Distros Unpatched Vulnerability : CVE-2021-39903

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In all versions of GitLab CE/EE since version 13.0, a privileged user, through an API call, can change the visibility level of a group or a project to a...

Linux Distros Unpatched Vulnerability : CVE-2024-8974

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific conditions i...

Linux Distros Unpatched Vulnerability : CVE-2023-0319

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 13.6 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions...

Linux Distros Unpatched Vulnerability : CVE-2021-22263

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 13.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions...

Linux Distros Unpatched Vulnerability : CVE-2021-22245

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view...

Linux Distros Unpatched Vulnerability : CVE-2023-3511

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab EE affecting all versions starting from 8.17 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions...