160 matches found
CVE-2026-20897
Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repository may be able to delete LFS locks belonging to other repositories...
CVE-2026-20800
Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...
CVE-2026-20897 Gitea Git LFS Lock Deletion Broken Access Control (Cross-Repo IDOR)
Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repository may be able to delete LFS locks belonging to other repositories...
CVE-2026-20800
Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...
PT-2026-4290
Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description The stopwatch API in Gitea does not re-validate repository access permissions. This means that if a user’s access to a private repository is revoked, they may still be able to view issue titles...
PT-2026-3865
Name of the Vulnerable Software and Affected Versions vLLM versions 0.10.1 through 0.13.x Description vLLM is an inference and serving engine for large language models LLMs. The software loads Hugging Face auto map dynamic modules during model resolution without verifying trust remote code. This...
PT-2026-2184
Name of the Vulnerable Software and Affected Versions Soft Serve versions prior to 0.11.2 Description Soft Serve is a self-hostable Git server for the command line. An authorization bypass exists in the LFS lock deletion endpoint. Any authenticated user with repository write access can delete loc...
CLSA-2025-1767003835 git-lfs: Fix of CVE-2025-26625
CVE-2025-26625: prevent git lfs checkout and git lfs pull write outside repo...
CVE-2025-68279 Weblate has an arbitrary file read via symbolic links
Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to read arbitrary files from the server file system using crafted symbolic links in the repository. Version 5.15.1 fixes the issue...
CVE-2025-6171
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker with reporter access to view branch names and pipeline details by accessing the packages API endpoint even wh...
EUVD-2025-197692
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker with reporter access to view branch names and pipeline details by accessing the packages API endpoint even wh...
CVE-2025-6171
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker with reporter access to view branch names and pipeline details by accessing the packages API endpoint even wh...
CVE-2025-6171 Missing Authorization in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker with reporter access to view branch names and pipeline details by accessing the packages API endpoint even wh...
CVE-2025-6171
GitLab CVE-2025-6171 is a disclosed vulnerability in GitLab CE/EE that allowed an authenticated user with reporter access to view branch names and pipeline details via the Packages API endpoint even when repository access was disabled. Affected versions run from 13.2 up to before 18.3.6, 18.4 up ...
CVE-2025-6171 Missing Authorization in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker with reporter access to view branch names and pipeline details by accessing the packages API endpoint even wh...
CVE-2025-6171 Missing Authorization in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker with reporter access to view branch names and pipeline details by accessing the packages API endpoint even wh...
EUVD-2017-3058
Malware in sbrugna...
EUVD-2015-5855
Malware in sbrugna...
EUVD-2007-5915
Malware in sbrugna...
EUVD-2022-7463
Malicious code in bioql PyPI...