CVE-2026-40903 Goshs - ArtiPACKED Vulnerability – GitHub Actions Credential Persistence

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs has an ArtiPACKED vulnerability. ArtiPACKED can lead to leakage of the GITHUBTOKEN through workflow artifacts, even though the token is not present in the repository source code. This vulnerability is fixed in 2.0.0-beta.6...

Nexus Repository Anonymous Access

Nexus Repository Manager is a popular repository management tool used to store and manage software artifacts. If anonymous access is enabled, unauthenticated users can list and browse repositories, potentially exposing private artifacts such as source code, packages, and Docker images. No source...

CVE-2025-24029

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users possibly anonymous ones if the widget is used in the dashboard of a public project might get access to artifacts they should not see. This issue has been addressed in Tuleap Community Edition...

UBUNTU-CVE-2024-7057

An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where job artifacts can be inappropriately exposed to users lacking the proper authorization level...

CVE-2021-20478

IBM Cloud Pak System 2.3 could allow a local user in some situations to view the artifacts of another user in self service console. IBM X-Force ID: 197497...