942 matches found
osbuild-composer security update
An update is available for osbuild-composer. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list A service for building customized OS artifacts, such as VM images an...
RLSA-2024:9456 Important: osbuild-composer security update
A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes:...
io.peekandpoke.funktor:all-jvm (>=0.86.0 <=0.107.2), io.peekandpoke.funktor:insights-jvm (>=0.86.0 <=0.107.2) +3 more potentially affected by CVE-2024-53382 via org.webjars.npm:prismjs (>=1.23.0 <=1.29.0)
org.webjars.npm:prismjs MAVEN version =1.23.0, =0.86.0, =0.86.0, =0.86.0, =15.4.3, =3.3.1, =3.6.0 Source cves: CVE-2024-53382 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-9055449...
CVE-2024-49589
Foundry Artifacts was found to be vulnerable to a Denial Of Service attack due to disk being potentially filled up based on an user supplied argument size...
CVE-2024-49589 Foundry artifacts denial of service
Foundry Artifacts was found to be vulnerable to a Denial Of Service attack due to disk being potentially filled up based on an user supplied argument size...
PT-2025-6701 · Unknown · Foundry Artifacts
Name of the Vulnerable Software and Affected Versions: Foundry Artifacts affected versions not specified Description: The issue allows for a Denial Of Service attack due to the disk potentially being filled up based on a user-supplied argument, specifically the size argument. This could lead to a...
CVE-2025-25204 `gh attestation verify` returns incorrect exit code during verification if no attestations are present
gh is GitHub’s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in GitHub's Artifact Attestation cli tool gh attestation verify causes it to return a zero exit status when no attestations are present. This behavior is incorrect:...
CVE-2025-25204
The CVE-2025-25204 issue affects GitHub CLI (gh) where, in versions 2.49.0 through 2.66.x, a bug in the Artifact Attestation tool gh attestation verify causes a zero exit status when no attestations are present. This incorrect exit code can enable attackers to deploy malicious artifacts in enviro...
CVE-2025-25204 `gh attestation verify` returns incorrect exit code during verification if no attestations are present
gh is GitHub’s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in GitHub's Artifact Attestation cli tool gh attestation verify causes it to return a zero exit status when no attestations are present. This behavior is incorrect:...
GitHub CLI 安全漏洞
GitHub CLI is the GitHub CLI open source for GitHub on the command line. A security vulnerability exists in GitHub CLI versions prior to 2.49.0 through 2.67.0, which stems from the gh attestation verify tool returning an error in status, which could lead an attacker to deploy malicious artifacts...
CVE-2025-24029
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users possibly anonymous ones if the widget is used in the dashboard of a public project might get access to artifacts they should not see. This issue has been addressed in Tuleap Community Edition...
Enalean Tuleap 安全漏洞
Enalean Tuleap is a free and open source tool from the French company Enalean. It is used for end-to-end traceability of application and system development. A security vulnerability exists in Enalean Tuleap that stems from the fact that users would have access to their restricted artifacts...
CVE-2025-23215 PMD Designer's release key passphrase (GPG) available on Maven Central in cleartext
PMD is an extensible multilanguage static code analyzer. The passphrase for the PMD and PMD Designer release signing keys are included in jar published to Maven Central. The private key itself is not known to have been compromised itself, but given its passphrase is, it must also be considered...
BIT-GITLAB-2025-0290 Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 prior to 17.5.5, from 17.6 prior to 17.6.3, and from 17.7 prior to 17.7.1. Under certain conditions, processing of CI artifacts metadata could cause background jobs to become unresponsive...
UBUNTU-CVE-2025-0290
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 prior to 17.5.5, from 17.6 prior to 17.6.3, and from 17.7 prior to 17.7.1. Under certain conditions, processing of CI artifacts metadata could cause background jobs to become unresponsive...
CVE-2025-0290
CVE-2025-0290 affects GitLab CE/EE since 15.0 up to but not including 17.5.5, from 17.6 up to 17.6.3, and from 17.7 up to 17.7.1. Under certain conditions, processing of CI artifacts metadata could cause background jobs to become unresponsive. The connected sources indicate fixed versions: upgrad...
CVE-2025-0290 Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 prior to 17.5.5, from 17.6 prior to 17.6.3, and from 17.7 prior to 17.7.1. Under certain conditions, processing of CI artifacts metadata could cause background jobs to become unresponsive...
CVE-2025-0290 Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 prior to 17.5.5, from 17.6 prior to 17.6.3, and from 17.7 prior to 17.7.1. Under certain conditions, processing of CI artifacts metadata could cause background jobs to become unresponsive...
CVE-2025-0290 Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 prior to 17.5.5, from 17.6 prior to 17.6.3, and from 17.7 prior to 17.7.1. Under certain conditions, processing of CI artifacts metadata could cause background jobs to become unresponsive...
GitLab 15.0 < 17.6.4 / 17.7 < 17.7.2 / 17.8 < 17.8.0 (CVE-2025-0290)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 prior to 17.5.5, from 17.6 prior to 17.6.3, and from 17.7 prior to 17.7.1. Under certain conditions, processing o...