Command Injection

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Command Injection via the update-clawtributors.ts script. An attacker can execute arbitrary system commands by introducing a malicious commit author email that is processed and interpolat...

PT-2026-20369

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.1.8 through 2026.2.13 Description The software contains a command injection issue in the scripts/update-clawtributors.ts script. This affects contributors or maintainers, and CI systems, who execute bun...

CVE-2021-22218

All versions of GitLab CE/EE starting from 12.8 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 were affected by an issue in the handling of x509 certificates that could be used to spoof author of signed commits...

Soft Serve does not sanitize ANSI escape sequences in user input

Impact In several places where the user can insert data e.g. names, ANSI escape sequences are not being removed, which can then be used, for example, to show fake alerts. In the same token, git messages, when printed, are also not being sanitized. Places in which this was found: 1. Repository...

GHSA-FV2R-R8MP-PG48 Soft Serve does not sanitize ANSI escape sequences in user input

Impact In several places where the user can insert data e.g. names, ANSI escape sequences are not being removed, which can then be used, for example, to show fake alerts. In the same token, git messages, when printed, are also not being sanitized. Places in which this was found: 1. Repository...

EUVD-2021-9391

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-22245

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view...

CVE-2021-22245

Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view...

GitLab < 13.12.9 (CVE-2021-22245)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view CVE-2021-22245 Note that Nessus has not tested for...

CVE-2021-22245

Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view...

UBUNTU-CVE-2021-22245

Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view...

CVE-2021-22245

Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view...

PT-2021-6754 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to the fixed version Description: The issue is related to improper validation of commit author in GitLab, allowing an attacker to make several pages in a project impossible to view. This can be exploited by a remot...

FreeBSD : Gitlab -- Multiple Vulnerabilities (5f52d646-c31f-11eb-8dcf-001b217b3468)

Gitlab reports : Stealing GitLab OAuth access tokens using XSLeaks in Safari Denial of service through recursive triggered pipelines Unauthenticated CI lint API may lead to information disclosure and SSRF Server-side DoS through rendering crafted Markdown documents Issue and merge request length...

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Stealing GitLab OAuth access tokens using XSLeaks in Safari Denial of service through recursive triggered pipelines Unauthenticated CI lint API may lead to information disclosure and SSRF Server-side DoS through rendering crafted Markdown documents Issue and merge request length...

Cross site scripting

Various resources in Atlassian Fisheye before version 4.5.1 the fixed version for 4.5.x and before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the name of a commit author...

CVE-2017-18090

Various resources in Atlassian Fisheye before version 4.5.1 the fixed version for 4.5.x and before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the name of a commit author...

CVE-2017-18090

Various resources in Atlassian Fisheye before version 4.5.1 the fixed version for 4.5.x and before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the name of a commit author...