54 matches found
CVE-2026-27968
Packistry is a self-hosted Composer repository designed to handle PHP package distribution. Prior to version 0.13.0, RepositoryAwareController::authorize verified token presence and ability, but did not enforce token expiration. As a result, an expired deploy token with the correct ability could...
CVE-2026-27968 Packistry accepts expired access tokens
Packistry is a self-hosted Composer repository designed to handle PHP package distribution. Prior to version 0.13.0, RepositoryAwareController::authorize verified token presence and ability, but did not enforce token expiration. As a result, an expired deploy token with the correct ability could...
CVE-2026-27968
Packistry is a self-hosted Composer repository designed to handle PHP package distribution. Prior to version 0.13.0, RepositoryAwareController::authorize verified token presence and ability, but did not enforce token expiration. As a result, an expired deploy token with the correct ability could...
CVE-2026-27968 Packistry accepts expired access tokens
Packistry is a self-hosted Composer repository designed to handle PHP package distribution. Prior to version 0.13.0, RepositoryAwareController::authorize verified token presence and ability, but did not enforce token expiration. As a result, an expired deploy token with the correct ability could...
EUVD-2026-8820
Packistry is a self-hosted Composer repository designed to handle PHP package distribution. Prior to version 0.13.0, RepositoryAwareController::authorize verified token presence and ability, but did not enforce token expiration. As a result, an expired deploy token with the correct ability could...
CVE-2026-27968
CVE-2026-27968 affects Packistry, a self-hosted Composer repository. Before version 0.13.0, RepositoryAwareController::authorize() did not enforce token expiration, allowing an expired deploy token with the correct ability to access repository endpoints (e.g., Composer metadata/download APIs). Th...
PT-2026-22108
Packistry is a self-hosted Composer repository designed to handle PHP package distribution. Prior to version 0.13.0, RepositoryAwareController::authorize verified token presence and ability, but did not enforce token expiration. As a result, an expired deploy token with the correct ability could...
EUVD-2020-5556
Malware in sbrugna...
EUVD-2020-5582
Malware in sbrugna...
EUVD-2022-43096
Malicious code in bioql PyPI...
EUVD-2024-46683
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-5470
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with...
Linux Distros Unpatched Vulnerability : CVE-2022-3820
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. GitLab was not performing correct...
Linux Distros Unpatched Vulnerability : CVE-2020-13296
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting versions =10.7 =13.1.0 =13.2.0 =10.7 =13.1.0 =13.2.0 13.2.6. Improper Access Control for Deploy Tokens...
Linux Distros Unpatched Vulnerability : CVE-2020-13322
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was discovered in GitLab versions after 12.9. Due to improper verification of permissions, an unauthorized user can create and delete deploy...
CVE-2024-5470
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with adminpushrules permission may have been able to create project-level deploy tokens...
CVE-2022-3740
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using...
CVE-2020-13296
An issue has been discovered in GitLab affecting versions =10.7 =13.1.0 =13.2.0 13.2.6. Improper Access Control for Deploy Tokens...
CVE-2024-5470
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with adminpushrules permission may have been able to create project-level deploy tokens...
UBUNTU-CVE-2024-5470
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with adminpushrules permission may have been able to create project-level deploy tokens...