BIT-GITLAB-2025-9222 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2.2 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to achieve stored cross-site scripting by exploiting GitLab Flavored Markdown...

CVE-2025-9222

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2.2 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to achieve stored cross-site scripting by exploiting GitLab Flavored Markdown...

CVE-2025-9222 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2.2 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to achieve stored cross-site scripting by exploiting GitLab Flavored Markdown...

CVE-2025-9222

GitLab CE/EE is affected by CVE-2025-9222 (stored XSS via GitLab Flavored Markdown) across versions 18.2.2–before 18.5.5, 18.6–before 18.6.3, and 18.7–before 18.7.1. The issue is triggered by authenticated user input in Markdown that could be rendered on pages, enabling stored XSS. GitLab has rem...

CVE-2025-9222 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2.2 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to achieve stored cross-site scripting by exploiting GitLab Flavored Markdown...

CVE-2025-9222 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2.2 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to achieve stored cross-site scripting by exploiting GitLab Flavored Markdown...

PT-2026-1960

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.2.2 through 18.5.4 GitLab CE/EE versions 18.6.0 through 18.6.2 GitLab CE/EE versions 18.7.0 through 18.7.0 Description An issue exists in GitLab CE/EE that allows an authenticated user to achieve stored cross-site...

EUVD-2020-26457

Malware in sbrugna...

EUVD-2021-26243

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-39887

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown in GitLab CE/EE version 8.4 and above allowed an attacker to execute arbitrary...

Linux Distros Unpatched Vulnerability : CVE-2022-2761

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An information disclosure issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an...

Linux Distros Unpatched Vulnerability : CVE-2020-5238

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The table extension in GitHub Flavored Markdown before version 0.29.0.gfm.1 takes On n time to parse certain inputs. An attacker could craft a markdown table...

CVE-2021-39887

A stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown in GitLab CE/EE version 8.4 and above allowed an attacker to execute arbitrary JavaScript code on the victim's behalf...

[SECURITY] Fedora 39 Update: rust-comrak-0.18.0-4.fc39

A 100% CommonMark-compatible GitHub Flavored Markdown parser and formatter...

BIT-GITLAB-2021-39887

A stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown in GitLab CE/EE version 8.4 and above allowed an attacker to execute arbitrary JavaScript code on the victim's behalf...

Cross-site Scripting (XSS)

gitlab is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the Flavored Markdown in the library, which allows an attacker to inject and execute malicious javascript...

Fedora: Security Advisory for rust-comrak (FEDORA-2023-035d5910b9)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for rust-comrak (FEDORA-2023-e9243281cb)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 37 Update: rust-comrak-0.18.0-1.fc37

A 100% CommonMark-compatible GitHub Flavored Markdown parser and formatter...

[SECURITY] Fedora 38 Update: rust-comrak-0.18.0-1.fc38

A 100% CommonMark-compatible GitHub Flavored Markdown parser and formatter...