GHSA-XMPW-2VMM-P4P6 Malicious code in guardrails-ai 0.10.1 (supply chain compromise)

Impact On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of guardrails-ai 0.10.1 to PyPI. Affected: any user who installed guardrails-ai==0.10.1 from PyPI on May 11, 2026. Security researchers identified the malicious package within approximately 2 hours ...

Security Bulletin: NVIDIA NeMo Framework - December 2025

NVIDIA has released a software update for NVIDIA® NeMo Framework. To protect your system, clone or update this software to version 2.5.3 or later from NVIDIA/NeMo Framework on NVIDIA GitHub and pypi. Go to NVIDIA Product Security...

CVE-2025-58763

Tautulli (Python-based Plex monitoring) has a command-injection vulnerability affecting v2.15.3 and earlier. The flaw arises when cloning from GitHub and installing manually, where the update/version logic calls runGit via subprocess.Popen with shell=True. The checkout_git_branch path stores un s...

Security Bulletin: NVIDIA NeMo Framework - August 2025

NVIDIA has released a software update for NVIDIA® NeMo Framework. To protect your system, download and install the latest NVIDIA Nemo Framework from NVIDIA GitHub. Go to NVIDIA Product Security...

CVE-2022-2992

A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint...

BIT-GITLAB-2022-2884

A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint...

BIT-GITLAB-2022-2992

A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint...

UBUNTU-CVE-2022-2992

A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint...

CVE-2022-2992

CVE-2022-2992 is a GitLab GitHub Import API deserialization flaw that enables authenticated users to trigger remote code execution. Affected products are GitLab CE/EE with versions 11.10–11.10.x? (per the wording) and all releases prior to 15.1.6, 15.2 up to 15.2.4, and 15.3 up to 15.3.2. The roo...

CVE-2022-2992

A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint...

Vulnerabilities fixed in GitLab CE and EE

Vulnerabilities have been fixed in GitLab Community Edition and Enterprise Edition. The vulnerabilities allow a malicious person to able to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Bypassing...

GitLab 11.3.4 < 15.1.5, 15.2.x < 15.2.3, 15.3.x < 15.3.1 RCE Vulnerability

GitLab is prone to a remote command execution RCE vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; ...

Vulnerabilities fixed in GitLab Enterprise Edition and GitLab Community Edition

GitLab has fixed a vulnerability in GitLab Enterprise Edition and GitLab Community Edition. An authenticated malicious party could exploit the vulnerability to execute arbitrary code via the 'Import from GitHub' API Endpoint to execute arbitrary code with permissions from the application and...

PT-2021-15549 · Ajaxpro · Ajaxpro

Name of the Vulnerable Software and Affected Versions: ajaxpro.2 versions prior to 21.11.29.1 Description: The issue is related to Deserialization of Untrusted Data, which can be abused to gain remote code execution. This occurs due to the possibility of deserialization of arbitrary .NET classes...

Sigurlfind3R - A Reconnaissance Tool, It Fetches URLs From AlienVault's OTX, Common Crawl, URLScan, Github And The Wayback Machine

sigurlfind3r is a passive reconnaissance tool, it fetches known URLs from AlienVault's OTX , Common Crawl , URLScan , Github and the Wayback Machine. DiSCLAIMER: fetching urls from github is a bit slow. Usage sigurlfind3r -h This will display help for the tool. | |/ | | / / | |/ | | | | '| | || |...