Bytebase vulnerable to Improper Authentication

Impact - GitLab login allows login by any user. - JWT auth token can be derived as long as the server isn't rebooted. - Developers can assign issues to non-admin/DBA users...

Use of Client-Side Authentication

Overview Affected versions of this package are vulnerable to Use of Client-Side Authentication in the VCS oauth. An attacker can gain unauthorized access by exploiting weaknesses in the GitLab login mechanism or by deriving a JWT authentication token without requiring a server reboot. Remediation...

GHSA-5R3P-6RJ5-7937 Bytebase vulnerable to Improper Authentication

Impact - GitLab login allows login by any user. - JWT auth token can be derived as long as the server isn't rebooted. - Developers can assign issues to non-admin/DBA users...

Use of Client-Side Authentication

Overview Affected versions of this package are vulnerable to Use of Client-Side Authentication in the VCS oauth. An attacker can gain unauthorized access by exploiting weaknesses in the GitLab login mechanism or by deriving a JWT authentication token without requiring a server reboot. Remediation...

CVE-2025-66629

HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.4, some of HedgeDoc's OAuth2 endpoints for social login providers such as Google, GitHub, GitLab, Facebook or Dropbox lack CSRF protection, since they don't send a state parameter and verify the respon...