217 matches found
EUVD-2021-9391
Malicious code in bioql PyPI...
EUVD-2024-46495
Malicious code in bioql PyPI...
EUVD-2023-54243
Malicious code in bioql PyPI...
EUVD-2022-34545
Malicious code in bioql PyPI...
EUVD-2025-22481
Malicious code in bioql PyPI...
CVE-2025-4976
An issue has been discovered in GitLab EE affecting all versions from 17.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under certain circumstances, could have allowed an attacker to access internal notes in GitLab Duo responses...
CVE-2025-1299
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 18.0.5, all versions starting from 18.1 before 18.1.3, all versions starting from 18.2 before 18.2.1 that, under circumstances, could have allowed an unauthorized user to read deployment job logs by...
CVE-2025-1299
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 18.0.5, all versions starting from 18.1 before 18.1.3, all versions starting from 18.2 before 18.2.1 that, under circumstances, could have allowed an unauthorized user to read deployment job logs by...
CVE-2025-0765
GitLab CE/EE CVE-2025-0765 is an Incorrect Authorization vulnerability affecting all versions from 17.9 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1, potentially allowing an unauthorized user to access custom service desk email addresses. The root cause is an authorization issue that...
CVE-2025-6948
An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that, under certain conditions, could have allowed a successful attacker to execute actions on behalf of users by injecting malicious content...
CVE-2025-3396 Incorrect Authorization in GitLab
An issue has been discovered in GitLab EE affecting all versions from 13.3 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that could have allowed authenticated project owners to bypass group-level forking restrictions by manipulating API requests...
CVE-2025-4972
Removed by vendor...
BIT-GITLAB-2025-1754 Missing Authentication for Critical Function in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed unauthenticated attackers to upload arbitrary files to public projects by sending crafted API requests, potentially leading to resource...
CVE-2023-5600
An issue has been discovered in GitLab EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. Arbitrary access to the titles of an private specific references could be leaked through the service-des...
CVE-2024-7586
GitLab EE vulnerability CVE-2024-7586 affects GitLab EE versions: 17.0 up to but not including 17.0.6, 17.1 up to but not including 17.1.4, and 17.2 up to but not including 17.2.2. The issue is that webhook deletion audit logs can preserve auth credentials. A fix exists in the subsequent release ...
BIT-GITLAB-2025-1516 Allocation of Resources Without Limits or Throttling in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 8.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper input validation in Tokens Names could be used to trigger a denial of service...
BIT-GITLAB-2024-9512 Time-of-check Time-of-use (TOCTOU) Race Condition in GitLab
An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync...
CVE-2025-5982
An issue has been discovered in GitLab EE affecting all versions from 12.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Under certain conditions users could bypass IP access restrictions and view sensitive information...
CVE-2025-5982 Insufficient Granularity of Access Control in GitLab
An issue has been discovered in GitLab EE affecting all versions from 12.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Under certain conditions users could bypass IP access restrictions and view sensitive information...
CVE-2025-1516
Removed by vendor...