EUVD-2021-9386

Malicious code in bioql PyPI...

EUVD-2021-9323

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-2443

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific...

CVE-2025-5101 Improper Control of Generation of Code ('Code Injection') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that under certain conditions could have allowed an authenticated attacker to distribute malicious code that appears harmless in the web interface by taking advantage of...

Linux Distros Unpatched Vulnerability : CVE-2021-22205

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a fil...

Linux Distros Unpatched Vulnerability : CVE-2023-2200

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14 before 15.11.10, all versions starting from 16.0 before 16.0.6, all...

CVE-2025-4976

An issue has been discovered in GitLab EE affecting all versions from 17.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under certain circumstances, could have allowed an attacker to access internal notes in GitLab Duo responses...

CVE-2025-4976 Exposure of Sensitive Information Due to Incompatible Policies in GitLab

An issue has been discovered in GitLab EE affecting all versions from 17.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under certain circumstances, could have allowed an attacker to access internal notes in GitLab Duo responses...

PT-2025-30635 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.0 through 18.0.4 GitLab CE/EE versions 18.1 through 18.1.2 GitLab CE/EE versions 18.2 through 18.2.0 Description: An issue allows privileged users to access certain resource group information through the API that shou...

PT-2025-30613 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.10 through 18.0.4 GitLab CE/EE versions 18.1 through 18.1.2 GitLab CE/EE versions 18.2 through 18.2.0 Description: An issue exists in GitLab CE/EE that could allow an authenticated user to perform cross-site scripting...

Gitlab -- vulnerabilities

Gitlab reports: Cross-site scripting issue impacts Kubernetes Proxy in GitLab CE/EE Cross-site scripting issue impacts Kubernetes Proxy in GitLab CE/EE using CDNs Exposure of Sensitive Information to an Unauthorized Actor issue impacts GitLab CE/EE Improper Access Control issue impacts GitLab EE...

PT-2025-30634 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 17.0 through 18.0.4 GitLab EE versions 18.1 through 18.1.2 GitLab EE versions 18.2 through 18.2.0 Description: An issue exists in GitLab EE that, under certain circumstances, could allow an attacker to access internal notes...

PT-2025-30636 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 17.9 through 18.0.4 GitLab CE/EE versions 18.1 through 18.1.2 GitLab CE/EE versions 18.2 through 18.2.0 Description: An issue exists in GitLab CE/EE that could allow an unauthorized user to access custom service desk ema...

PT-2025-30609 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.10 through 18.0.5 GitLab CE/EE versions 18.1 through 18.1.3 GitLab CE/EE versions 18.2 through 18.2.1 Description: An issue exists in GitLab CE/EE that, under specific circumstances, could allow a successful attacker ...

PT-2025-30637 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.4 through 18.0.4 GitLab CE/EE versions 18.1 through 18.1.2 GitLab CE/EE versions 18.2 through 18.2.0 Description: An issue exists that may allow an unauthorized user to read deployment job logs by sending a crafted...

CVE-2025-3396

An issue has been discovered in GitLab EE affecting all versions from 13.3 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that could have allowed authenticated project owners to bypass group-level forking restrictions by manipulating API requests...

CVE-2025-4972

An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated users with invitation privileges to bypass group-level user invitation restrictions by manipulating group invitation functionality...

CVE-2025-4972

An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated users with invitation privileges to bypass group-level user invitation restrictions by manipulating group invitation functionality...

CVE-2025-3396

Removed by vendor...

CVE-2025-4972 Incorrect Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated users with invitation privileges to bypass group-level user invitation restrictions by manipulating group invitation functionality...