21534 matches found
GitLab Enterprise Edition - Server-Side Request Forgery
An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The Jira integration feature is vulnerable to an unauthenticated blind SSRF issue. id: CVE-2019-6793 info: name: GitLab Enterprise Edition - Server-Side Request Forgery author:...
GitLab CE/EE - Remote Code Execution
GitLab CE/EE 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 is susceptible to remote code execution. An authenticated user authorized to import projects can import a maliciously crafted project, thus possibly being able to execute malware, obtain sensitive information, modi...
GitLab CE/EE - Information Disclosure
GitLab CE/EE is susceptible to information disclosure. An attacker can access runner registration tokens using quick actions commands, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. Affected versions are from 12.10 before 14.6.5,...
Gitlab CE/EE 10.5 - Server-Side Request Forgery
GitLab CE/EE versions starting from 10.5 are susceptible to a server-side request forgery vulnerability when requests to the internal network for webhooks are enabled, even on a GitLab instance where registration is limited. The same vulnerability actually spans multiple CVEs, due to similar...
Gitlab CE/EE 13.4 - 13.6.2 - Information Disclosure
GitLab CE and EE 13.4 through 13.6.2 is susceptible to Information disclosure via GraphQL. User email is visible. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2020-26413 info:...
SonarQube - Authentication Bypass
SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. id: CVE-2020-27986 info: name: SonarQube - Authentication Bypass author: pikpikcu severity: high description: | SonarQube 8.4.2.36762 allows remote attackers to...
GitLab CI Lint API - Server-Side Request Forgery
GitLab 10.5 and later contain a server-side request forgery caused by insecure handling of webhook requests, letting unauthenticated attackers exploit the server for arbitrary requests, exploit requires sending crafted webhook requests. id: CVE-2021-22175 info: name: GitLab CI Lint API -...
GHSA-95JQ-XPH2-CX9H vulnerabilities
Vulnerabilities for packages: gitlab-rails-ce-fips...
CVE-2025-8101 vulnerabilities
Vulnerabilities for packages: gitlab-rails-ce-fips...
GHSA-X527-X647-Q7GG vulnerabilities
Vulnerabilities for packages: kots, opentelemetry-collector, gitea, nemo, flux-image-automation-controller, spire-server, helm, knative-serving-fips, kubescape-server-fips, cloudbeat, cilium, skaffold, kubescape, cilium-cli, k9s-fips, argocd-image-updater-fips, kubernetes, coder,...
GHSA-45GG-VH54-H5M9 vulnerabilities
Vulnerabilities for packages: kots, opentelemetry-collector, gitea, nemo, flux-image-automation-controller, spire-server, helm, knative-serving-fips, kubescape-server-fips, cloudbeat, cilium, skaffold, kubescape, cilium-cli, k9s-fips, argocd-image-updater-fips, kubernetes, coder,...
GHSA-QPW4-5X99-6VJP vulnerabilities
Vulnerabilities for packages: kots, opentelemetry-collector, gitea, terragrunt-fips, nemo, flux-image-automation-controller, spire-server, gatus, helm, knative-serving-fips, terragrunt, trufflehog-fips, redpanda-console, gptscript, cloudbeat, cilium, kubescape-server-fips, mapotf, wal-g, skaffold...
GHSA-RM3J-F69W-WQMQ vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure-storage, ksops, terragrunt-fips, flux-image-automation-controller, crossplane-provider-aws-ecs, helm, crossplane-provider-aws-bedrockagent-fips, knative-serving-fips, terragrunt, crossplane-provider-aws-kinesis-fips,...
GHSA-JPPX-RXG9-JMRX vulnerabilities
Vulnerabilities for packages: kots, opentelemetry-collector, nemo, spire-server, helm, knative-serving-fips, cilium, cilium-cli, kubernetes, prometheus-operator, kyverno-fips, prometheus-mongodb-exporter, buildah, frankenphp-8.5, opentofu-fips, k3s, zot, frankenphp-8.3, docker-cli-buildx,...
GHSA-9M57-25V3-79X9 vulnerabilities
Vulnerabilities for packages: kots, opentelemetry-collector, nemo, spire-server, helm, knative-serving-fips, cilium, terraform-fips, cilium-cli, kubernetes, prometheus-operator, kyverno-fips, prometheus-mongodb-exporter, buildah, frankenphp-8.5, opentofu-fips, k3s, zot, frankenphp-8.3,...
GHSA-Q4H4-GMJ2-QVW2 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure-storage, ksops, terragrunt-fips, flux-image-automation-controller, crossplane-provider-aws-ecs, helm, crossplane-provider-aws-bedrockagent-fips, knative-serving-fips, terragrunt, crossplane-provider-aws-kinesis-fips,...
GHSA-X527-X647-Q7GG vulnerabilities
Vulnerabilities for packages: cloud-provider-aws, flux, cert-manager, kots, mattermost, spire-server, chisel, k3s, kaf, minio, zot, fscrypt, kyverno, prometheus, snyk-cli, aactl, loki, kubernetes-dashboard, kubernetes, skaffold, zarf, external-dns, helm, telegraf, prometheus-operator, cilium-cli,...
GHSA-W879-237Q-WC7R vulnerabilities
Vulnerabilities for packages: teleport, nuclei, dagger, kaf, prometheus, neuvector-sigstore-interface, wolfictl, go-discover, crossplane-provider-azure-managedidentity, zarf, kargo, prometheus-operator, step-kms-plugin, telegraf, terragrunt, pulumi-language-java, crossplane-provider-family-azure,...
GHSA-JPPX-RXG9-JMRX vulnerabilities
Vulnerabilities for packages: teleport, podman, cloud-provider-aws, flux, cert-manager, kots, mattermost, spire-server, k3s, kaf, minio, zot, fscrypt, kyverno, prometheus, snyk-cli, aactl, loki, kubernetes-dashboard, docker-cli-buildx, kubernetes, external-dns, helm, telegraf, prometheus-operator...
GHSA-F5WC-C3C7-36MC vulnerabilities
Vulnerabilities for packages: teleport, nuclei, dagger, kaf, prometheus, wolfictl, go-discover, zarf, telegraf, prometheus-operator, step-kms-plugin, terragrunt, pulumi-language-java, scorecard, gitlab-kas, rancher, external-secrets-operator, istio, pulumi, pulumi-language-dotnet, cert-manager,...