CVE-2026-42195

draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.9, the draw.io client accepts a ?gitlab= URL parameter that overrides the GitLab server URL used during OAuth sign-in. A crafted link causes the user's click on draw.io's "Authorize in GitLab" dialog to ope...

PT-2026-40876

Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.7 through 18.9.6 GitLab EE versions 18.10 through 18.10.5 GitLab EE versions 18.11 through 18.11.2 Description An issue in customizable analytics dashboards allows an authenticated user to execute arbitrary JavaScript in...

GHSA-389R-GV7P-R3RP vulnerabilities

Vulnerabilities for packages: xeol, teleport, grype, gitsign, crossplane, argo-events, pulumi, kubescape, cerbos, flux, argo-cd, apko, external-secrets-operator, pulumi-language-dotnet, trufflehog, pulumi-language-java, gitaly, scorecard, wolfictl, zot, trivy-operator, melange, gptscript,...

CVE-2026-45022 vulnerabilities

Vulnerabilities for packages: xeol, teleport, grype, gitsign, crossplane, argo-events, pulumi, kubescape, cerbos, flux, argo-cd, apko, external-secrets-operator, pulumi-language-dotnet, trufflehog, pulumi-language-java, gitaly, scorecard, wolfictl, zot, trivy-operator, melange, gptscript,...

CVE-2026-45022 vulnerabilities

Vulnerabilities for packages: flux, gitea, grype-fips, argo-events, nfpm, argocd-image-updater-fips, kaniko, skaffold-fips, trufflehog-fips, rancher-fleet-fips, cloudbeat-fips, crossplane, gitlab-rails-ce-fips, gitaly-fips, rancher-fleet, flux-source-controller, syft, dagger, packer,...

GHSA-389R-GV7P-R3RP vulnerabilities

Vulnerabilities for packages: flux, gitea, grype-fips, argo-events, nfpm, argocd-image-updater-fips, kaniko, skaffold-fips, trufflehog-fips, rancher-fleet-fips, cloudbeat-fips, crossplane, gitlab-rails-ce-fips, gitaly-fips, rancher-fleet, flux-source-controller, syft, dagger, packer,...

GHSA-526F-JXPJ-JMG2 vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce-fips, gitlab-rails-ce...

CVE-2026-43870 vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce-fips, gitlab-rails-ce...

CVE-2026-44837 vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce-fips, gitlab-rails-ce...

CVE-2026-44836 vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce-fips, gitlab-rails-ce...

GHSA-HG3H-G7XC-F7VP vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce-fips, gitlab-rails-ce...

GHSA-7F3R-GWC9-2995 vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce-fips, gitlab-rails-ce...

CVE-2026-40295 vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce-fips, gitlab-rails-ce...

GHSA-JP94-3292-C3XV vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce-fips, gitlab-rails-ce...

GHSA-8JR5-6GVJ-RFPF @yoda.digital/gitlab-mcp-server's SSE transport has no authentication and wildcard CORS, exposing all 86 GitLab tools

SSE Transport Has No Authentication and Wildcard CORS, Exposing All 86 GitLab Tools Including Destructive Operations A review of mcp-gitlab-server at commit 80a7b4cf3fba6b55389c0ef491a48190f7c8996a uncovered that the SSE HTTP transport — advertised in the README and comparison table as a...

@yoda.digital/gitlab-mcp-server's SSE transport has no authentication and wildcard CORS, exposing all 86 GitLab tools

SSE Transport Has No Authentication and Wildcard CORS, Exposing All 86 GitLab Tools Including Destructive Operations A review of mcp-gitlab-server at commit 80a7b4cf3fba6b55389c0ef491a48190f7c8996a uncovered that the SSE HTTP transport — advertised in the README and comparison table as a...

PT-2026-39306

Name of the Vulnerable Software and Affected Versions GitLab MCP Server versions prior to 0.6.0 Description The HTTP transport in src/transport.ts lacks an authentication layer and implements a wildcard Access-Control-Allow-Origin: header on all responses. This allows any cross-origin browser...

CVE-2026-42195

draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.9, the draw.io client accepts a ?gitlab= URL parameter that overrides the GitLab server URL used during OAuth sign-in. A crafted link causes the user's click on draw.io's "Authorize in GitLab" dialog to ope...

CVE-2026-42195 Unvalidated gitlab URL parameter redirects OAuth authorize step to attacker-controlled host

draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.9, the draw.io client accepts a ?gitlab= URL parameter that overrides the GitLab server URL used during OAuth sign-in. A crafted link causes the user's click on draw.io's "Authorize in GitLab" dialog to ope...

CVE-2026-42195 Unvalidated gitlab URL parameter redirects OAuth authorize step to attacker-controlled host

draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.9, the draw.io client accepts a ?gitlab= URL parameter that overrides the GitLab server URL used during OAuth sign-in. A crafted link causes the user's click on draw.io's "Authorize in GitLab" dialog to ope...