21723 matches found
PT-2026-56587
Name of the Vulnerable Software and Affected Versions GitLab EE versions 9.5 through 18.11.6 GitLab EE versions 19.0 through 19.0.3 GitLab EE versions 19.1 through 19.1.1 Description Improper authorization controls could allow an authenticated user with maintainer-role permissions to obtain the...
PT-2026-56589
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 15.7 through 18.11.6 GitLab CE/EE versions 19.0 through 19.0.3 GitLab CE/EE versions 19.1 through 19.1.1 Description An issue exists where improper sanitization of user-supplied input could allow an authenticated user to...
PT-2026-56614
Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.2 through 18.11.6 GitLab EE versions 19.0 through 19.0.3 GitLab EE versions 19.1 through 19.1.1 Description An improper authorization issue exists in certain GraphQL operations that could allow an authenticated user with...
GHSA-Q675-QJ96-32M9 vulnerabilities
Vulnerabilities for packages: seaweedfs-operator, gitlab-workhorse-ce, seaweedfs, seaweedfs-fips, seaweedfs-rocksdb, seaweedfs-operator-fips, seaweedfs-rocksdb-fips...
GHSA-H7CP-R72F-JXH6 vulnerabilities
Vulnerabilities for packages: gitlab-rails-ce, gitlab-rails-ce-fips...
CVE-2025-6545 vulnerabilities
Vulnerabilities for packages: gitlab-rails-ce, gitlab-rails-ce-fips...
GHSA-V62P-RQ8G-8H59 vulnerabilities
Vulnerabilities for packages: gitlab-rails-ce, gitlab-rails-ce-fips...
CVE-2025-6547 vulnerabilities
Vulnerabilities for packages: gitlab-rails-ce, gitlab-rails-ce-fips...
CVE-2026-54673 electron-updater: Cross-origin redirect leaks `PRIVATE-TOKEN` and mixed-case `Authorization` credentials in `builder-util-runtime`
electron-updater allows for automatic updates for Electron apps. Prior to 9.7.0, the HTTP redirect handler HttpExecutor.prepareRedirectUrlOptions only stripped a credential header whose key string matched exactly lowercase "authorization", exposing credentials. Other credential-bearing headers —...
CVE-2026-54673 electron-updater: Cross-origin redirect leaks `PRIVATE-TOKEN` and mixed-case `Authorization` credentials in `builder-util-runtime`
electron-updater allows for automatic updates for Electron apps. Prior to 9.7.0, the HTTP redirect handler HttpExecutor.prepareRedirectUrlOptions only stripped a credential header whose key string matched exactly lowercase "authorization", exposing credentials. Other credential-bearing headers —...
CVE-2026-6552 vulnerabilities
Vulnerabilities for packages: gitlab-runner...
CVE-2026-6976 vulnerabilities
Vulnerabilities for packages: gitlab-runner...
CVE-2026-7250 vulnerabilities
Vulnerabilities for packages: gitlab-runner...
GHSA-7MQ5-3VCF-V96V vulnerabilities
Vulnerabilities for packages: gitlab-runner...
GHSA-R82J-G6Q9-MVX8 vulnerabilities
Vulnerabilities for packages: gitlab-runner...
CVE-2026-6277 vulnerabilities
Vulnerabilities for packages: gitlab-runner...
CVE-2026-9204 vulnerabilities
Vulnerabilities for packages: gitlab-runner...
GHSA-5CR4-QWVX-32J2 vulnerabilities
Vulnerabilities for packages: gitlab-runner...
GHSA-C4M8-PV9J-V7MM vulnerabilities
Vulnerabilities for packages: gitlab-runner...
GHSA-CX4G-HR74-M89M vulnerabilities
Vulnerabilities for packages: gitlab-runner...