CVE-2025-9484

GitLab has remediated an issue in GitLab EE affecting all versions from 16.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that under certain circumstances could have allowed an authenticated user to have access to other users' email addresses via certain GraphQL queries...

CVE-2026-41129

Craft CMS is a content management system CMS. Versions on the 4.x branch through 4.17.8 and the 5.x branch through 5.9.14 are vulnerable to Server-Side Request Forgery. The exploitation requires a few permissions to be enabled in the used GraphQL schema: "Edit assets in the volume" and "Create...

PT-2026-46848

Summary The hidden nhost configserver used by nhost dev exposes the Mimir GraphQL API with dummy authorization directives and permissive CORS. When a developer is running the local development environment, any process that can reach the developer's localhost service, including a web page loaded...

PT-2026-32411

GitLab has remediated an issue in GitLab EE affecting all versions from 16.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that under certain circumstances could have allowed an authenticated user to have access to other users' email addresses via certain GraphQL queries...

UBUNTU-CVE-2025-9484

GitLab has remediated an issue in GitLab EE affecting all versions from 16.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that under certain circumstances could have allowed an authenticated user to have access to other users' email addresses via certain GraphQL queries...

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD continuous integration and delivery. There were security vulnerabilities in versions prior to GitLab 18.8.9,...

EUVD-2026-8914

hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, the userCollection GraphQL query accepts an arbitrary collection ID and returns the full collection data — including title, type, and the serialized data field containing HTTP requests with headers and potentially...

Linux Distros Unpatched Vulnerability : CVE-2025-11246

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowe...

CVE-2022-0152

An issue has been discovered in GitLab affecting all versions starting from 13.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was vulnerable to unauthorized access to some particular fields through the GraphQL API...

VulnCheck KEV: CVE-2025-53364

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Starting in 5.3.0 and before 7.5.3 and 8.2.2, the Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While sche...

EUVD-2020-18953

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-26415

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Information about the starred projects for private user profiles was exposed via the GraphQL API starting from 12.2 via the REST API. This affects GitLab =12.2 ...

CVE-2021-35970

Talk 4 in Coral before 4.12.1 allows remote attackers to discover e-mail addresses and other sensitive information via GraphQL because permission checks use an incorrect data type...

PT-2020-16420 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 12.2 through 13.4.7 GitLab versions 13.5 through 13.5.5 GitLab versions 13.6 through 13.6.2 Description: Information about the starred projects for private user profiles was exposed via the GraphQL API starting from version...

PT-2020-16419 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.4 through 13.6.1 Description: An issue has been discovered in GitLab CE/EE, where information disclosure via GraphQL results in user email being unexpectedly visible. Recommendations: For versions 13.4 through 13.6.1,...

GitLab 信息泄露漏洞

GitLab is a Ruby on Rails developed, self-hosted, Git version control system project repository application from GitLab, Inc. The program can be used to access the project's file contents, commit history, bug list , etc. Git is a free, open source distributed version control system. GitLab CE/EE...

GitLab CE/EE Information Disclosure Vulnerability

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab CE/EE version...

PT-2020-16413 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 13.3 through 13.3.8 GitLab EE versions 13.4 through 13.4.4 GitLab EE versions 13.5 through 13.5.1 Description: Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE. This information wa...