CVE-2026-1322 Business Logic Errors in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with a readapi scoped OAuth application to create issues and add comments to issues in private projects due t...

CVE-2026-1322

GitLab CVE-2026-1322 affects GitLab CE/EE; authenticated users with a read_api scoped OAuth app could create issues and add comments in private projects due to improper authorization. Affected versions: 16.0–<18.9.7, 18.10–<18.10.6, 18.11–

Command Injection

Overview wenxian is a Generate references. Affected versions of this package are vulnerable to Command Injection via the github.event.comment.body input in the GitHub Actions workflow. An attacker can execute arbitrary shell commands on the CI runner by posting crafted comments to issues, leading...

GO-2026-4620 Gogs: Stored XSS via data URI in issue comments in gogs.io/gogs

Gogs: Stored XSS via data URI in issue comments in gogs.io/gogs. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please suggest an...

CVE-2026-26022

Gogs (self-hosted Git service) prior to v0.14.2 contains a stored XSS in comments and issue descriptions due to an HTML sanitizer allowing data: URI schemes. Exploitation requires authenticated user interaction and can lead to arbitrary JavaScript execution in the context of the affected page. Th...

CVE-2026-26022 Gogs: Stored XSS via data URI in issue comments

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, a stored cross-site scripting XSS vulnerability exists in the comment and issue description functionality. The application's HTML sanitizer explicitly allows data: URI schemes, enabling authenticated users to inject arbitrar...

CVE-2026-26022 Gogs: Stored XSS via data URI in issue comments

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, a stored cross-site scripting XSS vulnerability exists in the comment and issue description functionality. The application's HTML sanitizer explicitly allows data: URI schemes, enabling authenticated users to inject arbitrar...

CVE-2022-0489

An issue has been discovered in GitLab CE/EE affecting all versions starting with 8.15 . It was possible to trigger a DOS by using the math feature with a specific formula in issue comments...

EUVD-2018-11264

Malware in sbrugna...

EUVD-2019-4578

Malware in sbrugna...

EUVD-2019-6560

Malware in sbrugna...

EUVD-2023-56101

Malicious code in bioql PyPI...

EUVD-2025-29409

Malicious code in bioql PyPI...

EUVD-2023-56100

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-0489

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting with 8.15 . It was possible to trigger a DOS by using the math feature with a...

CVE-2023-51379

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required contents:write and issues:read...

CVE-2019-15593

GitLab 12.2.3 contains a security vulnerability that allows a user to affect the availability of the service through a Denial of Service attack in Issue Comments...

BIT-GITLAB-2022-0489

An issue has been discovered in GitLab CE/EE affecting all versions starting with 8.15 . It was possible to trigger a DOS by using the math feature with a specific formula in issue comments...

CVE-2023-51380

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and...

CVE-2023-51379

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. This vulnerability did not allow unauthorized access to any repository content as it also required contents:write and issues:read...