GitLab CE/EE - Hard-Coded Credentials

GitLab CE/EE contains a hard-coded credentials vulnerability. A hardcoded password was set for accounts registered using an OmniAuth provider e.g. OAuth, LDAP, SAML, allowing attackers to potentially take over accounts. This template attempts to passively identify vulnerable versions of GitLab...

EUVD-2020-5574

Malware in sbrugna...

EUVD-2017-0216

Malware in sbrugna...

EUVD-2018-0158

Malware in sbrugna...

EUVD-2017-0228

Malware in sbrugna...

EUVD-2020-1445

Malware in sbrugna...

EUVD-2017-8873

Malware in sbrugna...

EUVD-2020-1480

Malware in sbrugna...

EUVD-2019-0585

Malware in sbrugna...

EUVD-2022-4629

Malicious code in bioql PyPI...

EUVD-2024-16978

Malicious code in bioql PyPI...

EUVD-2024-0260

Malicious code in bioql PyPI...

EUVD-2022-2099

Malicious code in bioql PyPI...

EUVD-2025-29406

Malicious code in bioql PyPI...

EUVD-2022-6596

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2018-8971

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing ...

MAL-2025-41805 Malicious code in omniauth-pro-sante-connect (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in omniauth-pro-sante-connect (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Linux Distros Unpatched Vulnerability : CVE-2024-1211

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from...

Linux Distros Unpatched Vulnerability : CVE-2020-13314

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Omniauth endpoint allowed a malicious user to submit content to be...