GHSA-85JX-FM8M-X8C6 zot’s create-only policy allows overwrite attempts of existing latest tag (update permission not required)

zot’s dist-spec authorization middleware infers the required action for PUT /v2/name/manifests/reference as create by default, and only switches to update when the tag already exists and reference != "latest". as a result, when latest already exists, a user who is allowed to create but not allowe...

EUVD-2023-12555

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-0508

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all...

Malicious code in api-react127 (npm)

The package communicates with a domain associated with malicious activity...

CVE-2025-55156 PyLoad vulnerable to SQL Injection via API /json/add_package in add_links parameter

pyLoad is the free and open-source Download Manager written in pure Python. Prior to version 0.5.0b3.dev91, the parameter addlinks in API /json/addpackage is vulnerable to SQL Injection. Attackers can modify or delete data in the database, causing data errors or loss. This issue has been patched ...

CVE-2023-0508

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. Open redirection was possible via HTTP response splitting in the NPM package API...

Malicious code in api-demo-sample-lib2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9bf23a2c3e41d22ea84314170a6f9e3359768c7cedbf3bb3235f4f1146b218fc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

BIT-GITLAB-2023-0508 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. Open redirection was possible via HTTP response splitting in the NPM package API...

Open Redirection

gitlab is vulnerable to Open Redirection. An attacker can redirect users to malicious URLs through the HTTP response splitting in the NPM package API...

CVE-2023-0508

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. Open redirection was possible via HTTP response splitting in the NPM package API...

CVE-2023-0508

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. Open redirection was possible via HTTP response splitting in the NPM package API...

Open redirect

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. Open redirection was possible via HTTP response splitting in the NPM package API...

CVE-2023-0508

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. Open redirection was possible via HTTP response splitting in the NPM package API...

CVE-2023-0508

GitLab CE/EE contains a vulnerability: improper handling of HTTP header CRLF in the NPM package API allows an open redirect (HTTP response splitting). Affected versions are 15.4–15.10.8, 15.11–15.11.7, and 16.0–16.0.2. Remediations are provided in the cited advisories (patches: 15.10.8, 15.11.7, ...

CVE-2023-0508

Removed by vendor...

CVE-2023-0508 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. Open redirection was possible via HTTP response splitting in the NPM package API...

CVE-2023-0508 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. Open redirection was possible via HTTP response splitting in the NPM package API...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab CE/EE, which stems from an open...