1364 matches found
GitLab CE/EE - Information Disclosure
GitLab CE/EE is susceptible to information disclosure. An attacker can access runner registration tokens using quick actions commands, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. Affected versions are from 12.10 before 14.6.5,...
Malicious code in @luminarycloudinternal/frodo (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58ed68e675b2b6cde30e6b7c8e34077eda805a4bde64ca7cd2c68c6f4370ee5f Package published under a scope shadowing internal Luminary Cloud packages @luminarycloudinternal at version 9999.0.1 — the canonical...
CVE-2026-54344
ToolJet is an open-source low-code platform for building internal tools. Prior to 3.20.180, ToolJet's render preview deployment workflow interpolates github.event.comment.body directly into a bash conditional in a run step, allowing any GitHub user who can comment on an open pull request with a...
EUVD-2026-42263
n8n before 1.123.55, 2.25.7, and 2.26.2 contains an authorization bypass in the POST /workflows/workflowId/test-runs/new endpoint, which authorizes access using the workflow:read scope instead of workflow:execute. An authenticated user with read-only access to a workflow can trigger a real...
EUVD-2026-36315
OpenClaw: Embedded runner policy could be confused by provider aliases...
GHSA-P39J-X9H5-Q66M OpenClaw: Embedded runner policy could be confused by provider aliases
Summary Embedded runner policy could be confused by provider aliases. In affected versions, a request using provider aliases could compare policy against an alias instead of the canonical provider identity. This advisory is scoped to the named feature and configuration. It does not change...
EUVD-2026-40453
n8n before 2.25.7 and 2.26.x before 2.26.2 contains an abstract syntax tree AST security validator bypass in the Python Code node. An authenticated user with permission to create or modify workflows containing a Python Code node can bypass the validator and access the task executor module...
CVE-2026-56777
n8n before 2.25.7 and 2.26.x before 2.26.2 contains an abstract syntax tree AST security validator bypass in the Python Code node. An authenticated user with permission to create or modify workflows containing a Python Code node can bypass the validator and access the task executor module...
CVE-2026-56777 n8n - AST Validator Bypass in Python Code Node
n8n before 2.25.7 and 2.26.x before 2.26.2 contains an abstract syntax tree AST security validator bypass in the Python Code node. An authenticated user with permission to create or modify workflows containing a Python Code node can bypass the validator and access the task executor module...
GHSA-R82J-G6Q9-MVX8 vulnerabilities
Vulnerabilities for packages: gitlab-runner...
GHSA-HM74-P2XF-RQGC vulnerabilities
Vulnerabilities for packages: gitlab-runner...
GHSA-CX4G-HR74-M89M vulnerabilities
Vulnerabilities for packages: gitlab-runner...
GHSA-7MQ5-3VCF-V96V vulnerabilities
Vulnerabilities for packages: gitlab-runner...
CVE-2026-9204 vulnerabilities
Vulnerabilities for packages: gitlab-runner...
CVE-2026-6976 vulnerabilities
Vulnerabilities for packages: gitlab-runner...
CVE-2026-6552 vulnerabilities
Vulnerabilities for packages: gitlab-runner...
GHSA-Q9J8-24P8-JQ8J vulnerabilities
Vulnerabilities for packages: gitlab-runner...
GHSA-C4M8-PV9J-V7MM vulnerabilities
Vulnerabilities for packages: gitlab-runner...
CVE-2026-9694 vulnerabilities
Vulnerabilities for packages: gitlab-runner...
GHSA-5CR4-QWVX-32J2 vulnerabilities
Vulnerabilities for packages: gitlab-runner...