CVE-2025-9825

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 to 18.2.8, 18.3 before 18.3.4, and 18.4 before 18.4.2 that could have allowed authenticated users without project membership to view sensitive manual CI/CD variables by querying the GraphQL API...

CVE-2025-9825

GitLab CE/EE vulnerability CVE-2025-9825 affects versions 13.7–18.2.8, 18.3 before 18.3.4, and 18.4 before 18.4.2. Root cause: GraphQL API authentication flaw could allow authenticated users without project membership to view sensitive manual CI/CD variables. The issue has been remediated in patc...

EUVD-2014-4795

Malware in sbrugna...

EUVD-2022-25173

Malicious code in bioql PyPI...

EUVD-2022-42832

Malicious code in bioql PyPI...

EUVD-2024-47955

Malicious code in bioql PyPI...

EUVD-2024-50693

Malicious code in bioql PyPI...

CVE-2025-2246 Missing Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have allowed unauthenticated users to access sensitive manual CI/CD variables by querying the GraphQL API...

CVE-2025-2246 Missing Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have allowed unauthenticated users to access sensitive manual CI/CD variables by querying the GraphQL API...

CVE-2025-49136

listmonk is a standalone, self-hosted, newsletter and mailing list manager. Starting in version 4.0.0 and prior to version 5.0.2, the env and expandenv template functions which is enabled by default in Sprig enables capturing of env variables on host. While this may not be a problem on single-use...

CVE-2024-6972

In affected versions of Octopus Server under certain circumstances it is possible for sensitive variables to be printed in the task log in clear-text...

CVE-2024-12226

In affected versions of the Octopus Kubernetes worker or agent, sensitive variables could be written to the Kubernetes script pod log in clear-text. This was identified in Version 2 however it was determined that this could also be achieved in Version 1 and the fix was applied to both versions...

CVE-2022-1901

In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview...

CVE-2022-3460

In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview...

CVE-2019-10407

Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin...

CVE-2024-8238

In version 3.22.0 of aimhubio/aim, the AimQL query language uses an outdated version of the safergetattr function from RestrictedPython. This version does not protect against the str.formatmap method, allowing an attacker to leak server-side secrets or potentially gain unrestricted code execution...

CVE-2024-8238 Unrestricted Code Execution in aimhubio/aim

In version 3.22.0 of aimhubio/aim, the AimQL query language uses an outdated version of the safergetattr function from RestrictedPython. This version does not protect against the str.formatmap method, allowing an attacker to leak server-side secrets or potentially gain unrestricted code execution...

CVE-2024-12226

In affected versions of the Octopus Kubernetes worker or agent, sensitive variables could be written to the Kubernetes script pod log in clear-text. This was identified in Version 2 however it was determined that this could also be achieved in Version 1 and the fix was applied to both versions...

CVE-2024-12226

CVE-2024-12226 affects Octopus Kubernetes: the Kubernetes worker/agent (versions 1–2) could log sensitive variables in clear-text to the Kubernetes script pod log. Root cause details beyond what’s stated are not provided. The issue has been fixed for both versions 1 and 2; apply the documented fi...

CVE-2024-12226

In affected versions of the Octopus Kubernetes worker or agent, sensitive variables could be written to the Kubernetes script pod log in clear-text. This was identified in Version 2 however it was determined that this could also be achieved in Version 1 and the fix was applied to both versions...