76 matches found
EUVD-2022-7245
Malicious code in bioql PyPI...
EUVD-2025-7802
Malicious code in bioql PyPI...
EUVD-2022-1023
Malicious code in bioql PyPI...
EUVD-2024-0985
Malicious code in bioql PyPI...
CVE-2021-21432
Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. An authentication mechanism added in version 0.7.0 enables some malicious user to obtain secrets utilizing the injected credentials within the /.netrc file. Refer to the referenced GitHub Security...
SUSE CVE-2025-27616
Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. Prior to versions 0.25.3 and 0.26.3, by spoofing a webhook payload with a specific set of headers and body data, an attacker could transfer ownership of a repository and its repo level secrets to ...
CVE-2025-27616
Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. Prior to versions 0.25.3 and 0.26.3, by spoofing a webhook payload with a specific set of headers and body data, an attacker could transfer ownership of a repository and its repo level secrets to ...
GO-2025-3509 Vela Server Has Insufficient Webhook Payload Data Verification in github.com/go-vela/server
Vela Server Has Insufficient Webhook Payload Data Verification in github.com/go-vela/server...
GHSA-9M63-33Q3-XQ5X Vela Server Has Insufficient Webhook Payload Data Verification
Impact Users with an enabled repository with access to repo level CI secrets in Vela are vulnerable to the exploit. Any user with access to the CI instance and the linked source control manager can perform the exploit. Method By spoofing a webhook payload with a specific set of headers and body...
Vela Server Has Insufficient Webhook Payload Data Verification
Impact Users with an enabled repository with access to repo level CI secrets in Vela are vulnerable to the exploit. Any user with access to the CI instance and the linked source control manager can perform the exploit. Method By spoofing a webhook payload with a specific set of headers and body...
CVE-2025-27616
Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. Prior to versions 0.25.3 and 0.26.3, by spoofing a webhook payload with a specific set of headers and body data, an attacker could transfer ownership of a repository and its repo level secrets to ...
CVE-2025-27616 Vela Server has Insufficient Webhook Payload Data Verification
Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. Prior to versions 0.25.3 and 0.26.3, by spoofing a webhook payload with a specific set of headers and body data, an attacker could transfer ownership of a repository and its repo level secrets to ...
CVE-2025-27616 Vela Server has Insufficient Webhook Payload Data Verification
Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. Prior to versions 0.25.3 and 0.26.3, by spoofing a webhook payload with a specific set of headers and body data, an attacker could transfer ownership of a repository and its repo level secrets to ...
CVE-2025-27616 Vela Server has Insufficient Webhook Payload Data Verification
Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. Prior to versions 0.25.3 and 0.26.3, by spoofing a webhook payload with a specific set of headers and body data, an attacker could transfer ownership of a repository and its repo level secrets to ...
CVE-2025-27616
Vela Server (CI/CD framework) is affected in versions prior to 0.25.3 and 0.26.3. By spoofing a webhook payload with a specific set of headers and body data, an attacker could transfer ownership of a repository and its repo-level CI secrets to another repository. Those secrets could be exfiltrate...
Vela Server 安全漏洞
Vela Server is a Vela open source pipeline automation CI/CD framework built on Linux container technology. A security vulnerability exists in Vela Server versions prior to 0.25.3 and prior to 0.26.3, which stems from a possible repository ownership transfer and secret disclosure via a spoofed...
CVE-2022-39395
Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. In Vela Server and Vela Worker prior to version 0.16.0 and Vela UI prior to version 0.17.0, some default configurations for Vela allow exploitation and container breakouts. Users should upgrade to...
CVE-2020-26294
Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. In Vela compiler before version 0.6.1 there is a vulnerability which allows exposure of server configuration. It impacts all users of Vela. An attacker can use Sprig's env function to retrieve...
CVE-2024-28236
Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string...
GO-2022-1100 Vela Insecure Defaults in github.com/go-vela/server
Vela Insecure Defaults in github.com/go-vela/server...