Lucene search
K
GitlabMost viewed

1518 matches found

GitLab Advisory Database
GitLab Advisory Database
added 2025/12/08 12:0 a.m.7 views

1Panel IP Access Control Bypass via Untrusted X-Forwarded-For Headers

The server trusts all reverse-proxy headers by default, so any remote client can spoof X-Forwarded-For to bypass IP-based protections AllowIPs, API IP whitelist, “localhost-only” checks. All IP-based access control becomes ineffective...

6.5CVSS7AI score0.00204EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/12/05 12:0 a.m.7 views

yawkat LZ4 Java has a possible information leak in Java safe decompressor

Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier allows remote attackers to read previous buffer contents via crafted compressed input. In applications where the output buffer is reused without being cleared, this may lead to...

8.2CVSS6.7AI score0.00562EPSS
Exploits0References5
GitLab Advisory Database
GitLab Advisory Database
added 2025/12/03 12:0 a.m.7 views

Aimeos GrapesJS CMS extension has possible stored XSS that's exploitable by authenticated editors

Javascript code can be injected by malicious editors for a stored XSS attack if the standard Content Security Policy is disabled...

7.6CVSS6.2AI score0.00238EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/11/25 12:0 a.m.7 views

@accordproject/concerto-linter contains malware after npm account takeover

On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentia...

7.1AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/11/25 12:0 a.m.7 views

@actbase/react-native-actionsheet contains malware after npm account takeover

On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentia...

7.1AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/08/08 12:0 a.m.7 views

ExecuTorch integer overflow vulnerability

An integer overflow vulnerability in the loading of ExecuTorch models can cause objects to be placed outside their allocated memory area, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 0830af8207240df8d7f35b984cdf8bc35d74fa73...

9.8CVSS6.5AI score0.00593EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/08/08 12:0 a.m.7 views

ExecuTorch vulnerable to Heap-based Buffer Overflow

A group of related buffer overflow vulnerabilities in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit cea9b23aa8ff78aff92829a466da97461cc7930c...

9.8CVSS6.7AI score0.00664EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/07/21 12:0 a.m.7 views

Alchemy Non-SMA and Webauthn Account Security Advisory

A potential security issue has been mitigated on old account deployment functions from the factory. Smart wallets in use on all existing supported networks are not impacted...

7.2AI score
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/07/11 12:0 a.m.8 views

ExecuTorch vulnerable to Heap-based Buffer Overflow attack

A heap-buffer-overflow vulnerability in the loading of ExecuTorch methods can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f...

8.1CVSS7.3AI score0.00351EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/07/11 12:0 a.m.7 views

ExecuTorch vulnerable to Heap-based Buffer Overflow attack

A heap-buffer-overflow vulnerability in the loading of ExecuTorch methods can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f...

8.1CVSS6.2AI score0.00351EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/12/06 12:0 a.m.7 views

shared_preferences_android vulnerability

Due to some data types not being natively representable for the available storage options, sharedpreferencesandroid serializes and deserializes special string prefixes to store these unrepresentable data types. This allows arbitrary classes to be deserialized leading to arbitrary code execution. ...

6.1AI score
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/09/26 12:0 a.m.7 views

Duplicate Advisory: NVIDIA Container Toolkit allows specially crafted container image to create empty files on the host file system

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f748-7hpg-88ch. This link is maintained to preserve external references. Original Description NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a...

7AI score0.00235EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/11/21 12:0 a.m.7 views

Leak in Aliyun KeySecret

Users of this library will be affected when using this library, the incoming secret will be disclosed unintentionally...

5.6CVSS5.9AI score0.00421EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/05/24 12:0 a.m.7 views

Duplicate Advisory: Improper Neutralization of CRLF Sequences in dio

Duplicate advisory This advisory has been withdrawn because it is a duplicate of GHSA-9324-jv53-9cc8. This link is maintained to preserve external references. Original Description The dio package prior to 5.0.0 for Dart allows CRLF injection if the attacker controls the HTTP method string, a...

6.6AI score
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/01/06 12:0 a.m.7 views

Use of Uninitialized Resource in acc_reader.

An issue was discovered in the accreader crate through 2020-12-27 for Rust. fillbuf may read from uninitialized memory locations...

9.8CVSS7.2AI score0.01191EPSS
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2021/08/25 12:0 a.m.7 views

Double free in algorithmica

An issue was discovered in the algorithmica crate through 2021-03-07 for Rust. In the affected versions of this crate, mergesort::merge wildly duplicates and drops ownership of T without guarding against double-free. Due to such implementation, simply invoking mergesort::merge on Vec can cause...

7.5CVSS7AI score0.00961EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 5 days ago6 views

melange: Incomplete package integrity verification allows data section substitution

Previously, Apko verified the control section hash .PKGINFO etc. against the signed APKINDEX, but never verified the data section hash the actual package files that get installed. An attacker who could compromise a mirror, poison a cache, or MITM a package fetch could substitute arbitrary file...

6.2AI score0.00036EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 6 days ago6 views

org.hl7.fhir.core: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint

All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The utility intended to secure this evaluation did so incorrectly, and did not fully cover all places in which evaluation was being done. An attacker can send a resource...

6.1AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 6 days ago6 views

org.hl7.fhir.core: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint

All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The utility intended to secure this evaluation did so incorrectly, and did not fully cover all places in which evaluation was being done. An attacker can send a resource...

6.1AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 6 days ago6 views

org.hl7.fhir.core: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint

All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The utility intended to secure this evaluation did so incorrectly, and did not fully cover all places in which evaluation was being done. An attacker can send a resource...

6.1AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/07/07 12:0 a.m.6 views

@aborruso/ckan-mcp-server: SSRF via base_url allows access to internal networks (Potential fix bypass of CVE-2026-33060)

A known vulnerability CVE-2026-33060 indicated tools including ckanpackagesearch and sparqlquery that accept a baseurl parameter had the risk of making HTTP requests to arbitrary endpoints without restriction. A fix was applied to filter out ip addresses. However, a method to bypass exists...

5.7CVSS6.1AI score0.00289EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/07/06 12:0 a.m.6 views

9router: Login brute-force protection bypass via spoofed X-Forwarded-For header

The 9router dashboard login rate limiter derives the client identity from the attacker-controlled X-Forwarded-For HTTP header. When 9router is directly exposed, or deployed behind a reverse proxy that does not overwrite untrusted forwarding headers, a remote attacker can rotate the X-Forwarded-Fo...

7.3CVSS6AI score0.00515EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/06/26 12:0 a.m.6 views

Aimeos Pagible CMS vulnerable to Server Side Request Forgery (SSRF) via DNS rebinding in admin proxy

The administrative proxy route cmsproxy in Aimeos Pagible CMS is vulnerable to a Server-Side Request Forgery SSRF attack via DNS Rebinding. A Time-of-Check to Time-of-Use TOCTOU race condition exists between the URL validation phase and the actual HTTP request phase, allowing attackers to access...

5.8AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/25 12:0 a.m.6 views

Vikunja Allows Disabled/Locked User Accounts to Authenticate via API Tokens, CalDAV, and OpenID Connect

When a user account is disabled or locked, the status check is only enforced on the local login and JWT token refresh paths. Three other authentication paths — API tokens, CalDAV basic auth, and OpenID Connect — do not verify user status, allowing disabled or locked users to continue accessing th...

8.1CVSS5.8AI score0.00453EPSS
Exploits1References9Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/16 12:0 a.m.6 views

Admidio has a Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter)

The MyList configuration feature in Admidio allows authenticated users to define custom list column layouts. User-supplied column names, sort directions, and filter conditions are stored in the admlistcolumns table via prepared statements safe storage, but are later read back and interpolated...

8CVSS6AI score0.00279EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/02/19 12:0 a.m.6 views

Leaf-kit html escaping does not work on characters that are part of extended grapheme cluster

htmlEscaped in leaf-kit will only escape html special characters if the extended grapheme clusters match, which allows bypassing escaping by using an extended grapheme cluster containing both the special html character and some additional characters. In the case of html attributes, this can lead ...

6.1CVSS5.8AI score0.0023EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/01/08 12:0 a.m.6 views

AWS SDK for Swift adopted defense in depth enhancement for region parameter value

CVSSv3.1 Rating: 3.7 LOW Summary This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. A defense-in-depth enhancement h...

6.7AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/11/25 12:0 a.m.6 views

@actbase/react-native-devtools contains malware after npm account takeover

On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentia...

7.1AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/08/08 12:0 a.m.6 views

ExecuTorch out-of-bounds access vulnerability

An out-of-bounds access vulnerability in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit fb03b6f85596a8f954d97929075335255b6a58d4...

9.8CVSS6.5AI score0.00593EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/02/10 12:0 a.m.6 views

Duplicate

This advisory duplicates another...

5.9AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2023/09/28 12:0 a.m.6 views

Duplicate Advisory: Consensys gnark-crypto allows Signature Malleability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-fr8m-434r-g3xp. This link is maintained to preserve external references. Original Description Consensys gnark-crypto through 0.11.2 allows Signature Malleability. This occurs because deserialisation of EdDSA and...

9.8CVSS5.4AI score0.00844EPSS
Exploits0References7Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/05/24 12:0 a.m.6 views

http before 0.13.3 vulnerable to header injection

An issue was discovered in the http package before 0.13.3 for Dart. If the attacker controls the HTTP method and the app is using Request directly, it's possible to achieve CRLF injection in an HTTP request via HTTP header injection. This issue has been addressed in commit abb2bb182 by validating...

6.1CVSS6.7AI score0.02155EPSS
Exploits1References8Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/05/14 12:0 a.m.6 views

Active Record component in Ruby on Rails has a data-type injection vulnerability

The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attack...

6.4CVSS5.5AI score0.01946EPSS
Exploits2References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/03/31 12:0 a.m.6 views

Insecure Temporary File in SWHKD

SWHKD is a display protocol-independent hotkey daemon made in Rust. In SWHKD versions 1.1.5 and prior, SWHKD uses the /tmp/swhkd.pid pathname. As /tmp is accessible to all users, there can be an information leak or denial of service. No known workarounds exist. A patch is available on the 1.1.0...

7.8CVSS7.1AI score0.00506EPSS
Exploits1References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/03/31 12:0 a.m.6 views

Data Loss/Denial of Service in SWHKD

SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service. A patch is available on the 1.1.0 branch of the repository...

7.1CVSS7.1AI score0.00493EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2021/08/25 12:0 a.m.6 views

Use after free in actix-utils

An issue was discovered in the actix-utils crate before 2.0.0 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data...

9.1CVSS7.2AI score0.0141EPSS
Exploits1References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2 days ago5 views

DIRAC: SQL injection and lack of access control in PilotManager service

Details A number of the functions in PilotManager pass parameters directly through to the database layer, which then does not do any escaping on the parameters. For example setPilotStatus:...

6.1AI score
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2 days ago5 views

DIRAC is vulnerable to RCE in RequestManager due to eval on untrusted input

An remote code execution vulnerability exists in RequestManager due to the use of eval on untrusted input that allows any authenticated user to run code/commands on the DIRAC server as the system user running the DIRAC services...

6.5AI score
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2 days ago5 views

DIRAC: Pilot code downloaded over unverified HTTPS connection

The second stage pilot pilot.tar is downloaded by the initial wrapper script without any verification of the webservers' SSL certificate and the contained script is subsequently executed. The checksum is tested, but the reference checksum file is downloaded over the same unvalidated channel...

6.1AI score
Exploits0References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 5 days ago5 views

melange: Incomplete package integrity verification allows data section substitution

Previously, Apko verified the control section hash .PKGINFO etc. against the signed APKINDEX, but never verified the data section hash the actual package files that get installed. An attacker who could compromise a mirror, poison a cache, or MITM a package fetch could substitute arbitrary file...

6.2AI score0.00036EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/07/08 12:0 a.m.5 views

Joro: Unauthenticated Cross-Origin Plugin Upload Leads to RCE

Joro's default proxy mode in versions = 1.1.0 exposes a local API on 127.0.0.1:9090 that performs no authentication and applies a wildcard CORS policy. Because plugin uploads use the CORS-safelisted multipart/form-data content type, cross-origin JavaScript on any page the operator visits can reac...

6.6AI score
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/06/01 12:0 a.m.5 views

Logback vulnerable to Object Injection through HardenedObjectInputStream modules

Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core HardenedObjectInputStream logback-core modules allows Object Injection, albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer...

6.3CVSS6.6AI score0.00342EPSS
Exploits0References4
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/30 12:0 a.m.5 views

nginx-ui Vulnerable to DoS via Negative Integer Input in Logrotate Interval

An input validation vulnerability in the logrotate configuration allows an authenticated user to cause a complete Denial of Service DoS. By submitting a negative integer for the rotation interval, the backend enters an infinite loop or an invalid state, rendering the web interface unresponsive...

6.9CVSS5.9AI score0.00948EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/08/08 12:0 a.m.5 views

ExecuTorch integer overflow vulnerability

An integer overflow vulnerability in the loading of ExecuTorch models can cause overlapping allocations, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit d158236b1dc84539c1b16843bc74054c9dcba006...

9.8CVSS6.5AI score0.00593EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/08/08 12:0 a.m.5 views

ExecuTorch heap buffer overflow vulnerability

A heap buffer overflow vulnerability in the loading of ExecuTorch models can potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit ede82493dae6d2d43f8c424e7be4721abe5242be...

9.8CVSS6.7AI score0.00664EPSS
Exploits0References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/02/04 12:0 a.m.5 views

wasmvm: Malicious smart contract can crash the chain

CWA-2025-001 Severity Medium Moderate + Likely^1 Affected versions: - wasmvm = 2.2.0, = 2.1.0, = 2.0.0, 2.0.6 - wasmvm 1.5.8 Patched versions: - wasmvm 1.5.8, 2.0.6, 2.1.5, 2.2.2 Description of the bug The vulnerability can be used to crash the chain. The underlying bug that causes this is presen...

6.9AI score
Exploits0References9Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/09/04 12:0 a.m.5 views

Missing connection timeout in Aardvark-dns

A flaw was found in Aardvark-dns versions 1.12.0 and 1.12.1. They contain a denial of service vulnerability due to serial processing of TCP DNS queries. This flaw allows a malicious client to keep a TCP connection open indefinitely, causing other DNS queries to time out and resulting in a denial ...

7.5CVSS6.9AI score0.00759EPSS
Exploits1References9Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2023/08/31 12:0 a.m.5 views

Filename spoofing in archive

An issue in Archive v3.3.7 allows attackers to spoof zip filenames which can lead to inconsistent filename parsing...

7.8CVSS7.1AI score0.00321EPSS
Exploits1References8Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2023/08/31 12:0 a.m.5 views

Path traversal in Archive

An issue in Archive v3.3.7 allows attackers to execute a path traversal via extracting a crafted zip file...

7.8CVSS7.2AI score0.00341EPSS
Exploits1References8Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/06/16 12:0 a.m.5 views

`Read` on uninitialized buffer in `fill_buf()` and `read_up_to()`

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...

6AI score
Exploits0References4Affected Software1
Total number of security vulnerabilities1518