This site offers a simple way to search for advisories in the GitLab Advisory Database. The database contains information about security issues in software dependencies that you might be using in your projects.
GitLab’s Dependency Scanning feature also utilizes this database to scan your application’s dependencies for known vulnerabilities.
The callback and jsonp request parameters are directly concatenated into the response without any sanitization that allowing attackers to inject arbitrary JS code. When YOURLS_PRIVATE is set to false (public API mode), this vulnerability can be exploited by any unauthenticated attacker. In private mode, the XSS payload is still injected into the 403 response body though browser execution is blocked.
In affected URI version, a bypass exists for the fix to CVE-2025-27221 that can expose user credentials. When using the + operator to combine URIs, sensitive information like passwords from the original URI can be leaked, violating RFC3986 and making applications vulnerable to credential exposure. The vulnerability affects the uri gem bundled with the following Ruby series: 0.12.4 and earlier (bundled in Ruby 3.2 series) 0.13.2 and earlier (bundled in …
Vulnerability Type: Local Privilege Escalation (LPE) / Arbitrary Code Execution. The application loads custom Python rules and configuration files from user-writable locations (e.g., ~/.config/theshit/) without validating ownership or permissions when executed with elevated privileges. If the tool is invoked with sudo or otherwise runs with an effective UID of root, it continues to trust configuration files originating from the unprivileged user's environment. This allows a local attacker to inject arbitrary …
[PHASE 1] Baseline Testing ✓ Without token: REJECTED (Unauthenticated) ✓ With wrong token: REJECTED (Unauthenticated) [PHASE 2] Exploit ✓ With hardcoded token "rustfs rpc": ACCEPTED ✅ [PHASE 3] Sensitive API Access ✓ ServerInfo: SUCCESS - Configuration disclosed ✓ DiskInfo: SUCCESS - System information accessible [RESULT] VULNERABILITY CONFIRMED
The arrayLimit option in qs does not enforce limits for bracket notation (a[]=1&a[]=2), allowing attackers to cause denial-of-service via memory exhaustion. Applications using arrayLimit for DoS protection are vulnerable.
When an administrative user creates a new database host they are prompted to provide a Host value which is expected to be a domain or IP address. When an invalid value is encountered and passed back to gethostaddr and/or directly to the MySQL connection tooling, an error is returned. This error is then passed back along to the front-end, but was not properly sanitized when rendered. Therefore it is possible …
A Zip Slip vulnerability in PsiTransfer allows an unauthenticated attacker to upload files with path traversal sequences in the filename (e.g. ../../../.ssh/authorized_keys). When a victim downloads the bucket as a .tar.gz archive and extracts it, malicious files are written outside the intended directory, potentially leading to RCE.
Picklescan uses the numpy.f2py.crackfortran.getlincoef function (a NumPy F2PY helper) to execute arbitrary Python code during unpickling.
This advisory is a duplicate of CVE-2025-43865 and has been removed.
This advisory has been marked as a false positive.
This advisory has been marked as a false positive.
This advisory is a duplicate of CVE-2025-43864 and has been removed.
This advisory has been marked as a false positive.
This advisory has been marked as False Positive and has been removed.
🚀 Overview This report demonstrates a real-world privilege escalation vulnerability in pdfminer.six due to unsafe usage of Python's pickle module for CMap file loading. It shows how a low-privileged user can gain root access (or escalate to any service account) by exploiting insecure deserialization in a typical multi-user or server environment. 🚨 Special Note This advisory addresses a distinct vulnerability from GHSA-wf5f-4jwr-ppcp (CVE-2025-64512).
pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The CMapDB._load_data() function in pdfminer.six uses pickle.loads() to deserialize pickle files. These pickle files are supposed to be part of the pdfminer.six distribution stored in the cmap/ directory, but a malicious PDF can specify an alternative directory and filename as long as the filename ends in .pickle.gz. A malicious, zipped pickle file can …