This site offers a simple way to search for advisories in the GitLab Advisory Database. The database contains information about security issues in software dependencies that you might be using in your projects.
GitLab’s Dependency Scanning feature also utilizes this database to scan your application’s dependencies for known vulnerabilities.
Vault’s Terraform Provider incorrectly set the default deny_null_bind parameter for the LDAP auth method to false by default, potentially resulting in an insecure configuration. If the underlying LDAP server allowed anonymous or unauthenticated binds, this could result in authentication bypass. This vulnerability, CVE-2025-13357, is fixed in Vault Terraform Provider v5.5.0.
Affected versions of this crate contain resource leaks when querying thread counts on Windows and Apple platforms.
Affected versions of this crate contain resource leaks when querying thread counts on Windows and Apple platforms.
If a schema includes the following characteristics: Permission defined in terms of a union (+) That union references the same relation on both sides, but one side arrows to a different permission Then you might have missing LookupResources results when checking the permission. This only affects LookupResources; other APIs calculate permissionship correctly. A small concrete example: relation doer_of_things: user | group#member permission do_the_thing = doer_of_things + doer_of_things->admin A CheckPermission on …
Segmentation fault in mlx::core::load_gguf() when loading malicious GGUF files. Untrusted pointer from external gguflib library is dereferenced without validation, causing application crash. Environment: OS: Ubuntu 20.04.6 LTS Compiler: Clang 19.1.7
Heap buffer overflow in mlx::core::load() when parsing malicious NumPy .npy files. Attacker-controlled file causes 13-byte out-of-bounds read, leading to crash or information disclosure. Environment: OS: Ubuntu 20.04.6 LTS Compiler: Clang 19.1.7
SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing automated user lifecycle management. In Grafana versions 12.x where SCIM provisioning is enabled and configured, a vulnerability in user identity handling allows a malicious or compromised SCIM client to provision a user with a numeric externalId, which in turn could allow to override internal user IDs …
When zx is invoked with –prefer-local=, the CLI creates a symlink named ./node_modules pointing to /node_modules. Due to a logic error in src/cli.ts (linkNodeModules / cleanup), the function returns the target path instead of the alias (symlink path). The later cleanup routine removes what it received, which deletes the target directory itself. Result: zx can delete an external /node_modules outside the current working directory.
This advisory is a duplicate of CVE-2025-43865 and has been removed.
This advisory is a duplicate of CVE-2025-43864 and has been removed.
This advisory has been marked as False Positive and has been removed.
There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition to the latest version of AGE that is used for PostgreSQL 11 or PostgreSQL 12. The update of AGE will …
There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition to the latest version of AGE that is used for PostgreSQL 11 or PostgreSQL 12. The update of AGE will …
There is a possibility for denial of service by memory exhaustion when net-imap reads server responses. At any time while the client is connected, a malicious server can send can send a "literal" byte count, which is automatically read by the client's receiver thread. The response reader immediately allocates memory for the number of bytes indicated by the server response. This should not be an issue when securely connecting to …
The Couchbase .NET SDK (client library) before 3.7.1 does not properly enable hostname verification for TLS certificates. In fact, the SDK was also using IP addresses instead of hostnames due to a configuration option that was incorrectly enabled by default.
A flaw was found in Podman. In a Containerfile or Podman, data written to RUN –mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory on the host, leaving the created files accessible.