Developer Tools

In Portainer Community Edition versions prior to STS 2.31.0 and LTS 2.27.7 a medium severity vulnerability CVE-2025-49593 was detected. This vulnerability allows HTTP headers – including registry authentication credentials or Portainer session tokens – to be leaked if a Portainer administrator registers a malicious container registry or if an existing registry is compromised. To address this issue, users should upgrade Portainer CE or BE version 2.31.0 or later for STS, or version 2.27.7 or later for LTS. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-49593.

In GitLab EE versions prior to 17.10.8, 17.11 before 17.11.4 and 18.0 before 18.0.2 a medium severity vulnerability CVE-2024-9512 was detected. This vulnerability allows attackers to clone a private repository due to a race condition when a secondary node is out of sync. To address this issue, users should upgrade GitLab EE to versions 17.10.8, 17.11.4 or 18.0.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-9512.

In GitLab CE/EE versions from 8.7 before 17.10.8, 17.11 before 17.11.4 and 18.0 before 18.0.2 a medium severity vulnerability CVE-2025-1516 was detected. This vulnerability allows attackers to trigger a denial of service due to improper input validation in token names. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.8, 17.11.4 or 18.0.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1516.

In GitLab CE/EE versions from 8.13 before 17.10.7, 17.11 before 17.11.3 and 18.0 before 18.0.1 a medium severity vulnerability CVE-2025-1478 was detected. This vulnerability allows attackers to trigger a denial of service due to lack of input validation in board names. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.7, 17.11.3 or 18.0.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1478.

In GitLab CE/EE versions from 17.7 before 17.10.8, 17.11 before 17.11.4 and 18.0 before 18.0.2 a high severity vulnerability CVE-2025-0673 was detected. This vulnerability allows attackers to trigger an infinite redirect loop, potentially leading to a denial of service condition. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.8, 17.11.4 or 18.0.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0673.

In GitLab CE/EE versions from 2.1.0 up to and including 17.10.7, 17.11.0 to 17.11.3 and 18.0.0 to 18.0.1 a medium severity vulnerability CVE-2025-5996 was detected. This vulnerability allows authenticated attackers to cause a denial of service due to insufficient input validation in HTTP responses. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.8, 17.11.4 or 18.0.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5996.

In GitLab EE versions from 12.0 up to and including 17.10.7, 17.11.0 to 17.11.3 and 18.0.0 to 18.0.1 a low severity vulnerability CVE-2025-5982 was detected. This vulnerability allows attackers to bypass IP access restrictions and view sensitive information under certain conditions. To address this issue, users should upgrade GitLab EE to versions 17.10.8, 17.11.4 or 18.0.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5982.

In GitLab CE/EE versions from 17.9 up to and including 17.10.6, 17.11.0 to 17.11.2 and 18.0.0 a medium severity vulnerability CVE-2025-5195 was detected. This vulnerability allows authenticated users to access arbitrary compliance frameworks, leading to unauthorized data disclosure. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.7, 17.11.3 or 18.0.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5195.

In GitLab CE/EE versions starting from 18.0 before 18.0.2 a high severity vulnerability CVE-2025-4278 was detected. This vulnerability allows attackers to perform HTML injection in the new search page, which under certain conditions could lead to account takeover. To address this issue, users should upgrade GitLab CE/EE to version 18.0.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4278.