Book a demo

Developer Tools

Selected category
14 Aug 2025 DevOps
HELM: Out of Memory termination issue

In Helm, all versions before 3.18.5 a high severity vulnerability CVE-2025-55199 was detected. This vulnerability allows attackers to craft a JSON Schema file in a way that can cause Helm to consume all available memory, leading to an Out of Memory termination. To fix this issue, users should upgrade Helm to version 3.18.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-55199.

 Read more Developer Tools
14 Aug 2025 DevOps
HELM: Improper YAML Validation

In Helm, all versions before 3.18.5 a medium severity vulnerability CVE-2025-55198 was detected. This vulnerability may cause Helm to panic due to incorrect YAML content in Chart.yaml and index.yaml files. To fix this issue, users should upgrade Helm to version 3.18.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-55198.

 Read more Developer Tools
29 Jul 2025 DevOps
WordPress: Stored XSS via Multiple Widgets in Sky Addons for Elementor Plugin

In the Sky Addons for Elementor plugin for WordPress versions up to and including 3.1.4 a medium severity vulnerability CVE-2025-8216 was detected. This vulnerability allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts via multiple widgets due to insufficient input sanitization and output escaping on user-supplied attributes. To address this issue, users should update the Sky Addons for Elementor plugin to versions 3.2.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-8216.

 Read more Developer Tools
25 Jul 2025 DevOps
GitLab CE/EE: Unauthorized Access to Deployment Job Logs via Crafted Request

In GitLab CE/EE versions starting from 15.4 before 18.0.5, 18.1 before 18.1.3 and 18.2 before 18.2.1 a medium severity vulnerability CVE-2025-1299 was detected. This vulnerability could allow unauthorized users to read deployment job logs by sending a crafted request. To address this issue, users should upgrade GitLab CE/EE to versions 18.0.5, 18.1.3 or 18.2.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1299.

 Read more Developer Tools
25 Jul 2025 DevOps
GitLab CE/EE: Unauthorized Access to Custom Service Desk Email Addresses

In GitLab CE/EE versions from 17.9 before 18.0.5, 18.1 before 18.1.3 and 18.2 before 18.2.1 a medium severity vulnerability CVE-2025-0765 was detected. This vulnerability could allow unauthorized users to access custom service desk email addresses. To address this issue, users should upgrade GitLab CE/EE to versions 18.0.5, 18.1.3 or 18.2.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0765.

 Read more Developer Tools
25 Jul 2025 DevOps
Harbor: Cross-Site Scripting via Markdown Field in Info Tab Page

In Harbor versions 2.11.2 and below and 2.12.0-rc1 and 2.13.0-rc1 a medium severity vulnerability CVE-2025-32019 was detected. This vulnerability allows attackers to inject cross-site scripting (XSS) code via the markdown field in the info tab page. To address this issue, users should update Harbor to versions 2.12.4 or 2.13.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-32019.

 Read more Developer Tools
24 Jul 2025 DevOps
GitLab: Unauthorized Access to Resource Group Data via API by Privileged Users

In GitLab CE/EE versions from 15.0 before 18.0.5, 18.1 before 18.1.3 and 18.2 before 18.2.1 a medium severity vulnerability CVE-2025-7001 was discovered. This vulnerability could allow privileged users to access certain resource_group information via the API that should have been restricted. To address this issue, users should upgrade GitLab CE/EE to versions 18.0.5, 18.1.3 and 18.2.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-7001.

 Read more Developer Tools
24 Jul 2025 DevOps
GitLab: Exposure of Internal Notes via GitLab Duo Responses Under Certain Conditions

In GitLab EE versions from 17.0 before 18.0.5, 18.1 before 18.1.3 and 18.2 before 18.2.1 a medium severity vulnerability CVE-2025-4976 was discovered. This vulnerability, under certain circumstances, could allow an attacker to access internal notes included in GitLab Duo responses. To address this issue, users should upgrade GitLab EE to versions 18.0.5, 18.1.3 and 18.2.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4976.

 Read more Developer Tools
24 Jul 2025 DevOps
GitLab: Stored XSS via Unintended Content Rendering Under Specific Conditions

In GitLab CE/EE versions from 15.10 before 18.0.5, 18.1 before 18.1.3 and 18.2 before 18.2.1 a high severity vulnerability CVE-2025-4700 was discovered. This vulnerability, under specific circumstances, could have potentially allowed a successful attacker to trigger unintended content rendering, leading to Cross-Site Scripting (XSS). To address this issue, users should upgrade GitLab CE/EE to versions 18.0.5, 18.1.3 and 18.2.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4700.

 Read more Developer Tools