This site offers a simple way to search for advisories in the GitLab Advisory Database (GLAD). The database contains information about security issues in software dependencies that you might be using in your projects.
GitLab’s Dependency Scanning feature also utilizes this database to scan your application’s dependencies for known vulnerabilities.
This package was identified by GitLab's Vulnerability Research team as part of a coordinated Shai-Hulud copycat supply chain attack on PyPI on June 7, 2026. The package nhmpy is a typosquat of the popular NumPy scientific computing library. It contains a .pth file that auto-executes on Python startup, downloads the Bun JavaScript runtime, and runs an obfuscated credential stealer targeting GitHub, AWS, Azure, GCP, HashiCorp Vault, NPM, PyPI, RubyGems, SSH …
This package was identified by GitLab's Vulnerability Research team as part of a coordinated Shai-Hulud copycat supply chain attack on PyPI on June 7, 2026. The package rlask is a typosquat of the popular Flask web framework. It contains a .pth file that auto-executes on Python startup, downloads the Bun JavaScript runtime, and runs an obfuscated credential stealer targeting GitHub, AWS, Azure, GCP, HashiCorp Vault, NPM, PyPI, RubyGems, SSH keys, …
This package was identified by GitLab's Vulnerability Research team as part of a coordinated Shai-Hulud copycat supply chain attack on PyPI on June 7, 2026. The package rsquests is a typosquat of the popular Requests HTTP library. It contains a .pth file that auto-executes on Python startup, downloads the Bun JavaScript runtime, and runs an obfuscated credential stealer targeting GitHub, AWS, Azure, GCP, HashiCorp Vault, NPM, PyPI, RubyGems, SSH keys, …
This package was identified by GitLab's Vulnerability Research team as part of a coordinated Shai-Hulud copycat supply chain attack on PyPI on June 7, 2026. The package tlask is a typosquat of the popular Flask web framework. It contains a .pth file that auto-executes on Python startup, downloads the Bun JavaScript runtime, and runs an obfuscated credential stealer targeting GitHub, AWS, Azure, GCP, HashiCorp Vault, NPM, PyPI, RubyGems, SSH keys, …
This package was identified by GitLab's Vulnerability Research team as part of a coordinated Shai-Hulud copycat supply chain attack on PyPI on June 7, 2026. The package mflux-streamlit was weaponized by someone with maintainer access to include malicious code alongside previously clean releases. Versions 0.0.3 and 0.0.4 contain a .pth file that auto-executes on Python startup, downloads the Bun JavaScript runtime, and runs an obfuscated credential stealer targeting GitHub, AWS, …
In wasmtime-wasi, when a filesystem preopen is given DirPerms::all() and FilePerms::READ without FilePerms::WRITE, this wasmtime-wasi enforced access control mechanism can be bypassed by using the wasip2 descriptor.open-at or wasip1 path_open interfaces by opening a file with OpenFlags::TRUNCATE oflag only, for example: dir_descriptor.open_at( PathFlags::empty(), FILENAME, OpenFlags::TRUNCATE, DescriptorFlags::READ, ) wasip1::path_open( dir_fd, 0, FILENAME, wasip1::OFLAGS_TRUNC, wasip1::RIGHTS_FD_READ, 0, 0 ) The root cause is that the clause that considered OpenFlags::TRUNCATE did not set open_mode …
Vantage6 currently provides an initial user with username root and password root. This is not ideal for the following reasons: Attackers know that almost all vantage6 servers have a user with username root that probably has admin rights The initial password is very weak and it is possible that administrators forget to reset it.
Users can reset their MFA token via API routes that send them an email. Currently the number of emails that is sent is not limited. This gives attackers the option to flood someones mailbox with a lot of emails, and would have adverse effects on the SMTP server which may be seen as spam sender. Note resetting the MFA token requires a correct password, so the potential impact for this …
Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier allows remote attackers to read previous buffer contents via crafted compressed input. In applications where the output buffer is reused without being cleared, this may lead to disclosure of sensitive data. JNI-based implementations are not affected.
Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier allows remote attackers to read previous buffer contents via crafted compressed input. In applications where the output buffer is reused without being cleared, this may lead to disclosure of sensitive data. JNI-based implementations are not affected.
Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier allows remote attackers to read previous buffer contents via crafted compressed input. In applications where the output buffer is reused without being cleared, this may lead to disclosure of sensitive data. JNI-based implementations are not affected.
This advisory has been marked as a false positive.
This advisory has been marked as a false positive.
This advisory has been marked as a false positive.
This advisory has been marked as False Positive and has been removed.
After an API Token exposure from an exploited trivy dependency, two new releases of litellm were uploaded to PyPI containing automatically activated malware, harvesting sensitive credentials and files, and exfiltrating to a remote API. Anyone who has installed and run the project should assume any credentials available to litellm environment may have been exposed, and revoke/rotate thema ccordingly.