VYPR

apk package

chainguard/gitlab-runner-helper-18.1

pkg:apk/chainguard/gitlab-runner-helper-18.1

Vulnerabilities (13)

  • CVE-2025-47906Sep 18, 2025
    affected < 18.1.3-r2fixed 18.1.3-r2

    If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned.

  • CVE-2025-2246Aug 27, 2025
    affected < 18.1.3-r1fixed 18.1.3-r1

    An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have allowed unauthenticated users to access sensitive manual CI/CD variables by querying the GraphQL API.

  • CVE-2025-3601Aug 27, 2025
    affected < 18.1.3-r1fixed 18.1.3-r1

    An issue has been discovered in GitLab CE/EE affecting all versions from 8.15 before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have could have allowed an authenticated user to cause a Denial of Service (DoS) condition by submitting URLs that generate excessive

  • CVE-2025-4225Aug 27, 2025
    affected < 18.1.3-r1fixed 18.1.3-r1

    An issue has been discovered in GitLab CE/EE affecting all versions from 14.1 before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that that under certain conditions could have allowed an unauthenticated attacker to cause a denial-of-service condition affecting all users by

  • CVE-2025-5101Aug 27, 2025
    affected < 18.1.3-r1fixed 18.1.3-r1

    An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that under certain conditions could have allowed an authenticated attacker to distribute malicious code that appears harmless in the web interface by taki

  • CVE-2024-12303Aug 13, 2025
    affected < 18.1.3-r1fixed 18.1.3-r1

    An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users with specific roles and permissions to delete issues including confidential

  • CVE-2025-1477Aug 13, 2025
    affected < 18.1.3-r1fixed 18.1.3-r1

    An issue has been discovered in GitLab CE/EE affecting all versions from 8.14 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an unauthenticated user to create a denial of service condition by sending specially crafted payloads to specific integr

  • CVE-2025-2614Aug 13, 2025
    affected < 18.1.3-r1fixed 18.1.3-r1

    An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an authenticated user to cause a denial of service condition by creating specially crafted content that consumes excessi

  • CVE-2025-2937Aug 13, 2025
    affected < 18.1.3-r1fixed 18.1.3-r1

    An issue has been discovered in GitLab CE/EE affecting all versions from 13.2 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to create a denial of service condition by sending specially crafted markdown payloads to the Wiki f

  • CVE-2025-6186Aug 13, 2025
    affected < 18.1.3-r1fixed 18.1.3-r1

    An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to achieve account takeover by injecting malicious HTML into work item names.

  • CVE-2025-7734Aug 13, 2025
    affected < 18.1.3-r1fixed 18.1.3-r1

    An issue has been discovered in GitLab CE/EE affecting all versions from 14.2 before 18.0.6, 18.1 before 18.1.4 and 18.2 before 18.2.2 that, under certain conditions, could have allowed a successful attacker to execute actions on behalf of users by injecting malicious content.

  • CVE-2025-47907Aug 7, 2025
    affected < 0fixed 0

    Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the ex

  • CVE-2024-36623Nov 29, 2024
    affected < 0fixed 0

    moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes.