VYPR
Vendor

Gitpod Io

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2025-55750MedAug 29, 2025
    risk 0.35cvss 6.5epss 0.00

    Gitpod is a developer platform for cloud development environments. In versions before main-gha.33628 for both Gitpod Classic and Gitpod Classic Enterprise, OAuth integration with Bitbucket in certain conditions allowed a crafted link to expose a valid Bitbucket access token via…

  • CVE-2024-21583MedJul 19, 2024
    risk 0.20cvss 4.1epss 0.01

    Versions of the package github.com/gitpod-io/gitpod/components/server/go/pkg/lib before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/components/ws-proxy/pkg/proxy before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/install/installer/p…

  • CVE-2023-0957Mar 3, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to the Gitpod JSONRPC server using a victim’s credentials, because the Origin header is…

  • CVE-2021-35206Jun 22, 2021
    risk 0.00cvss epss 0.01

    Gitpod before 0.6.0 allows unvalidated redirects.