OSV - Open Source Vulnerabilities

BIT-envoy-gateway-2026-22771

Bitnami/envoy-gateway

Envoy Extension Policy lua scripts injection causes arbitrary command execution

3 hours ago

Fix available
Severity - 8.8 (High)

BIT-appsmith-2026-22794

Bitnami/appsmith

Account Takeover Vulnerability in Appsmith

4 hours ago

Fix available
Severity - 9.6 (Critical)

BIT-mastodon-2026-22246

Bitnami/mastodon

Local Mastodon users can enumerate and access severed relationships of every other local user

yesterday

Fix available
Severity - 6.5 (Medium)

BIT-mastodon-2026-22245

Bitnami/mastodon

Mastodon has SSRF Protection bypass

yesterday

Fix available
Severity - 7.1 (High)

BIT-gitlab-2025-9222

Bitnami/gitlab

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

yesterday

Fix available
Severity - 8.7 (High)

BIT-gitlab-2025-3950

Bitnami/gitlab

Exposure of Private Personal Information to an Unauthorized Actor in GitLab

yesterday

Fix available
Severity - 3.5 (Low)

BIT-gitlab-2025-13781

Bitnami/gitlab

Missing Authorization in GitLab

yesterday

Fix available
Severity - 6.5 (Medium)

BIT-gitlab-2025-13772

Bitnami/gitlab

Missing Authorization in GitLab

yesterday

Fix available
Severity - 7.1 (High)

BIT-gitlab-2025-13761

Bitnami/gitlab

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

yesterday

Fix available
Severity - 8.0 (High)

BIT-gitlab-2025-11246

Bitnami/gitlab

Insufficient Granularity of Access Control in GitLab

yesterday

Fix available
Severity - 5.4 (Medium)

BIT-gitlab-2025-10569

Bitnami/gitlab

Allocation of Resources Without Limits or Throttling in GitLab

yesterday

Fix available
Severity - 6.5 (Medium)

BIT-virtualenv-2026-22702

Bitnami/virtualenv

virtualenv Has TOCTOU Vulnerabilities in Directory Creation

yesterday

Fix available
Severity - 4.5 (Medium)

BIT-ghost-2026-22597

Bitnami/ghost

Ghost has SSRF via External Media Inliner

yesterday

Fix available
Severity - 5.1 (Medium)

BIT-ghost-2026-22596

Bitnami/ghost

Ghost has SQL Injection in Members Activity Feed

yesterday

Fix available
Severity - 6.7 (Medium)

BIT-ghost-2026-22595

Bitnami/ghost

Ghost has Staff Token permission bypass

yesterday

Fix available
Severity - 8.1 (High)

BIT-ghost-2026-22594

Bitnami/ghost

Ghost has Staff 2FA bypass

yesterday

Fix available
Severity - 8.1 (High)