Nixpkgs security tracker
3.5 LOW
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): LOW
- Availability impact (A): NONE
Activity log
- Created suggestion
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to inject malicious content into project labels titles.
References
Affected products
- <18.8.4
- <18.7.4
- <18.6.6
Matching in nixpkgs
pkgs.gitlab
GitLab Community Edition
pkgs.gitlab-ee
GitLab Enterprise Edition
pkgs.gitlab-duo
CLI for GitLab AI assistant
pkgs.gitlab-kas
Kubernetes Agent (Gitlab side)
pkgs.gitlab-ci-ls
GitLab CI Language Server (gitlab-ci-ls)
pkgs.gitlab-pages
Daemon used to serve static websites for GitLab users
pkgs.gitlab-shell
SSH access and repository management app for GitLab
pkgs.danger-gitlab
Gem that exists to ensure all dependencies are set up for Danger with GitLab
pkgs.gitlab-clippy
Convert clippy warnings into GitLab Code Quality report
pkgs.gitlab-runner
GitLab Runner the continuous integration executor of GitLab
pkgs.gitlab-triage
GitLab's issues and merge requests triage, automated
pkgs.gitlab-ci-local
Run gitlab pipelines locally as shell executor or docker executor
pkgs.gitlab-timelogs
CLI utility to support you with your time logs in GitLab
pkgs.gitlab-ci-linter
.gitlab-ci.yml lint helper tool
pkgs.gitlab-workhorse
None
pkgs.gitlab-release-cli
Toolset to create, retrieve and update releases on GitLab
pkgs.ocamlPackages.gitlab
Native OCaml bindings to Gitlab REST API v4
pkgs.vimPlugins.gitlab-vim
Integrate GitLab Duo with Neovim
pkgs.gitlab-container-registry
GitLab Docker toolset to pack, ship, store, and deliver content
pkgs.ocamlPackages.gitlab-jsoo
Gitlab APIv4 JavaScript library
pkgs.ocamlPackages.gitlab-unix
Gitlab APIv4 Unix library
pkgs.rubyPackages.gitlab-markup
None
-
nixos-25.11 2.0.0
pkgs.terraform-providers.gitlab
None
-
nixos-unstable 18.2.0
pkgs.ocamlPackages_latest.gitlab
Native OCaml bindings to Gitlab REST API v4
pkgs.gitlab-elasticsearch-indexer
Indexes Git repositories into Elasticsearch for GitLab
pkgs.haskellPackages.gitlab-haskell
A Haskell library for the GitLab web API
pkgs.rubyPackages_3_1.gitlab-markup
None
-
nixos-unstable 2.0.0
pkgs.rubyPackages_3_2.gitlab-markup
None
-
nixos-unstable 2.0.0
pkgs.rubyPackages_3_3.gitlab-markup
None
pkgs.rubyPackages_3_4.gitlab-markup
None
pkgs.rubyPackages_3_5.gitlab-markup
None
-
nixos-25.11 -
- nixpkgs-25.11-darwin 2.0.0
pkgs.rubyPackages_4_0.gitlab-markup
None
-
nixos-25.11 2.0.0
pkgs.python312Packages.mkdocs-gitlab
MkDocs plugin to transform strings such as #1234, %56, or !789 into links to a Gitlab repository
-
nixos-unstable 0.1.4
pkgs.python312Packages.python-gitlab
Interact with GitLab API
-
nixos-unstable 6.1.0
pkgs.python313Packages.mkdocs-gitlab
MkDocs plugin to transform strings such as #1234, %56, or !789 into links to a Gitlab repository
pkgs.python313Packages.python-gitlab
Interact with GitLab API
pkgs.python314Packages.mkdocs-gitlab
MkDocs plugin to transform strings into links to a Gitlab repository
pkgs.python314Packages.python-gitlab
Interact with GitLab API
pkgs.ocamlPackages_latest.gitlab-jsoo
Gitlab APIv4 JavaScript library
pkgs.ocamlPackages_latest.gitlab-unix
Gitlab APIv4 Unix library
pkgs.terraform-providers.gitlabhq_gitlab
None
pkgs.prometheus-gitlab-ci-pipelines-exporter
Prometheus / OpenMetrics exporter for GitLab CI pipelines insights
pkgs.vscode-extensions.gitlab.gitlab-workflow
GitLab extension for Visual Studio Code
pkgs.perlPackages.AlienBuildPluginDownloadGitLab
Alien::Build plugin to download from GitLab
pkgs.perl5Packages.AlienBuildPluginDownloadGitLab
Alien::Build plugin to download from GitLab
-
nixos-unstable -
- nixpkgs-unstable 0.01
pkgs.perl538Packages.AlienBuildPluginDownloadGitLab
Alien::Build plugin to download from GitLab
-
nixos-unstable 0.01
pkgs.perl540Packages.AlienBuildPluginDownloadGitLab
Alien::Build plugin to download from GitLab
Package maintainers
-
@balsoft Alexander Bantyev <balsoft75@gmail.com>
-
@yayayayaka Yaya <github@uwu.is>
-
@talyz Kim Lindberger <kim.lindberger@gmail.com>
-
@leona-ya Leona Maroni <nix@leona.is>
-
@globin Robin Gloster <mail@glob.in>
-
@krav Kristoffer Thømt Ravneberg <kristoffer@microdisko.no>
-
@pineapplehunter Shogo Takata <peshogo+nixpkgs@gmail.com>
-
@Ma27 Maximilian Bosch <maximilian@mbosch.me>
-
@wucke13 Wucke <wucke13@gmail.com>
-
@xanderio Alexander Sieg <alex@xanderio.de>
-
@snue Stefan Nuernberger <kabelfrickler@gmail.com>
-
@blitz Julian Stecklina <js@alien8.de>
-
@kilimnik Daniel Kilimnik <mail@kilimnik.de>
-
@zimbatm zimbatm <zimbatm@zimbatm.com>
-
@phip1611 Philipp Schuster <phip1611@gmail.com>
-
@mvisonneau Maxime VISONNEAU <maxime@visonneau.fr>
-
@mmahut Marek Mahut <marek.mahut@gmail.com>
-
@snpschaaf Philippe Schaaf <philipe.schaaf@secunet.com>
-
@nyanloutre Paul Trehiou <paul@nyanlout.re>
-
@caniko Can H. Tartanoglu <gpg@rotas.mozmail.com>
-
@zazedd Leonardo Santos <leomendesantos@gmail.com>
-
@yajo Jairo Llopis <yajo.sk8@gmail.com>