| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-33990 | Docker Model Runner OCI Registry Client Vulnerable to Server-Side Request Forgery (SSRF) | docker | model-runner | - | - | 2026-04-01 16:17:41 | Deep Dive |
| CVE-2026-32947 | Egress Policy Bypass via DNS over HTTPS (DoH) in Harden-Runner (Community Tier) | step-security | harden-runner | 中危 | - | 2026-03-20 04:03:04 | Deep Dive |
| CVE-2026-32946 | Egress Policy Bypass via DNS over TCP in Harden-Runner (Community Tier) | step-security | harden-runner | 中危 | - | 2026-03-20 03:58:41 | Deep Dive |
| CVE-2026-28400 | Docker Model Runner Unauthenticated Runtime Flag Injection via _configure Endpoint | docker | model-runner | High | 7.5 | 2026-02-27 21:06:12 | Deep Dive |
| CVE-2026-25598 | Bypassing Logging of Outbound Connections Using sendto, sendmsg, and sendmmsg in Harden-Runner (Community Tier) | step-security | harden-runner | - | - | 2026-02-09 18:58:57 | Deep Dive |
| CVE-2025-67625 | WordPress Trade Runner plugin <= 3.14 - Cross Site Request Forgery (CSRF) vulnerability | tmtraderunner | Trade Runner | Medium | 4.3 | 2025-12-24 13:10:23 | Deep Dive |
| CVE-2025-64142 | Jenkins plugin Nexus Task Runner 安全漏洞 | Jenkins Project | Jenkins Nexus Task Runner Plugin | - | - | 2025-10-29 13:29:47 | Deep Dive |
| CVE-2025-64141 | Jenkins Nexus Task Runner Plugin 安全漏洞 | Jenkins Project | Jenkins Nexus Task Runner Plugin | - | - | 2025-10-29 13:29:46 | Deep Dive |
| CVE-2025-64135 | Jenkins plugin Eggplant Runner 安全漏洞 | Jenkins Project | Jenkins Eggplant Runner Plugin | - | - | 2025-10-29 13:29:42 | Deep Dive |
| CVE-2025-27446 | Apache APISIX Java Plugin Runner: Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges | Apache Software Foundation | Apache APISIX Java Plugin Runner | 中危 | - | 2025-07-06 06:05:15 | Deep Dive |
| CVE-2025-32955 | Harden-Runner Evasion of 'disable-sudo' policy | step-security | harden-runner | Medium | 6.0 | 2025-04-21 20:45:58 | Deep Dive |
| CVE-2024-52587 | Harden-Runner has command injection weaknesses in `setup.ts` and `arc-runner.ts` | step-security | harden-runner | 低危 | - | 2024-11-18 22:03:16 | Deep Dive |
| CVE-2022-2251 | GitLab 操作系统命令注入漏洞 | GitLab | GitLab Runner | Medium | 4.8 | 2023-01-17 00:00:00 | Deep Dive |
| CVE-2022-39321 | GitHub Actions Runner vulnerable to Docker Command Escaping | actions | runner | High | 8.8 | 2022-10-25 00:00:00 | Deep Dive |
| CVE-2021-4041 | Ansible-Runner 操作系统命令注入漏洞 | - | ansible-runner | 高危 | - | 2022-08-24 15:11:13 | Deep Dive |
| CVE-2021-3702 | Ansible Runner 竞争条件问题漏洞 | - | ansible-runner | 中危 | - | 2022-08-23 15:51:01 | Deep Dive |
| CVE-2021-3701 | Ansible Runner 安全漏洞 | - | ansible-runner | 中危 | - | 2022-08-23 15:50:47 | Deep Dive |
| CVE-2021-39947 | GitLab 信息泄露漏洞 | GitLab | GitLab Runner | Medium | 5.3 | 2022-06-06 16:48:14 | Deep Dive |
| CVE-2022-0437 | Cross-site Scripting (XSS) - DOM in karma-runner/karma | karma-runner | karma-runner/karma | 中危 | - | 2022-02-05 01:50:10 | Deep Dive |
| CVE-2021-39939 | GitLab 资源管理错误漏洞 | GitLab | GitLab Runner | Medium | 6.5 | 2021-12-13 15:48:02 | Deep Dive |