Known Vulnerabilities for Runner by Gitlab
Listed below are 3 of the newest known vulnerabilities associated with "Runner" by "Gitlab".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-61437 json | PraisonAI (pip package praisonaiagents) before 1.6.78 contains an unsafe dynamic module loading vulnerability in AgentFlow._r... | Not Provided | 2026-07-10 | 2026-07-14 |
| CVE-2026-58053 json | Gitea act_runner with the Docker backend (through act 0.262.0) passes a workflow's container.options string to the Docker job... | Not Provided | 2026-06-28 | 2026-06-30 |
| CVE-2026-56777 json | n8n before 2.25.7 and 2.26.x before 2.26.2 contains an abstract syntax tree (AST) security validator bypass in the Python Cod... | Not Provided | 2026-06-30 | 2026-07-01 |
| CVE-2026-56776 json | n8n before 1.123.55, 2.25.7, and 2.26.2 contains an authorization bypass in the POST /workflows/{workflowId}/test-runs/new en... | Not Provided | 2026-07-08 | 2026-07-09 |
| CVE-2026-54695 json | Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. Prior to 1.4.0,... | Not Provided | 2026-07-09 | 2026-07-10 |
| CVE-2026-54344 json | ToolJet is an open-source low-code platform for building internal tools. Prior to 3.20.180, ToolJet's render preview deployme... | Not Provided | 2026-07-08 | 2026-07-08 |
| CVE-2026-54319 json | Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.186, a... | Not Provided | 2026-06-23 | 2026-06-24 |
| CVE-2026-53809 json | OpenClaw before 2026.4.25 contains a policy bypass vulnerability in embedded runner policy that allows requests using provide... | Not Provided | 2026-06-11 | 2026-06-11 |
| CVE-2026-49444 json | n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permiss... | Not Provided | 2026-06-23 | 2026-06-23 |
| CVE-2026-49144 json | BrowserStack Runner through 0.9.5 contains a path traversal vulnerability in the _default HTTP handler in lib/server.js that ... | Not Provided | 2026-06-02 | 2026-07-14 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Gitlab | Runner | 9.5.1 | |||
| Application | Gitlab | Runner | 9.5.0 | |||
| Application | Gitlab | Runner | 9.5.0 | |||
| Application | Gitlab | Runner | 9.4.3 | |||
| Application | Gitlab | Runner | 9.4.2 | |||
| Application | Gitlab | Runner | 9.4.1 | |||
| Application | Gitlab | Runner | 9.4.0 | |||
| Application | Gitlab | Runner | 9.4.0 | |||
| Application | Gitlab | Runner | 9.4.0 | |||
| Application | Gitlab | Runner | 9.4.0 | |||
| Application | Gitlab | Runner | 9.3.0 | |||
| Application | Gitlab | Runner | 9.3.0 | |||
| Application | Gitlab | Runner | 9.3.0 | |||
| Application | Gitlab | Runner | 9.2.2 | |||
| Application | Gitlab | Runner | 9.2.1 | |||
| Application | Gitlab | Runner | 9.2.0 | |||
| Application | Gitlab | Runner | 9.2.0 | |||
| Application | Gitlab | Runner | 9.2.0 | |||
| Application | Gitlab | Runner | 9.1.3 | |||
| Application | Gitlab | Runner | 9.1.2 |