I pointed my CVE pipeline at 1,500 GitLab servers. It found 31 vulns

Name: I pointed my CVE pipeline at 1,500 GitLab servers. It found 31 vulns
Availability: InStock
Author: valeriobaudo

by valeriobaudo·Mar 24, 2026·1 point·0 comments

Visit Project View on HN

AI Analysis

●●●BangerWizardryBig BrainDark Horse

AI writes and validates its own CVE exploits nightly, finding 31 verified vulnerabilities.

Strengths

•Docker validation loop ensures AI-generated checks work before scanning production targets.
•Fingerprinting prevents noisy, irrelevant payload delivery to mismatched tech stacks.
•Nightly autonomous cadence drastically reduces time-to-detection for new CVE disclosures.

Weaknesses

•Scanning public IPs without explicit permission raises significant legal and ethical red flags.
•Future-dated CVEs in the blog post text raise questions about data validity.

Similar Projects

Developer Tools●●Solid

Fishline – A lightweight pipeline queue for Go

Simple webhook-to-command bridge, but Woodpecker and Drone already do this with more flexibility.

Ship ItNiche Gem

hyvr_official

203mo ago

Developer Tools●●Solid

Opal – run GitLab pipelines locally using Apple container

Apple Container CLI integration makes local GitLab CI actually fast on MacOS.

Big BrainNiche Gem

pi-victor

202mo ago

Security●●Solid

MCPShield – Supply chain security scanner for MCP servers

Think “Snyk for MCP configs”: Levenshtein-based typosquat detection, CVE lookups, hardcoded-credential scans and permission checks, plus CI-friendly exit codes. Auto-discovery for clients like Claude, Cursor and VS Code shows practical attention to workflows. It’s an early release — the value hinges on maintaining the package/CVE databases and tuning detection heuristics.

Niche GemShip It

ethanmizrahi

133mo ago

Security●●Solid