gitlab

1,383 tracked vulnerabilities.

CVE-2025-0555 HIGH
GitLab-EE <17.7.6, <17.8.4, <17.9.1 - XSS
Mar 03, 2025
CVSS 7.7
EPSS 0.00
CVE-2025-0475 HIGH
GitLab 15.10-17.7.5, 17.8-17.8.3, 17.9 - Cross-Site Scripting via Proxy Feature
Mar 03, 2025
CVSS 8.7
EPSS 0.01
CVE-2025-1198 MEDIUM
GitLab 16.11-17.6.4, 17.7-17.7.3, 17.8-17.8.1 - Insufficient Session Expiration via ActionCable
Feb 13, 2025
CVSS 4.2
EPSS 0.00
CVE-2025-0516 MEDIUM
GitLab CE/EE <17.7.4-17.8.2 - Privilege Escalation
Feb 12, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-1212 MEDIUM
GitLab CE/EE <17.6.5-17.8.2 - Info Disclosure
Feb 12, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-1042 MEDIUM
GitLab EE <17.6.5-17.8.2 - Info Disclosure
Feb 12, 2025
CVSS 4.9
EPSS 0.00
CVE-2025-0376 HIGH
GitLab 13.3-17.6.4, 17.7-17.7.3, 17.8-17.8.1 - Cross-Site Scripting via Change Page
Feb 12, 2025
CVSS 8.7
EPSS 0.03
CVE-2025-1072 MEDIUM
GitLab 7.14.1-17.3.6, 17.4-17.4.3, 17.5-17.5.1 - Denial of Service via Fogbugz Import
Feb 07, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-0290 MEDIUM
GitLab CE/EE <17.5.5-17.7.1 - Info Disclosure
Jan 28, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-0314 HIGH
GitLab 17.2-17.6.3, 17.7-17.7.2, 17.8 - Cross-Site Scripting via File Rendering
Jan 24, 2025
CVSS 8.7
EPSS 0.08
CVE-2025-0194 MEDIUM
GitLab CE/EE <17.5.5-17.7.1 - Info Disclosure
Jan 08, 2025
CVSS 6.5
EPSS 0.00
CVE-2024-9183 HIGH
GitLab 18.4-18.4.5, 18.5-18.5.3, 18.6-18.6.1 - Authenticated Credential Theft via TOCTOU Race Condition
Dec 05, 2025
CVSS 7.7
EPSS 0.00
CVE-2024-12303 MEDIUM
GitLab 17.7-18.0.5, 18.1-18.1.3, 18.2-18.2.1 - Authenticated Incorrect Privilege Assignment via User Invitation
Aug 13, 2025
CVSS 6.7
EPSS 0.00
CVE-2024-10219 MEDIUM
GitLab CE/EE <18.0.6-18.2.2 - Auth Bypass
Aug 13, 2025
CVSS 6.5
EPSS 0.00
CVE-2024-4994 HIGH
GitLab CE/EE <16.11.5 & <17.0.3 & <17.1.1 - CSRF
Jun 20, 2025
CVSS 8.1
EPSS 0.00
CVE-2024-4025 MEDIUM
GitLab 7.10-16.11.4, 17.0-17.0.2, 17.1 - Denial of Service via Crafted Markdown Page
Jun 20, 2025
CVSS 6.5
EPSS 0.00
CVE-2024-7586 MEDIUM
GitLab 17.0-17.0.6, 17.1-17.1.4, 17.2-17.2.2 - Sensitive Information Exposure in Webhook Deletion Audit Log
Jun 20, 2025
CVSS 4.1
EPSS 0.00
CVE-2024-9512 MEDIUM
GitLab < 17.10.8, 17.11 < 17.11.4, 18.0 < 18.0.2 - Unauthenticated Repository Cloning via Race Condition
Jun 12, 2025
CVSS 5.3
EPSS 0.00
CVE-2024-9163 LOW
GitLab CE/EE <17.10.7-18.0.1 - Info Disclosure
May 23, 2025
CVSS 3.5
EPSS 0.00
CVE-2024-7803 MEDIUM
GitLab 11.6-17.10.6, 17.11-17.11.2, 18.0 - Denial of Service via Discord Webhook Integration
May 23, 2025
CVSS 6.5
EPSS 0.00
CVE-2024-12093 MEDIUM
GitLab 11.1-17.10.6 17.11-17.11.2 18.0 - Two-Factor Authentication Bypass via SAML Response XPath Validation
May 22, 2025
CVSS 6.8
EPSS 0.00
CVE-2024-8973 MEDIUM
GitLab 17.1-17.9.7, 17.10-17.10.5, 17.11-17.11.1 - Denial of Service via GitHub Import Request
May 09, 2025
CVSS 6.5
EPSS 0.00
CVE-2024-12244 MEDIUM
GitLab 17.7-17.9.6, 17.10-17.10.4, 17.11 - Missing Authorization
Apr 24, 2025
CVSS 4.3
EPSS 0.00
CVE-2024-11129 MEDIUM
GitLab 17.1-17.8.6 17.9-17.9.5 17.10-17.10.3 - Information Disclosure via Issue Search
Apr 10, 2025
CVSS 6.3
EPSS 0.00
CVE-2024-12619 MEDIUM
GitLab CE/EE <17.8.6-17.10.1 - Privilege Escalation
Mar 28, 2025
CVSS 5.2
EPSS 0.00
Products
gitlab 1,368 GitLab 108 gitlab-shell 5 dynamic_application_security_testing_analyzer 4 runner 3 gitlab-vscode-extension 2 GitLab AI Gateway 1 dast_api_scanner 1 gitaly 1 gitlab_runner 1 language_server 1 omnibus 1
Quick Filters
Critical CVEs With Exploits In CISA KEV