gitlab

1,383 tracked vulnerabilities.

CVE-2024-10307 MEDIUM
GitLab 12.10-17.8.5, 17.9-17.9.2, 17.10 - Uncontrolled CPU Consumption via Malicious Merge Request File
Mar 28, 2025
CVSS 4.3
EPSS 0.00
CVE-2024-9773 LOW
GitLab 14.9.0-17.8.5, 17.9.0-17.8.2, 17.10.0 - Command Injection via Harbor Registry CLI Integration
Mar 27, 2025
CVSS 3.7
EPSS 0.00
CVE-2024-8402 LOW
GitLab EE <17.7.7-<17.9.2 - Code Injection
Mar 13, 2025
CVSS 3.7
EPSS 0.00
CVE-2024-7296 LOW
GitLab 16.5-17.7.6, 17.8-17.8.4, 17.9-17.9.1 - Incorrect Authorization in Membership Approval
Mar 13, 2025
CVSS 2.7
EPSS 0.00
CVE-2024-13054 MEDIUM
GitLab < 17.7.7, 17.8 < 17.8.5, 17.9 < 17.9.2 - Denial of Service
Mar 13, 2025
CVSS 6.5
EPSS 0.02
CVE-2024-12380 MEDIUM
GitLab 11.5-17.7.6, 17.8-17.8.4, 17.9-17.9.1 - Sensitive Information Exposure in Repository Mirroring Settings
Mar 13, 2025
CVSS 4.4
EPSS 0.00
CVE-2024-10925 MEDIUM
GitLab 16.2-17.7.5, 17.8-17.8.3, 17.9-17.9.0 - Guest User Security Policy YAML Exposure
Mar 03, 2025
CVSS 5.3
EPSS 0.00
CVE-2024-8186 MEDIUM
GitLab 16.6-17.7.5, 17.8-17.8.3, 17.9 - Cross-Site Scripting via Child Item Search
Mar 03, 2025
CVSS 5.4
EPSS 0.00
CVE-2024-3303 MEDIUM
GitLab EE <17.6.5-17.7.4-17.8.2 - Info Disclosure
Feb 13, 2025
CVSS 6.4
EPSS 0.00
CVE-2024-8266 MEDIUM
GitLab CE/EE <17.6.0 - Privilege Escalation
Feb 13, 2025
CVSS 4.4
EPSS 0.00
CVE-2024-7102 CRITICAL
GitLab CE/EE <17.5.0 - Privilege Escalation
Feb 13, 2025
CVSS 9.6
EPSS 0.00
CVE-2024-9870 MEDIUM
GitLab 15.11-17.6.5, 17.7-17.7.4, 17.8-17.8.2 - Server-Side Request Forgery
Feb 12, 2025
CVSS 4.3
EPSS 0.00
CVE-2024-12379 MEDIUM
GitLab 14.1-17.6.4, 17.7-17.7.3, 17.8-17.8.1 - Denial of Service via Personal Access Token Scopes Parameter
Feb 12, 2025
CVSS 6.5
EPSS 0.00
CVE-2024-10383 HIGH
GitLab 15.11-17.2 - Stored Cross-Site Scripting in Web IDE via .ipynb File Loading
Feb 07, 2025
CVSS 8.7
EPSS 0.00
CVE-2024-2878 HIGH
GitLab 15.7-16.9.6, 16.10-16.10.4, 16.11-16.11.1 - Denial of Service via Crafted Branch Name Search
Feb 05, 2025
CVSS 7.5
EPSS 0.05
CVE-2024-3976 MEDIUM
GitLab CE/EE <16.9.7-16.10.5-16.11.2 - Info Disclosure
Feb 05, 2025
CVSS 6.5
EPSS 0.00
CVE-2024-9631 HIGH
GitLab CE/EE <17.2.9-17.4.2 - Info Disclosure
Feb 05, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-5528 LOW
GitLab CE/EE <16.11.6, <17.0.4, <17.1.2 - SSRF
Feb 05, 2025
CVSS 3.5
EPSS 0.00
CVE-2024-6356 MEDIUM
GitLab 16.0.0-17.0.5 17.1.0-17.1.3 17.2.0-17.2.1 - Incorrect User Management
Feb 05, 2025
CVSS 4.4
EPSS 0.00
CVE-2024-1539 MEDIUM
GitLab 15.2-16.9.6, 16.10-16.10.4, 16.11-16.11.1 - Missing Authorization for Banned Group Member Issue Update Disclosure
Feb 05, 2025
CVSS 4.3
EPSS 0.00
CVE-2024-1211 MEDIUM
GitLab 10.6-16.9.6, 16.10-16.10.4, 16.11-16.11.1 - Cross-Site Request Forgery via JWT OmniAuth Provider
Jan 31, 2025
CVSS 6.4
EPSS 0.00
CVE-2024-11931 MEDIUM
GitLab CE/EE <17.6.4-17.7.3-17.8.1 - Info Disclosure
Jan 24, 2025
CVSS 6.4
EPSS 0.00
CVE-2024-13041 MEDIUM
GitLab CE/EE <17.5.5-17.7.1 - Info Disclosure
Jan 09, 2025
CVSS 4.2
EPSS 0.00
CVE-2024-6324 MEDIUM
GitLab 15.7-17.5.4, 17.6-17.6.2, 17.7 - Denial of Service via Cyclic Epic References
Jan 09, 2025
CVSS 4.3
EPSS 0.00
CVE-2024-12431 MEDIUM
GitLab 15.5-17.5.4, 17.6-17.6.2, 17.7 - Unauthenticated Issue Status Manipulation in Public Projects
Jan 08, 2025
CVSS 4.3
EPSS 0.00
Products
gitlab 1,368 GitLab 108 gitlab-shell 5 dynamic_application_security_testing_analyzer 4 runner 3 gitlab-vscode-extension 2 GitLab AI Gateway 1 dast_api_scanner 1 gitaly 1 gitlab_runner 1 language_server 1 omnibus 1
Quick Filters
Critical CVEs With Exploits In CISA KEV