gitlab

1,423 tracked vulnerabilities.

CVE-2025-0194 MEDIUM
GitLab CE/EE <17.5.5-17.7.1 - Info Disclosure
Jan 08, 2025
CVSS 6.5
EPSS 0.00
CVE-2024-9183 HIGH
GitLab 18.4-18.4.5, 18.5-18.5.3, 18.6-18.6.1 - Authenticated Credential Theft via TOCTOU Race Condition
Dec 05, 2025
CVSS 7.7
EPSS 0.00
CVE-2024-12303 MEDIUM
GitLab 17.7-18.0.5, 18.1-18.1.3, 18.2-18.2.1 - Authenticated Incorrect Privilege Assignment via User Invitation
Aug 13, 2025
CVSS 6.7
EPSS 0.00
CVE-2024-10219 MEDIUM
GitLab CE/EE <18.0.6-18.2.2 - Auth Bypass
Aug 13, 2025
CVSS 6.5
EPSS 0.00
CVE-2024-4994 HIGH
GitLab CE/EE <16.11.5 & <17.0.3 & <17.1.1 - CSRF
Jun 20, 2025
CVSS 8.1
EPSS 0.00
CVE-2024-4025 MEDIUM
GitLab 7.10-16.11.4, 17.0-17.0.2, 17.1 - Denial of Service via Crafted Markdown Page
Jun 20, 2025
CVSS 6.5
EPSS 0.00
CVE-2024-7586 MEDIUM
GitLab 17.0-17.0.6, 17.1-17.1.4, 17.2-17.2.2 - Sensitive Information Exposure in Webhook Deletion Audit Log
Jun 20, 2025
CVSS 4.1
EPSS 0.00
CVE-2024-9512 MEDIUM
GitLab < 17.10.8, 17.11 < 17.11.4, 18.0 < 18.0.2 - Unauthenticated Repository Cloning via Race Condition
Jun 12, 2025
CVSS 5.3
EPSS 0.00
CVE-2024-9163 LOW
GitLab CE/EE <17.10.7-18.0.1 - Info Disclosure
May 23, 2025
CVSS 3.5
EPSS 0.00
CVE-2024-7803 MEDIUM
GitLab 11.6-17.10.6, 17.11-17.11.2, 18.0 - Denial of Service via Discord Webhook Integration
May 23, 2025
CVSS 6.5
EPSS 0.00
CVE-2024-12093 MEDIUM
GitLab 11.1-17.10.6 17.11-17.11.2 18.0 - Two-Factor Authentication Bypass via SAML Response XPath Validation
May 22, 2025
CVSS 6.8
EPSS 0.00
CVE-2024-8973 MEDIUM
GitLab 17.1-17.9.7, 17.10-17.10.5, 17.11-17.11.1 - Denial of Service via GitHub Import Request
May 09, 2025
CVSS 6.5
EPSS 0.00
CVE-2024-12244 MEDIUM
GitLab 17.7-17.9.6, 17.10-17.10.4, 17.11 - Missing Authorization
Apr 24, 2025
CVSS 4.3
EPSS 0.00
CVE-2024-11129 MEDIUM
GitLab 17.1-17.8.6 17.9-17.9.5 17.10-17.10.3 - Information Disclosure via Issue Search
Apr 10, 2025
CVSS 6.3
EPSS 0.00
CVE-2024-12619 MEDIUM
GitLab CE/EE <17.8.6-17.10.1 - Privilege Escalation
Mar 28, 2025
CVSS 5.2
EPSS 0.00
CVE-2024-10307 MEDIUM
GitLab 12.10-17.8.5, 17.9-17.9.2, 17.10 - Uncontrolled CPU Consumption via Malicious Merge Request File
Mar 28, 2025
CVSS 4.3
EPSS 0.00
CVE-2024-9773 LOW
GitLab 14.9.0-17.8.5, 17.9.0-17.8.2, 17.10.0 - Command Injection via Harbor Registry CLI Integration
Mar 27, 2025
CVSS 3.7
EPSS 0.00
CVE-2024-8402 LOW
GitLab EE <17.7.7-<17.9.2 - Code Injection
Mar 13, 2025
CVSS 3.7
EPSS 0.00
CVE-2024-7296 LOW
GitLab 16.5-17.7.6, 17.8-17.8.4, 17.9-17.9.1 - Incorrect Authorization in Membership Approval
Mar 13, 2025
CVSS 2.7
EPSS 0.00
CVE-2024-13054 MEDIUM
GitLab < 17.7.7, 17.8 < 17.8.5, 17.9 < 17.9.2 - Denial of Service
Mar 13, 2025
CVSS 6.5
EPSS 0.01
CVE-2024-12380 MEDIUM
GitLab 11.5-17.7.6, 17.8-17.8.4, 17.9-17.9.1 - Sensitive Information Exposure in Repository Mirroring Settings
Mar 13, 2025
CVSS 4.4
EPSS 0.01
CVE-2024-10925 MEDIUM
GitLab 16.2-17.7.5, 17.8-17.8.3, 17.9-17.9.0 - Guest User Security Policy YAML Exposure
Mar 03, 2025
CVSS 5.3
EPSS 0.00
CVE-2024-8186 MEDIUM
GitLab 16.6-17.7.5, 17.8-17.8.3, 17.9 - Cross-Site Scripting via Child Item Search
Mar 03, 2025
CVSS 5.4
EPSS 0.00
CVE-2024-3303 MEDIUM
GitLab EE <17.6.5-17.7.4-17.8.2 - Info Disclosure
Feb 13, 2025
CVSS 6.4
EPSS 0.00
CVE-2024-8266 MEDIUM
GitLab CE/EE <17.6.0 - Privilege Escalation
Feb 13, 2025
CVSS 4.4
EPSS 0.00