gitlab
1,423 tracked vulnerabilities.
CVE-2024-7102
CRITICAL
GitLab CE/EE <17.5.0 - Privilege Escalation
Feb 13, 2025
CVSS 9.6
EPSS 0.00
CVE-2024-9870
MEDIUM
GitLab 15.11-17.6.5, 17.7-17.7.4, 17.8-17.8.2 - Server-Side Request Forgery
Feb 12, 2025
CVSS 4.3
EPSS 0.00
CVE-2024-12379
MEDIUM
GitLab 14.1-17.6.4, 17.7-17.7.3, 17.8-17.8.1 - Denial of Service via Personal Access Token Scopes Parameter
Feb 12, 2025
CVSS 6.5
EPSS 0.00
CVE-2024-10383
HIGH
GitLab 15.11-17.2 - Stored Cross-Site Scripting in Web IDE via .ipynb File Loading
Feb 07, 2025
CVSS 8.7
EPSS 0.00
CVE-2024-2878
HIGH
GitLab 15.7-16.9.6, 16.10-16.10.4, 16.11-16.11.1 - Denial of Service via Crafted Branch Name Search
Feb 05, 2025
CVSS 7.5
EPSS 0.18
CVE-2024-3976
MEDIUM
GitLab CE/EE <16.9.7-16.10.5-16.11.2 - Info Disclosure
Feb 05, 2025
CVSS 6.5
EPSS 0.00
CVE-2024-9631
HIGH
GitLab CE/EE <17.2.9-17.4.2 - Info Disclosure
Feb 05, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-5528
LOW
GitLab CE/EE <16.11.6, <17.0.4, <17.1.2 - SSRF
Feb 05, 2025
CVSS 3.5
EPSS 0.00
CVE-2024-6356
MEDIUM
GitLab 16.0.0-17.0.5 17.1.0-17.1.3 17.2.0-17.2.1 - Incorrect User Management
Feb 05, 2025
CVSS 4.4
EPSS 0.00
CVE-2024-1539
MEDIUM
GitLab 15.2-16.9.6, 16.10-16.10.4, 16.11-16.11.1 - Missing Authorization for Banned Group Member Issue Update Disclosure
Feb 05, 2025
CVSS 4.3
EPSS 0.00
CVE-2024-1211
MEDIUM
GitLab 10.6-16.9.6, 16.10-16.10.4, 16.11-16.11.1 - Cross-Site Request Forgery via JWT OmniAuth Provider
Jan 31, 2025
CVSS 6.4
EPSS 0.00
CVE-2024-11931
MEDIUM
GitLab CE/EE <17.6.4-17.7.3-17.8.1 - Info Disclosure
Jan 24, 2025
CVSS 6.4
EPSS 0.00
CVE-2024-13041
MEDIUM
GitLab CE/EE <17.5.5-17.7.1 - Info Disclosure
Jan 09, 2025
CVSS 4.2
EPSS 0.00
CVE-2024-6324
MEDIUM
GitLab 15.7-17.5.4, 17.6-17.6.2, 17.7 - Denial of Service via Cyclic Epic References
Jan 09, 2025
CVSS 4.3
EPSS 0.01
CVE-2024-12431
MEDIUM
GitLab 15.5-17.5.4, 17.6-17.6.2, 17.7 - Unauthenticated Issue Status Manipulation in Public Projects
Jan 08, 2025
CVSS 4.3
EPSS 0.00
CVE-2024-8650
MEDIUM
GitLab CE/EE <17.4.6-17.6.2 - Info Disclosure
Dec 16, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-8116
MEDIUM
GitLab CE/EE <17.4.6-17.6.2 - Info Disclosure
Dec 16, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-9387
MEDIUM
GitLab 11.8-17.4.5, 17.5-17.5.3, 17.6-17.6.1 - Open Redirect via Releases API Endpoint
Dec 12, 2024
CVSS 6.4
EPSS 0.00
CVE-2024-9367
MEDIUM
GitLab 13.9-17.4.5 17.5-17.5.3 17.6-17.6.1 - Denial of Service via Changelog Template Parsing
Dec 12, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-8647
MEDIUM
GitLab 15.2-17.4.6, 17.5 < 17.5.4, 17.6 < 17.6.2 - Anti-CSRF Token Leak via Harbor Integration
Dec 12, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-8233
HIGH
GitLab 9.4.0-17.4.5, 17.5.0-17.5.3, 17.6.0-17.6.1 - Denial of Service via Diff File Requests
Dec 12, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-8179
MEDIUM
GitLab 17.3-17.4.5, 17.5-17.5.3, 17.6-17.6.1 - Cross-Site Scripting when CSP Disabled
Dec 12, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-12570
MEDIUM
GitLab CE/EE <17.4.6-17.5.4-17.6.2 - Info Disclosure
Dec 12, 2024
CVSS 6.7
EPSS 0.00
CVE-2024-12292
MEDIUM
GitLab 11.0-17.4.5, 17.5-17.5.3, 17.6-17.6.1 - Sensitive Information Disclosure in GraphQL Logs
Dec 12, 2024
CVSS 4.0
EPSS 0.00
CVE-2024-11274
HIGH
GitLab 16.1-17.4.5, 17.5-17.5.3, 17.6-17.6.1 - Session Data Exfiltration via NEL Header Injection in k8s Proxy Response
Dec 12, 2024
CVSS 8.7
EPSS 0.00