gitlab
1,423 tracked vulnerabilities.
CVE-2024-10043
LOW
GitLab EE <17.4.6-17.6.2 - Info Disclosure
Dec 12, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-10240
MEDIUM
GitLab EE <17.3.7-17.5.2 - Info Disclosure
Nov 26, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-8237
MEDIUM
GitLab CE/EE <12.6-17.4.5, <17.5-17.5.3, <17.6-17.6.1 - DoS
Nov 26, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-8177
MEDIUM
GitLab CE/EE <17.4.5/<17.5.3/<17.6.1 - DoS
Nov 26, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-8114
HIGH
GitLab CE/EE <17.4.5-17.6.1 - Privilege Escalation
Nov 26, 2024
CVSS 8.2
EPSS 0.01
CVE-2024-11828
MEDIUM
GitLab 13.2.4-17.4.4, 17.5-17.5.2, 17.6-17.6.0 - Denial of Service via Crafted API Calls
Nov 26, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-11669
MEDIUM
GitLab CE/EE <17.4.5-17.6.1 - Info Disclosure
Nov 26, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-11668
MEDIUM
GitLab CE/EE <17.4.5-17.6.1 - Auth Bypass
Nov 26, 2024
CVSS 4.2
EPSS 0.00
CVE-2024-9633
LOW
GitLab CE/EE <17.4.2-17.5.4-17.6.2 - Info Disclosure
Nov 14, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-8648
MEDIUM
GitLab 16.0.0-17.3.6, 17.4.0-17.4.3, 17.5.0-17.5.1 - Stored Cross-Site Scripting via Analytics Dashboard URL
Nov 14, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-7404
MEDIUM
GitLab CE/EE <17.3.7-17.5.2 - Privilege Escalation
Nov 14, 2024
CVSS 6.8
EPSS 0.01
CVE-2024-9693
HIGH
GitLab 16.0-17.3.6, 17.4-17.4.3, 17.5-17.5.1 - Incorrect Authorization for Kubernetes Agent Access
Nov 14, 2024
CVSS 8.5
EPSS 0.00
CVE-2024-8180
MEDIUM
GitLab 17.3.0-17.3.6, 17.4.0-17.4.3, 17.5.0-17.5.1 - Cross-Site Scripting via Vulnerability Code Flow
Nov 14, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-8312
HIGH
GitLab 15.10-17.3.6, 17.4-17.4.3, 17.5-17.5.1 - Cross-Site Scripting via Global Search Field on Diff View
Oct 24, 2024
CVSS 8.7
EPSS 0.00
CVE-2024-6826
MEDIUM
GitLab 11.2-17.3.5 17.4.0-17.4.2 17.5.0 - Denial of Service via Malicious XML Manifest Import
Oct 24, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-9164
CRITICAL
GitLab 12.5.0-17.2.8, 17.3.0-17.3.4, 17.4.0-17.4.1 - Unauthenticated Pipeline Execution on Arbitrary Branches
Oct 11, 2024
CVSS 9.6
EPSS 0.01
CVE-2024-8970
HIGH
GitLab 11.6-17.2.8, 17.3-17.3.4, 17.4-17.4.1 - Incorrect Authorization
Oct 11, 2024
CVSS 8.2
EPSS 0.01
CVE-2024-5005
MEDIUM
GitLab EE/CE <17.2.9-17.4.2 - Info Disclosure
Oct 11, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-6530
HIGH
GitLab <17.2.9/<17.3.5/<17.4.2 - XSS
Oct 10, 2024
CVSS 7.3
EPSS 0.02
CVE-2024-9623
MEDIUM
GitLab 8.16-17.2.8, 17.3-17.3.4, 17.4-17.4.1 - Incorrect Authorization for Deploy Key Push to Archived Repository
Oct 10, 2024
CVSS 4.9
EPSS 0.00
CVE-2024-9596
LOW
GitLab EE <17.2.9, <17.3.5, <17.4.2 - Info Disclosure
Oct 10, 2024
CVSS 3.7
EPSS 0.00
CVE-2024-8977
HIGH
GitLab 15.10-17.2.8, 17.3-17.3.4, 17.4-17.4.1 - Server-Side Request Forgery via Product Analytics Dashboard
Oct 10, 2024
CVSS 8.2
EPSS 0.00
CVE-2024-8974
LOW
GitLab 15.6-17.2.7, 17.3-17.3.3, 17.4-17.4.0 - Unauthenticated Private Project Path Disclosure
Sep 26, 2024
CVSS 2.6
EPSS 0.00
CVE-2024-4099
LOW
GitLab EE <17.2.8-17.3.4-17.4.1 - Info Disclosure
Sep 26, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-4278
MEDIUM
GitLab EE <17.2.8, <17.3.4, <17.4.1 - Info Disclosure
Sep 26, 2024
CVSS 5.5
EPSS 0.00