gitlab
1,383 tracked vulnerabilities.
CVE-2024-4612
MEDIUM
GitLab 12.9.0-17.1.6, 17.2.0-17.2.4, 17.3.0-17.3.1 - Open Redirect via OAuth Flow
Sep 12, 2024
CVSS 6.4
EPSS 0.00
CVE-2024-2743
MEDIUM
GitLab 13.3-17.1.6, 17.2-17.2.4, 17.3-17.3.1 - Incorrect Authorization in On-Demand DAST Scan
Sep 12, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-45409
CRITICAL
NUCLEI
ruby-saml <=1.12.2 and 1.13.0-1.16.0 - Unauthenticated SAML Signature Verification Bypass
Sep 10, 2024
CVSS 10.0
EPSS 0.45
CVE-2024-8041
MEDIUM
GitLab < 17.1.6, 17.2 < 17.2.4, 17.3 < 17.3.1 - Denial of Service via GitHub Importer
Aug 22, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-7110
MEDIUM
GitLab 17.0-17.1.6 17.2-17.2.4 17.3-17.3.1 - Command Injection via Prompt Injection
Aug 22, 2024
CVSS 6.4
EPSS 0.00
CVE-2024-6502
MEDIUM
GitLab CE/EE <17.1.6-17.2.4-17.3.1 - Info Disclosure
Aug 22, 2024
CVSS 5.7
EPSS 0.00
CVE-2024-3127
MEDIUM
GitLab EE <17.1.6-17.2.4-17.3.1 - Auth Bypass
Aug 22, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-7610
MEDIUM
GitLab 15.9-17.0.5, 17.1-17.1.3, 17.2-17.2.1 - Denial of Service via Elasticsearch Result Parsing
Aug 08, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-7554
MEDIUM
GitLab 13.9-17.0.5, 17.1-17.1.3, 17.2-17.2.1 - Exposure of Sensitive Information via API Request Logging
Aug 08, 2024
CVSS 4.9
EPSS 0.00
CVE-2024-5423
MEDIUM
GitLab < 17.0.6, 17.1 < 17.1.4, 17.2 < 17.2.2 - Denial of Service via Banzai Pipeline
Aug 08, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-4207
MEDIUM
GitLab 5.1-17.0.5 17.1-17.1.3 17.2-17.2.1 - Cross-Site Scripting via XML File Rendering
Aug 08, 2024
CVSS 4.4
EPSS 0.01
CVE-2024-3958
MEDIUM
GitLab < 17.0.6, 17.1 < 17.1.4, 17.2 < 17.2.2 - Code Injection via Repository Display Discrepancy
Aug 08, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-3114
MEDIUM
GitLab 11.10-17.0.5, 17.1-17.1.3, 17.2-17.2.1 - Denial of Service via Invalid Commit Parsing
Aug 08, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-3035
MEDIUM
GitLab 8.12-17.0.5, 17.1-17.1.3, 17.2-17.2.1 - Authorization Bypass via LFS Token
Aug 08, 2024
CVSS 6.8
EPSS 0.00
CVE-2024-2800
MEDIUM
GitLab 11.3.0-17.0.5, 17.1.0-17.1.3, 17.2.0-17.2.1 - Denial of Service via RefMatcher Regex Backtracking
Aug 08, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-6329
MEDIUM
GitLab CE/EE <17.0.6-17.2.2 - Info Disclosure
Aug 08, 2024
CVSS 5.7
EPSS 0.00
CVE-2024-4784
MEDIUM
GitLab EE <17.0.6-17.2.2 - Auth Bypass
Aug 08, 2024
CVSS 4.2
EPSS 0.00
CVE-2024-4210
MEDIUM
GitLab 12.6-17.0.5, 17.1-17.1.3, 17.2-17.2.1 - Denial of Service via Crafted Adoc Files
Aug 08, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-7057
MEDIUM
GitLab 16.7-17.0.4, 17.1-17.1.2, 17.2 - Information Disclosure via Job Artifacts
Jul 25, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-7047
HIGH
GitLab 16.6-17.0.4, 17.1-17.1.2, 17.2 - Cross-Site Scripting
Jul 25, 2024
CVSS 7.7
EPSS 0.00
CVE-2024-7091
MEDIUM
GitLab 15.6-17.0.4, 17.1-17.1.2, 17.2 - Unauthorized Information Disclosure via Exported Group or Project
Jul 24, 2024
CVSS 4.1
EPSS 0.00
CVE-2024-7060
LOW
GitLab 15.4-17.0.4, 17.1-17.1.2, 17.2 - Unauthorized Information Disclosure in Project/Group Exports
Jul 24, 2024
CVSS 2.6
EPSS 0.00
CVE-2024-5067
MEDIUM
GitLab 16.11-17.0.4, 17.1-17.1.2, 17.2 - Unauthorized Exposure of Project Analytics Settings
Jul 24, 2024
CVSS 4.4
EPSS 0.00
CVE-2024-0231
LOW
GitLab 12.0-17.0.4 17.1-17.1.2 17.2 - Resource Misdirection via Repository Import
Jul 24, 2024
CVSS 2.7
EPSS 0.00
CVE-2024-6595
LOW
GitLab CE/EE <16.11.6/<17.0.4/<17.1.2 - Info Disclosure
Jul 17, 2024
CVSS 3.0
EPSS 0.00