gitlab

1,383 tracked vulnerabilities.

CVE-2024-6385 CRITICAL
GitLab CE/EE <16.11.6-17.1.2 - Privilege Escalation
Jul 11, 2024
CVSS 9.6
EPSS 0.01
CVE-2024-5470 LOW
GitLab 17.0-17.0.4 and 17.1-17.1.2 - Improper Access Control via Deploy Token Creation
Jul 11, 2024
CVSS 3.8
EPSS 0.00
CVE-2024-5257 MEDIUM
GitLab 17.0-17.0.4 and 17.1-17.1.2 - Improper Access Control via Group Namespace URL Modification
Jul 11, 2024
CVSS 4.9
EPSS 0.00
CVE-2024-2880 LOW
GitLab 16.5-16.11.5, 17.0-17.0.3, 17.1-17.1.1 - Improper Access Control
Jul 11, 2024
CVSS 2.7
EPSS 0.00
CVE-2024-2177 MEDIUM
GitLab 16.3-16.11.5, 17.0-17.0.3, 17.1-17.1.1 - Cross Window Forgery via OAuth Authentication Flow
Jul 09, 2024
CVSS 6.8
EPSS 0.00
CVE-2024-6323 HIGH
GitLab EE <16.11.5, <17.0.3, <17.1.1 - Info Disclosure
Jun 27, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-5655 CRITICAL
GitLab CE/EE <16.11.5-17.1.1 - Privilege Escalation
Jun 27, 2024
CVSS 9.6
EPSS 0.02
CVE-2024-5430 MEDIUM
GitLab 16.10-16.11.4, 17.0-17.0.2, 17.1 - Improper Access Control via GraphQL
Jun 27, 2024
CVSS 6.8
EPSS 0.00
CVE-2024-4901 HIGH
GitLab 16.9-16.11.4, 17.0-17.0.2, 17.1 - Stored Cross-Site Scripting via Malicious Commit Notes
Jun 27, 2024
CVSS 8.7
EPSS 0.05
CVE-2024-4557 MEDIUM
GitLab < 16.11.5, 17.0 < 17.0.3, 17.1 < 17.1.1 - Denial of Service via Banzai Pipeline
Jun 27, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-4011 LOW
GitLab CE/EE <16.11.5-17.1.1 - Info Disclosure
Jun 27, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-3959 MEDIUM
GitLab 16.7-16.11.4, 17.0-17.0.2, 17.1 - Unauthenticated Private Job Artifact Access
Jun 27, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-3115 MEDIUM
GitLab EE <16.11.5-17.1.1 - Info Disclosure
Jun 27, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-2191 MEDIUM
GitLab CE/EE <16.11.5-17.1.1 - Info Disclosure
Jun 27, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-1816 MEDIUM
GitLab 12.0-16.11.4, 17.0-17.0.2, 17.1 - Denial of Service via Crafted OpenAPI File
Jun 27, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-1493 MEDIUM
GitLab 9.2.0-16.11.4, 17.0.0-17.0.2, 17.1.0 - Denial of Service via Dependency File Link Processing
Jun 27, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-5469 LOW
GitLab 16.10.0-16.10.5 and 16.11.0-16.11.2 - Denial of Service via Crafted gRPC Requests
Jun 14, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-4201 MEDIUM
GitLab <16.10.7, <16.11, <17.0.2 - XSS
Jun 12, 2024
CVSS 4.4
EPSS 0.01
CVE-2024-1963 MEDIUM
GitLab 8.4-16.10.6, 16.11-16.11.3, 17.0-17.0.1 - Regular Expression Denial of Service via Asana Integration
Jun 12, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-1736 MEDIUM
GitLab < 16.10.7, 16.11-16.11.4, 17.0-17.0.2 - Denial of Service via CI/CD Pipeline Editor
Jun 12, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-1495 MEDIUM
GitLab 13.1-16.10.6, 16.11-16.11.3, 17.0-17.0.1 - Denial of Service via Maliciously Crafted File
Jun 12, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-5318 MEDIUM
GitLab CE/EE <16.10.6/<16.11.3/<17.0.1 - Info Disclosure
May 24, 2024
CVSS 4.0
EPSS 0.00
CVE-2024-5258 MEDIUM
GitLab 16.10-16.10.5, 16.11-16.11.2, 17.0 - Authenticated Authorization Bypass via Pipeline Naming Convention
May 23, 2024
CVSS 4.4
EPSS 0.00
CVE-2024-1947 MEDIUM
GitLab 13.2.4-16.10.5, 16.11-16.11.2, 17.0 - Denial of Service via Crafted API Calls
May 23, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-4835 HIGH
GitLab 15.11-16.10.5, 16.11-16.11.2, 17.0 - Cross-Site Scripting
May 23, 2024
CVSS 8.0
EPSS 0.07
Products
gitlab 1,368 GitLab 108 gitlab-shell 5 dynamic_application_security_testing_analyzer 4 runner 3 gitlab-vscode-extension 2 GitLab AI Gateway 1 dast_api_scanner 1 gitaly 1 gitlab_runner 1 language_server 1 omnibus 1
Quick Filters
Critical CVEs With Exploits In CISA KEV