gitlab
1,423 tracked vulnerabilities.
CVE-2024-6685
LOW
GitLab CE/EE <17.1.7-17.3.2 - Info Disclosure
Sep 16, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-4283
MEDIUM
GitLab EE <17.1.7-17.3.2 - Open Redirect
Sep 16, 2024
CVSS 6.4
EPSS 0.00
CVE-2024-8641
MEDIUM
GitLab CE/EE <17.1.7-17.2.5-17.3.2 - Info Disclosure
Sep 12, 2024
CVSS 6.7
EPSS 0.00
CVE-2024-8311
MEDIUM
GitLab EE <17.2.5-17.3.2 - Auth Bypass
Sep 12, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-6678
CRITICAL
GitLab CE/EE <17.1.7-17.3.2 - Privilege Escalation
Sep 12, 2024
CVSS 9.9
EPSS 0.02
CVE-2024-4472
MEDIUM
GitLab CE/EE <17.1.7-17.2.5-17.3.2 - Info Disclosure
Sep 12, 2024
CVSS 4.0
EPSS 0.00
CVE-2024-8754
MEDIUM
GitLab EE/CE <17.1.7-17.3.2 - Info Disclosure
Sep 12, 2024
CVSS 6.4
EPSS 0.00
CVE-2024-8640
HIGH
GitLab EE <17.1.7-17.3.2 - Command Injection
Sep 12, 2024
CVSS 8.5
EPSS 0.01
CVE-2024-8635
HIGH
GitLab 16.8-17.1.6, 17.2-17.2.4, 17.3-17.3.1 - Server-Side Request Forgery via Maven Dependency Proxy URL
Sep 12, 2024
CVSS 7.7
EPSS 0.01
CVE-2024-8631
MEDIUM
GitLab 16.6-17.1.6, 17.2-17.2.4, 17.3-17.3.1 - Privilege Escalation via Admin Group Member Role
Sep 12, 2024
CVSS 5.5
EPSS 0.01
CVE-2024-8124
HIGH
GitLab 16.4-17.1.6, 17.2-17.2.4, 17.3-17.3.1 - Denial of Service via POST Request
Sep 12, 2024
CVSS 7.5
EPSS 0.40
CVE-2024-6446
LOW
GitLab <17.1.7-17.2.5-17.3.2 - CSRF
Sep 12, 2024
CVSS 3.5
EPSS 0.00
CVE-2024-6389
MEDIUM
GitLab-CE/EE <17.1.7, <17.2.5, <17.3.2 - Info Disclosure
Sep 12, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-5435
MEDIUM
GitLab 15.10.0-17.1.6, 17.2.0-17.2.4, 17.3.0-17.3.1 - Sensitive Information Disclosure
Sep 12, 2024
CVSS 4.5
EPSS 0.00
CVE-2024-4660
MEDIUM
GitLab 11.2.0-17.1.6, 17.2.0-17.2.4, 17.3.0-17.3.1 - Private Project Source Code Exposure via Group Templates
Sep 12, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-4612
MEDIUM
GitLab 12.9.0-17.1.6, 17.2.0-17.2.4, 17.3.0-17.3.1 - Open Redirect via OAuth Flow
Sep 12, 2024
CVSS 6.4
EPSS 0.00
CVE-2024-2743
MEDIUM
GitLab 13.3-17.1.6, 17.2-17.2.4, 17.3-17.3.1 - Incorrect Authorization in On-Demand DAST Scan
Sep 12, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-45409
CRITICAL
NUCLEI
ruby-saml <=1.12.2 and 1.13.0-1.16.0 - Unauthenticated SAML Signature Verification Bypass
Sep 10, 2024
CVSS 10.0
EPSS 0.11
CVE-2024-8041
MEDIUM
GitLab < 17.1.6, 17.2 < 17.2.4, 17.3 < 17.3.1 - Denial of Service via GitHub Importer
Aug 22, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-7110
MEDIUM
GitLab 17.0-17.1.6 17.2-17.2.4 17.3-17.3.1 - Command Injection via Prompt Injection
Aug 22, 2024
CVSS 6.4
EPSS 0.00
CVE-2024-6502
MEDIUM
GitLab CE/EE <17.1.6-17.2.4-17.3.1 - Info Disclosure
Aug 22, 2024
CVSS 5.7
EPSS 0.00
CVE-2024-3127
MEDIUM
GitLab EE <17.1.6-17.2.4-17.3.1 - Auth Bypass
Aug 22, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-7610
MEDIUM
GitLab 15.9-17.0.5, 17.1-17.1.3, 17.2-17.2.1 - Denial of Service via Elasticsearch Result Parsing
Aug 08, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-7554
MEDIUM
GitLab 13.9-17.0.5, 17.1-17.1.3, 17.2-17.2.1 - Exposure of Sensitive Information via API Request Logging
Aug 08, 2024
CVSS 4.9
EPSS 0.00
CVE-2024-5423
MEDIUM
GitLab < 17.0.6, 17.1 < 17.1.4, 17.2 < 17.2.2 - Denial of Service via Banzai Pipeline
Aug 08, 2024
CVSS 6.5
EPSS 0.00