gitlab

1,423 tracked vulnerabilities.

CVE-2024-6685 LOW
GitLab CE/EE <17.1.7-17.3.2 - Info Disclosure
Sep 16, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-4283 MEDIUM
GitLab EE <17.1.7-17.3.2 - Open Redirect
Sep 16, 2024
CVSS 6.4
EPSS 0.00
CVE-2024-8641 MEDIUM
GitLab CE/EE <17.1.7-17.2.5-17.3.2 - Info Disclosure
Sep 12, 2024
CVSS 6.7
EPSS 0.00
CVE-2024-8311 MEDIUM
GitLab EE <17.2.5-17.3.2 - Auth Bypass
Sep 12, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-6678 CRITICAL
GitLab CE/EE <17.1.7-17.3.2 - Privilege Escalation
Sep 12, 2024
CVSS 9.9
EPSS 0.02
CVE-2024-4472 MEDIUM
GitLab CE/EE <17.1.7-17.2.5-17.3.2 - Info Disclosure
Sep 12, 2024
CVSS 4.0
EPSS 0.00
CVE-2024-8754 MEDIUM
GitLab EE/CE <17.1.7-17.3.2 - Info Disclosure
Sep 12, 2024
CVSS 6.4
EPSS 0.00
CVE-2024-8640 HIGH
GitLab EE <17.1.7-17.3.2 - Command Injection
Sep 12, 2024
CVSS 8.5
EPSS 0.01
CVE-2024-8635 HIGH
GitLab 16.8-17.1.6, 17.2-17.2.4, 17.3-17.3.1 - Server-Side Request Forgery via Maven Dependency Proxy URL
Sep 12, 2024
CVSS 7.7
EPSS 0.01
CVE-2024-8631 MEDIUM
GitLab 16.6-17.1.6, 17.2-17.2.4, 17.3-17.3.1 - Privilege Escalation via Admin Group Member Role
Sep 12, 2024
CVSS 5.5
EPSS 0.01
CVE-2024-8124 HIGH
GitLab 16.4-17.1.6, 17.2-17.2.4, 17.3-17.3.1 - Denial of Service via POST Request
Sep 12, 2024
CVSS 7.5
EPSS 0.40
CVE-2024-6446 LOW
GitLab <17.1.7-17.2.5-17.3.2 - CSRF
Sep 12, 2024
CVSS 3.5
EPSS 0.00
CVE-2024-6389 MEDIUM
GitLab-CE/EE <17.1.7, <17.2.5, <17.3.2 - Info Disclosure
Sep 12, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-5435 MEDIUM
GitLab 15.10.0-17.1.6, 17.2.0-17.2.4, 17.3.0-17.3.1 - Sensitive Information Disclosure
Sep 12, 2024
CVSS 4.5
EPSS 0.00
CVE-2024-4660 MEDIUM
GitLab 11.2.0-17.1.6, 17.2.0-17.2.4, 17.3.0-17.3.1 - Private Project Source Code Exposure via Group Templates
Sep 12, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-4612 MEDIUM
GitLab 12.9.0-17.1.6, 17.2.0-17.2.4, 17.3.0-17.3.1 - Open Redirect via OAuth Flow
Sep 12, 2024
CVSS 6.4
EPSS 0.00
CVE-2024-2743 MEDIUM
GitLab 13.3-17.1.6, 17.2-17.2.4, 17.3-17.3.1 - Incorrect Authorization in On-Demand DAST Scan
Sep 12, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-45409 CRITICAL NUCLEI
ruby-saml <=1.12.2 and 1.13.0-1.16.0 - Unauthenticated SAML Signature Verification Bypass
Sep 10, 2024
CVSS 10.0
EPSS 0.11
CVE-2024-8041 MEDIUM
GitLab < 17.1.6, 17.2 < 17.2.4, 17.3 < 17.3.1 - Denial of Service via GitHub Importer
Aug 22, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-7110 MEDIUM
GitLab 17.0-17.1.6 17.2-17.2.4 17.3-17.3.1 - Command Injection via Prompt Injection
Aug 22, 2024
CVSS 6.4
EPSS 0.00
CVE-2024-6502 MEDIUM
GitLab CE/EE <17.1.6-17.2.4-17.3.1 - Info Disclosure
Aug 22, 2024
CVSS 5.7
EPSS 0.00
CVE-2024-3127 MEDIUM
GitLab EE <17.1.6-17.2.4-17.3.1 - Auth Bypass
Aug 22, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-7610 MEDIUM
GitLab 15.9-17.0.5, 17.1-17.1.3, 17.2-17.2.1 - Denial of Service via Elasticsearch Result Parsing
Aug 08, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-7554 MEDIUM
GitLab 13.9-17.0.5, 17.1-17.1.3, 17.2-17.2.1 - Exposure of Sensitive Information via API Request Logging
Aug 08, 2024
CVSS 4.9
EPSS 0.00
CVE-2024-5423 MEDIUM
GitLab < 17.0.6, 17.1 < 17.1.4, 17.2 < 17.2.2 - Denial of Service via Banzai Pipeline
Aug 08, 2024
CVSS 6.5
EPSS 0.00