gitlab

CVE-2024-2874 MEDIUM

GitLab < 16.10.6, 16.11 < 16.11.3, 17.0 < 17.0.1 - Denial of Service via Runner Description

May 23, 2024

CVSS 6.5

EPSS 0.00

CVE-2024-4597 MEDIUM

GitLab 16.7-16.9.6, 16.10-16.10.4, 16.11-16.11.1 - Cross-Site Request Forgery via SAML Session

May 14, 2024

CVSS 5.7

EPSS 0.00

CVE-2024-4539 MEDIUM

GitLab 15.4-16.9.6, 16.10-16.10.4, 16.11-16.11.1 - Denial of Service via API Branch and Tag Filtering

May 14, 2024

CVSS 4.3

EPSS 0.00

CVE-2024-2651 MEDIUM

GitLab CE/EE <16.9.7-16.10.4-16.11.1 - DoS

May 14, 2024

CVSS 6.5

EPSS 0.01

CVE-2024-2454 MEDIUM

GitLab 15.11-16.9.6, 16.10-16.10.4, 16.11-16.11.1 - Denial of Service via Pins Endpoint

May 14, 2024

CVSS 6.5

EPSS 0.02

CVE-2024-4024 HIGH

GitLab CE/EE <16.9.6-16.11.1 - Auth Bypass

Apr 25, 2024

CVSS 7.3

EPSS 0.01

CVE-2024-4006 MEDIUM

GitLab CE/EE <16.9.6/<16.10.4/<16.11.1 - Info Disclosure

Apr 25, 2024

CVSS 4.3

EPSS 0.00

CVE-2024-2829 HIGH

GitLab 12.5-16.9.5, 16.10-16.10.3, 16.11 - Denial of Service via FileFinder Wildcard Filter

Apr 25, 2024

CVSS 7.5

EPSS 0.01

CVE-2024-2434 HIGH

GitLab CE/EE <16.9.6-16.11.1 - Path Traversal

Apr 25, 2024

CVSS 8.5

EPSS 0.11

CVE-2024-1347 MEDIUM

GitLab < 16.9.6, 16.10 < 16.10.4, 16.11 < 16.11.1 - Authentication Bypass via Crafted Email Address

Apr 25, 2024

CVSS 4.3

EPSS 0.00

CVE-2024-3092 HIGH

GitLab 16.9.0-16.9.3 and 16.10.0-16.10.1 - Stored Cross-Site Scripting in Diff Viewer

Apr 12, 2024

CVSS 8.7

EPSS 0.01

CVE-2024-2279 HIGH

GitLab CE/EE <16.8.6, <16.9.4, <16.10.2 - Stored XSS

Apr 12, 2024

CVSS 8.7

EPSS 0.01

CVE-2024-2818 MEDIUM

GitLab < 16.8.5, 16.9 < 16.9.3, 16.10 < 16.10.1 - Denial of Service via Label Description Parameter

Mar 28, 2024

CVSS 4.3

EPSS 0.00

CVE-2024-1299 MEDIUM

GitLab <16.8.4, <16.9.2 - Privilege Escalation

Mar 07, 2024

CVSS 6.5

EPSS 0.00

CVE-2024-0199 HIGH

GitLab 11.3-16.7.6 16.8.3-16.8.3 - Incorrect Authorization Bypass via Crafted Payload in Old Feature Branch

Mar 07, 2024

CVSS 7.7

EPSS 0.00

CVE-2024-1525 MEDIUM

GitLab CE/EE <16.7.6-16.8.3-16.9.1 - Auth Bypass

Feb 22, 2024

CVSS 5.3

EPSS 0.00

CVE-2024-1451 HIGH

GitLab 16.9 - Stored Cross-Site Scripting via User Profile Page

Feb 22, 2024

CVSS 8.7

EPSS 0.29

CVE-2024-0861 MEDIUM

GitLab EE <16.7.6-16.9.1 - Privilege Escalation

Feb 22, 2024

CVSS 4.3

EPSS 0.00

CVE-2024-0410 HIGH

GitLab <16.7.6-16.9.1 - Auth Bypass

Feb 22, 2024

CVSS 7.7

EPSS 0.00

CVE-2024-1250 MEDIUM

GitLab 16.8-16.8.2 - Privilege Escalation via Custom Role Group Access Token Creation

Feb 12, 2024

CVSS 6.5

EPSS 0.00

CVE-2024-1066 MEDIUM

GitLab 13.3.0-16.6.6, 16.7.0-16.7.4, 16.8.0-16.8.1 - Resource Exhaustion via GraphQL vulnerabilitiesCountByDay

Feb 07, 2024

CVSS 6.5

EPSS 0.00

CVE-2024-0456 MEDIUM

GitLab 14.0-16.6.5, 16.7.0-16.7.3, 16.8.0 - Unauthenticated Authorization Bypass via Merge Request Assignment

Jan 26, 2024

CVSS 4.3

EPSS 0.00

CVE-2024-0402 CRITICAL

GitLab 16.0-16.8.1 Path Traversal & Arbitrary File Write via Workspace

Jan 26, 2024

CVSS 9.9

EPSS 0.45

CVE-2023-5600 LOW

GitLab 16.0.0-16.3.5, 16.4.0-16.4.1, 16.5.0 - Missing Authorization for Service-Desk Custom Email Template

Jun 20, 2025

CVSS 3.1

EPSS 0.00

CVE-2023-6386 MEDIUM

GitLab 15.11-16.6.6, 16.7-16.7.4, 16.8-16.8.1 - Denial of Service via Resource Exhaustion

Feb 05, 2025

CVSS 6.5

EPSS 0.03