gitlab
1,423 tracked vulnerabilities.
CVE-2024-4207
MEDIUM
GitLab 5.1-17.0.5 17.1-17.1.3 17.2-17.2.1 - Cross-Site Scripting via XML File Rendering
Aug 08, 2024
CVSS 4.4
EPSS 0.00
CVE-2024-3958
MEDIUM
GitLab < 17.0.6, 17.1 < 17.1.4, 17.2 < 17.2.2 - Code Injection via Repository Display Discrepancy
Aug 08, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-3114
MEDIUM
GitLab 11.10-17.0.5, 17.1-17.1.3, 17.2-17.2.1 - Denial of Service via Invalid Commit Parsing
Aug 08, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-3035
MEDIUM
GitLab 8.12-17.0.5, 17.1-17.1.3, 17.2-17.2.1 - Authorization Bypass via LFS Token
Aug 08, 2024
CVSS 6.8
EPSS 0.00
CVE-2024-2800
MEDIUM
GitLab 11.3.0-17.0.5, 17.1.0-17.1.3, 17.2.0-17.2.1 - Denial of Service via RefMatcher Regex Backtracking
Aug 08, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-6329
MEDIUM
GitLab CE/EE <17.0.6-17.2.2 - Info Disclosure
Aug 08, 2024
CVSS 5.7
EPSS 0.00
CVE-2024-4784
MEDIUM
GitLab EE <17.0.6-17.2.2 - Auth Bypass
Aug 08, 2024
CVSS 4.2
EPSS 0.00
CVE-2024-4210
MEDIUM
GitLab 12.6-17.0.5, 17.1-17.1.3, 17.2-17.2.1 - Denial of Service via Crafted Adoc Files
Aug 08, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-7057
MEDIUM
GitLab 16.7-17.0.4, 17.1-17.1.2, 17.2 - Information Disclosure via Job Artifacts
Jul 25, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-7047
HIGH
GitLab 16.6-17.0.4, 17.1-17.1.2, 17.2 - Cross-Site Scripting
Jul 25, 2024
CVSS 7.7
EPSS 0.00
CVE-2024-7091
MEDIUM
GitLab 15.6-17.0.4, 17.1-17.1.2, 17.2 - Unauthorized Information Disclosure via Exported Group or Project
Jul 24, 2024
CVSS 4.1
EPSS 0.00
CVE-2024-7060
LOW
GitLab 15.4-17.0.4, 17.1-17.1.2, 17.2 - Unauthorized Information Disclosure in Project/Group Exports
Jul 24, 2024
CVSS 2.6
EPSS 0.00
CVE-2024-5067
MEDIUM
GitLab 16.11-17.0.4, 17.1-17.1.2, 17.2 - Unauthorized Exposure of Project Analytics Settings
Jul 24, 2024
CVSS 4.4
EPSS 0.01
CVE-2024-0231
LOW
GitLab 12.0-17.0.4 17.1-17.1.2 17.2 - Resource Misdirection via Repository Import
Jul 24, 2024
CVSS 2.7
EPSS 0.00
CVE-2024-6595
LOW
GitLab CE/EE <16.11.6/<17.0.4/<17.1.2 - Info Disclosure
Jul 17, 2024
CVSS 3.0
EPSS 0.00
CVE-2024-6385
CRITICAL
GitLab CE/EE <16.11.6-17.1.2 - Privilege Escalation
Jul 11, 2024
CVSS 9.6
EPSS 0.06
CVE-2024-5470
LOW
GitLab 17.0-17.0.4 and 17.1-17.1.2 - Improper Access Control via Deploy Token Creation
Jul 11, 2024
CVSS 3.8
EPSS 0.00
CVE-2024-5257
MEDIUM
GitLab 17.0-17.0.4 and 17.1-17.1.2 - Improper Access Control via Group Namespace URL Modification
Jul 11, 2024
CVSS 4.9
EPSS 0.00
CVE-2024-2880
LOW
GitLab 16.5-16.11.5, 17.0-17.0.3, 17.1-17.1.1 - Improper Access Control
Jul 11, 2024
CVSS 2.7
EPSS 0.00
CVE-2024-2177
MEDIUM
GitLab 16.3-16.11.5, 17.0-17.0.3, 17.1-17.1.1 - Cross Window Forgery via OAuth Authentication Flow
Jul 09, 2024
CVSS 6.8
EPSS 0.01
CVE-2024-6323
HIGH
GitLab EE <16.11.5, <17.0.3, <17.1.1 - Info Disclosure
Jun 27, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-5655
CRITICAL
GitLab CE/EE <16.11.5-17.1.1 - Privilege Escalation
Jun 27, 2024
CVSS 9.6
EPSS 0.07
CVE-2024-5430
MEDIUM
GitLab 16.10-16.11.4, 17.0-17.0.2, 17.1 - Improper Access Control via GraphQL
Jun 27, 2024
CVSS 6.8
EPSS 0.00
CVE-2024-4901
HIGH
GitLab 16.9-16.11.4, 17.0-17.0.2, 17.1 - Stored Cross-Site Scripting via Malicious Commit Notes
Jun 27, 2024
CVSS 8.7
EPSS 0.33
CVE-2024-4557
MEDIUM
GitLab < 16.11.5, 17.0 < 17.0.3, 17.1 < 17.1.1 - Denial of Service via Banzai Pipeline
Jun 27, 2024
CVSS 6.5
EPSS 0.01