gitlab

1,423 tracked vulnerabilities.

CVE-2024-4207 MEDIUM
GitLab 5.1-17.0.5 17.1-17.1.3 17.2-17.2.1 - Cross-Site Scripting via XML File Rendering
Aug 08, 2024
CVSS 4.4
EPSS 0.00
CVE-2024-3958 MEDIUM
GitLab < 17.0.6, 17.1 < 17.1.4, 17.2 < 17.2.2 - Code Injection via Repository Display Discrepancy
Aug 08, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-3114 MEDIUM
GitLab 11.10-17.0.5, 17.1-17.1.3, 17.2-17.2.1 - Denial of Service via Invalid Commit Parsing
Aug 08, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-3035 MEDIUM
GitLab 8.12-17.0.5, 17.1-17.1.3, 17.2-17.2.1 - Authorization Bypass via LFS Token
Aug 08, 2024
CVSS 6.8
EPSS 0.00
CVE-2024-2800 MEDIUM
GitLab 11.3.0-17.0.5, 17.1.0-17.1.3, 17.2.0-17.2.1 - Denial of Service via RefMatcher Regex Backtracking
Aug 08, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-6329 MEDIUM
GitLab CE/EE <17.0.6-17.2.2 - Info Disclosure
Aug 08, 2024
CVSS 5.7
EPSS 0.00
CVE-2024-4784 MEDIUM
GitLab EE <17.0.6-17.2.2 - Auth Bypass
Aug 08, 2024
CVSS 4.2
EPSS 0.00
CVE-2024-4210 MEDIUM
GitLab 12.6-17.0.5, 17.1-17.1.3, 17.2-17.2.1 - Denial of Service via Crafted Adoc Files
Aug 08, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-7057 MEDIUM
GitLab 16.7-17.0.4, 17.1-17.1.2, 17.2 - Information Disclosure via Job Artifacts
Jul 25, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-7047 HIGH
GitLab 16.6-17.0.4, 17.1-17.1.2, 17.2 - Cross-Site Scripting
Jul 25, 2024
CVSS 7.7
EPSS 0.00
CVE-2024-7091 MEDIUM
GitLab 15.6-17.0.4, 17.1-17.1.2, 17.2 - Unauthorized Information Disclosure via Exported Group or Project
Jul 24, 2024
CVSS 4.1
EPSS 0.00
CVE-2024-7060 LOW
GitLab 15.4-17.0.4, 17.1-17.1.2, 17.2 - Unauthorized Information Disclosure in Project/Group Exports
Jul 24, 2024
CVSS 2.6
EPSS 0.00
CVE-2024-5067 MEDIUM
GitLab 16.11-17.0.4, 17.1-17.1.2, 17.2 - Unauthorized Exposure of Project Analytics Settings
Jul 24, 2024
CVSS 4.4
EPSS 0.01
CVE-2024-0231 LOW
GitLab 12.0-17.0.4 17.1-17.1.2 17.2 - Resource Misdirection via Repository Import
Jul 24, 2024
CVSS 2.7
EPSS 0.00
CVE-2024-6595 LOW
GitLab CE/EE <16.11.6/<17.0.4/<17.1.2 - Info Disclosure
Jul 17, 2024
CVSS 3.0
EPSS 0.00
CVE-2024-6385 CRITICAL
GitLab CE/EE <16.11.6-17.1.2 - Privilege Escalation
Jul 11, 2024
CVSS 9.6
EPSS 0.06
CVE-2024-5470 LOW
GitLab 17.0-17.0.4 and 17.1-17.1.2 - Improper Access Control via Deploy Token Creation
Jul 11, 2024
CVSS 3.8
EPSS 0.00
CVE-2024-5257 MEDIUM
GitLab 17.0-17.0.4 and 17.1-17.1.2 - Improper Access Control via Group Namespace URL Modification
Jul 11, 2024
CVSS 4.9
EPSS 0.00
CVE-2024-2880 LOW
GitLab 16.5-16.11.5, 17.0-17.0.3, 17.1-17.1.1 - Improper Access Control
Jul 11, 2024
CVSS 2.7
EPSS 0.00
CVE-2024-2177 MEDIUM
GitLab 16.3-16.11.5, 17.0-17.0.3, 17.1-17.1.1 - Cross Window Forgery via OAuth Authentication Flow
Jul 09, 2024
CVSS 6.8
EPSS 0.01
CVE-2024-6323 HIGH
GitLab EE <16.11.5, <17.0.3, <17.1.1 - Info Disclosure
Jun 27, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-5655 CRITICAL
GitLab CE/EE <16.11.5-17.1.1 - Privilege Escalation
Jun 27, 2024
CVSS 9.6
EPSS 0.07
CVE-2024-5430 MEDIUM
GitLab 16.10-16.11.4, 17.0-17.0.2, 17.1 - Improper Access Control via GraphQL
Jun 27, 2024
CVSS 6.8
EPSS 0.00
CVE-2024-4901 HIGH
GitLab 16.9-16.11.4, 17.0-17.0.2, 17.1 - Stored Cross-Site Scripting via Malicious Commit Notes
Jun 27, 2024
CVSS 8.7
EPSS 0.33
CVE-2024-4557 MEDIUM
GitLab < 16.11.5, 17.0 < 17.0.3, 17.1 < 17.1.1 - Denial of Service via Banzai Pipeline
Jun 27, 2024
CVSS 6.5
EPSS 0.01