gitlab
1,423 tracked vulnerabilities.
CVE-2024-4011
LOW
GitLab CE/EE <16.11.5-17.1.1 - Info Disclosure
Jun 27, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-3959
MEDIUM
GitLab 16.7-16.11.4, 17.0-17.0.2, 17.1 - Unauthenticated Private Job Artifact Access
Jun 27, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-3115
MEDIUM
GitLab EE <16.11.5-17.1.1 - Info Disclosure
Jun 27, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-2191
MEDIUM
GitLab CE/EE <16.11.5-17.1.1 - Info Disclosure
Jun 27, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-1816
MEDIUM
GitLab 12.0-16.11.4, 17.0-17.0.2, 17.1 - Denial of Service via Crafted OpenAPI File
Jun 27, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-1493
MEDIUM
GitLab 9.2.0-16.11.4, 17.0.0-17.0.2, 17.1.0 - Denial of Service via Dependency File Link Processing
Jun 27, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-5469
LOW
GitLab 16.10.0-16.10.5 and 16.11.0-16.11.2 - Denial of Service via Crafted gRPC Requests
Jun 14, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-4201
MEDIUM
GitLab <16.10.7, <16.11, <17.0.2 - XSS
Jun 12, 2024
CVSS 4.4
EPSS 0.00
CVE-2024-1963
MEDIUM
GitLab 8.4-16.10.6, 16.11-16.11.3, 17.0-17.0.1 - Regular Expression Denial of Service via Asana Integration
Jun 12, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-1736
MEDIUM
GitLab < 16.10.7, 16.11-16.11.4, 17.0-17.0.2 - Denial of Service via CI/CD Pipeline Editor
Jun 12, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-1495
MEDIUM
GitLab 13.1-16.10.6, 16.11-16.11.3, 17.0-17.0.1 - Denial of Service via Maliciously Crafted File
Jun 12, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-5318
MEDIUM
GitLab CE/EE <16.10.6/<16.11.3/<17.0.1 - Info Disclosure
May 24, 2024
CVSS 4.0
EPSS 0.00
CVE-2024-5258
MEDIUM
GitLab 16.10-16.10.5, 16.11-16.11.2, 17.0 - Authenticated Authorization Bypass via Pipeline Naming Convention
May 23, 2024
CVSS 4.4
EPSS 0.00
CVE-2024-1947
MEDIUM
GitLab 13.2.4-16.10.5, 16.11-16.11.2, 17.0 - Denial of Service via Crafted API Calls
May 23, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-4835
HIGH
GitLab 15.11-16.10.5, 16.11-16.11.2, 17.0 - Cross-Site Scripting
May 23, 2024
CVSS 8.0
EPSS 0.01
CVE-2024-2874
MEDIUM
GitLab < 16.10.6, 16.11 < 16.11.3, 17.0 < 17.0.1 - Denial of Service via Runner Description
May 23, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-4597
MEDIUM
GitLab 16.7-16.9.6, 16.10-16.10.4, 16.11-16.11.1 - Cross-Site Request Forgery via SAML Session
May 14, 2024
CVSS 5.7
EPSS 0.00
CVE-2024-4539
MEDIUM
GitLab 15.4-16.9.6, 16.10-16.10.4, 16.11-16.11.1 - Denial of Service via API Branch and Tag Filtering
May 14, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-2651
MEDIUM
GitLab CE/EE <16.9.7-16.10.4-16.11.1 - DoS
May 14, 2024
CVSS 6.5
EPSS 0.33
CVE-2024-2454
MEDIUM
GitLab 15.11-16.9.6, 16.10-16.10.4, 16.11-16.11.1 - Denial of Service via Pins Endpoint
May 14, 2024
CVSS 6.5
EPSS 0.33
CVE-2024-4024
HIGH
GitLab CE/EE <16.9.6-16.11.1 - Auth Bypass
Apr 25, 2024
CVSS 7.3
EPSS 0.15
CVE-2024-4006
MEDIUM
GitLab CE/EE <16.9.6/<16.10.4/<16.11.1 - Info Disclosure
Apr 25, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-2829
HIGH
GitLab 12.5-16.9.5, 16.10-16.10.3, 16.11 - Denial of Service via FileFinder Wildcard Filter
Apr 25, 2024
CVSS 7.5
EPSS 0.26
CVE-2024-2434
HIGH
GitLab CE/EE <16.9.6-16.11.1 - Path Traversal
Apr 25, 2024
CVSS 8.5
EPSS 0.23
CVE-2024-1347
MEDIUM
GitLab < 16.9.6, 16.10 < 16.10.4, 16.11 < 16.11.1 - Authentication Bypass via Crafted Email Address
Apr 25, 2024
CVSS 4.3
EPSS 0.00