gitlab

1,423 tracked vulnerabilities.

CVE-2024-3092 HIGH
GitLab 16.9.0-16.9.3 and 16.10.0-16.10.1 - Stored Cross-Site Scripting in Diff Viewer
Apr 12, 2024
CVSS 8.7
EPSS 0.01
CVE-2024-2279 HIGH
GitLab CE/EE <16.8.6, <16.9.4, <16.10.2 - Stored XSS
Apr 12, 2024
CVSS 8.7
EPSS 0.01
CVE-2024-2818 MEDIUM
GitLab < 16.8.5, 16.9 < 16.9.3, 16.10 < 16.10.1 - Denial of Service via Label Description Parameter
Mar 28, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-1299 MEDIUM
GitLab <16.8.4, <16.9.2 - Privilege Escalation
Mar 07, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-0199 HIGH
GitLab 11.3-16.7.6 16.8.3-16.8.3 - Incorrect Authorization Bypass via Crafted Payload in Old Feature Branch
Mar 07, 2024
CVSS 7.7
EPSS 0.01
CVE-2024-1525 MEDIUM
GitLab CE/EE <16.7.6-16.8.3-16.9.1 - Auth Bypass
Feb 22, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-1451 HIGH
GitLab 16.9 - Stored Cross-Site Scripting via User Profile Page
Feb 22, 2024
CVSS 8.7
EPSS 0.51
CVE-2024-0861 MEDIUM
GitLab EE <16.7.6-16.9.1 - Privilege Escalation
Feb 22, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-0410 HIGH
GitLab <16.7.6-16.9.1 - Auth Bypass
Feb 22, 2024
CVSS 7.7
EPSS 0.00
CVE-2024-1250 MEDIUM
GitLab 16.8-16.8.2 - Privilege Escalation via Custom Role Group Access Token Creation
Feb 12, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-1066 MEDIUM
GitLab 13.3.0-16.6.6, 16.7.0-16.7.4, 16.8.0-16.8.1 - Resource Exhaustion via GraphQL vulnerabilitiesCountByDay
Feb 07, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-0456 MEDIUM
GitLab 14.0-16.6.5, 16.7.0-16.7.3, 16.8.0 - Unauthenticated Authorization Bypass via Merge Request Assignment
Jan 26, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-0402 CRITICAL
GitLab 16.0-16.8.1 Path Traversal & Arbitrary File Write via Workspace
Jan 26, 2024
CVSS 9.9
EPSS 0.03
CVE-2023-5600 LOW
GitLab 16.0.0-16.3.5, 16.4.0-16.4.1, 16.5.0 - Missing Authorization for Service-Desk Custom Email Template
Jun 20, 2025
CVSS 3.1
EPSS 0.00
CVE-2023-6386 MEDIUM
GitLab 15.11-16.6.6, 16.7-16.7.4, 16.8-16.8.1 - Denial of Service via Resource Exhaustion
Feb 05, 2025
CVSS 6.5
EPSS 0.01
CVE-2023-6195 LOW
GitLab CE/EE <16.9.7, <16.10.5, <16.11.2 - SSRF
Jan 31, 2025
CVSS 2.6
EPSS 0.00
CVE-2023-5117 LOW
GitLab < 17.6.0 - Unauthenticated Exposure of Sensitive Files via Direct URL Access
Dec 25, 2024
CVSS 3.7
EPSS 0.00
CVE-2023-3441 MEDIUM
GitLab EE/CE <16.4 - Info Disclosure
Oct 01, 2024
CVSS 6.6
EPSS 0.01
CVE-2023-7045 MEDIUM
GitLab 13.11-16.10.5 16.11-16.11.2 17.0 - Cross-Site Request Forgery via Kubernetes Agent Server
May 23, 2024
CVSS 5.4
EPSS 0.00
CVE-2023-6502 MEDIUM
GitLab CE/EE <16.10.6, <16.11.3, <17.0.1 - DoS
May 23, 2024
CVSS 4.3
EPSS 0.01
CVE-2023-6688 MEDIUM
GitLab 16.11.0-16.11.1 - Denial of Service via Google Chat Messages Integration
May 14, 2024
CVSS 6.5
EPSS 0.01
CVE-2023-6682 MEDIUM
GitLab 16.9-16.9.6, 16.10-16.10.4, 16.11-16.11.1 - Denial of Service via Discord Integration Chat Message Processing
May 14, 2024
CVSS 6.5
EPSS 0.01
CVE-2023-6678 MEDIUM
GitLab < 16.8.6, 16.9 < 16.9.4, 16.10 < 16.10.2 - Denial of Service via JUnit Test Report File
Apr 12, 2024
CVSS 4.3
EPSS 0.01
CVE-2023-6489 MEDIUM
GitLab CE/EE <16.8.6, <16.9.4, <16.10.2 - DoS
Apr 12, 2024
CVSS 4.3
EPSS 0.01
CVE-2023-6371 HIGH
GitLab CE/EE <16.8.5-16.9.3-16.10.1 - XSS
Mar 28, 2024
CVSS 8.7
EPSS 0.00