gitlab

1,383 tracked vulnerabilities.

CVE-2023-6680 HIGH
GitLab 11.6-16.4.3, 16.5-16.5.3, 16.6-16.6.1 - Improper Certificate Validation in Smartcard Authentication
Dec 15, 2023
CVSS 7.4
EPSS 0.00
CVE-2023-6051 MEDIUM
GitLab CE/EE <16.4.4, <16.5.4, <16.6.2 - Info Disclosure
Dec 15, 2023
CVSS 5.7
EPSS 0.00
CVE-2023-5512 MEDIUM
GitLab 16.3-16.4.3, 16.5-16.5.3, 16.6-16.6.1 - File Integrity Compromise via HTML-Encoded Filenames
Dec 15, 2023
CVSS 4.8
EPSS 0.00
CVE-2023-5061 MEDIUM
GitLab <16.4.4-16.6.2 - Info Disclosure
Dec 15, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-3904 MEDIUM
GitLab EE <16.4.4-16.5.4-16.6.2 - Buffer Overflow
Dec 15, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-3511 LOW
GitLab EE <16.4.4-16.6.2 - Info Disclosure
Dec 15, 2023
CVSS 2.0
EPSS 0.00
CVE-2023-5332 MEDIUM
GitLab 9.5.0-16.2.7 - Remote Code Execution via Consul Script Check Bypass
Dec 04, 2023
CVSS 5.9
EPSS 0.00
CVE-2023-6033 HIGH
GitLab 15.10-16.4.2, 16.5-16.5.2, 16.6 - Stored Cross-Site Scripting in Jira Integration Configuration
Dec 01, 2023
CVSS 8.7
EPSS 0.01
CVE-2023-5995 MEDIUM
GitLab 16.2.0-16.4.2, 16.5.0-16.5.2, 16.6.0 - Incorrect Authorization via Policy Bot Abuse
Dec 01, 2023
CVSS 4.4
EPSS 0.00
CVE-2023-5226 MEDIUM
GitLab < 16.4.3, 16.5-16.5.2, 16.6-16.6.0 - Branch Name Validation Bypass
Dec 01, 2023
CVSS 4.8
EPSS 0.00
CVE-2023-4912 LOW
GitLab 10.5-16.4.2, 16.5-16.5.2, 16.6 - Client-Side Denial of Service via Malicious Mermaid Diagram Input
Dec 01, 2023
CVSS 2.6
EPSS 0.00
CVE-2023-4658 LOW
GitLab 8.13-16.4.2, 16.5-16.5.2, 16.6 - Incorrect Authorization via Allowed to Merge Permission
Dec 01, 2023
CVSS 3.1
EPSS 0.00
CVE-2023-4317 MEDIUM
GitLab <16.4.3-16.6.1 - Info Disclosure
Dec 01, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-3964 MEDIUM
GitLab 13.2-16.4.2, 16.5-16.5.2, 16.6 - Incorrect Authorization in Package Registry
Dec 01, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-3949 MEDIUM
GitLab <16.4.3-16.5.3-16.6.1 - Info Disclosure
Dec 01, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-3443 LOW
GitLab 12.1-16.4.2 16.5-16.5.2 16.6 - Incorrect Authorization for Emoji Addition on Confidential Work Items
Dec 01, 2023
CVSS 3.1
EPSS 0.00
CVE-2023-4379 HIGH
GitLab EE <16.2.8-16.4.1 - Info Disclosure
Nov 09, 2023
CVSS 8.1
EPSS 0.00
CVE-2023-4700 LOW
GitLab 14.7-16.3.5, 16.4-16.4.1, 16.5 - Missing Authorization for Protected Environment Job Execution
Nov 06, 2023
CVSS 3.5
EPSS 0.00
CVE-2023-5963 LOW
GitLab 13.9-16.3.6, 16.4.0-16.4.1, 16.5.0 - Denial of Service via Advanced Search Syntax Operator Chaining
Nov 06, 2023
CVSS 3.1
EPSS 0.00
CVE-2023-3909 MEDIUM
GitLab 12.3-16.3.5, 16.4-16.4.1, 16.5 - Regular Expression Denial of Service via gitlab-ci.yml Timeout Input
Nov 06, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-3399 HIGH
GitLab EE <16.3.6, <16.4.2, <16.5.1 - Info Disclosure
Nov 06, 2023
CVSS 8.5
EPSS 0.00
CVE-2023-3246 MEDIUM
GitLab < 16.3.6, 16.4-16.4.2, 16.5-16.5.1 - Denial of Service via Sidekiq Job Processor Blocking
Nov 06, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-5831 LOW
GitLab CE/EE <16.3.6, <16.4.2, <16.5.1 - Info Disclosure
Nov 06, 2023
CVSS 3.7
EPSS 0.00
CVE-2023-5825 MEDIUM
GitLab 16.2-16.3.5, 16.4-16.4.1, 16.5 - Denial of Service via CI/CD Component Path Manipulation
Nov 06, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-5106 HIGH
GitLab EE <16.2.8-16.4.1 - Privilege Escalation
Oct 02, 2023
CVSS 8.2
EPSS 0.00
Products
gitlab 1,368 GitLab 108 gitlab-shell 5 dynamic_application_security_testing_analyzer 4 runner 3 gitlab-vscode-extension 2 GitLab AI Gateway 1 dast_api_scanner 1 gitaly 1 gitlab_runner 1 language_server 1 omnibus 1
Quick Filters
Critical CVEs With Exploits In CISA KEV