gitlab

1,383 tracked vulnerabilities.

CVE-2022-4054 MEDIUM
GitLab <15.4.6-15.5.5-15.6 - Info Disclosure
Jan 26, 2023
CVSS 5.5
EPSS 0.00
CVE-2022-3902 MEDIUM
GitLab 9.3.0-15.4.5, 15.5.0-15.5.4, 15.6.0 - Sensitive Information Exposure in Webhook Logs
Jan 26, 2023
CVSS 5.5
EPSS 0.00
CVE-2022-3820 MEDIUM
GitLab <15.4.4-15.5.2 - Auth Bypass
Jan 26, 2023
CVSS 6.5
EPSS 0.00
CVE-2022-3740 MEDIUM
GitLab 12.9-15.3.4, 15.4-15.4.3, 15.5-15.5.1 - Improper Authorization Bypass via Deploy Tokens or Keys
Jan 26, 2023
CVSS 6.5
EPSS 0.00
CVE-2022-3572 CRITICAL
GitLab CE/EE <15.3.5, <15.4 prior to 15.4.4, <15.5 prior to 15.5.2 ...
Jan 26, 2023
CVSS 9.3
EPSS 0.10
CVE-2022-3482 MEDIUM
GitLab 11.3-15.3.4, 15.4-15.4.3, 15.5-15.5.1 - Unauthenticated Release Name Exposure
Jan 26, 2023
CVSS 5.3
EPSS 0.00
CVE-2022-3478 MEDIUM
GitLab 12.8-15.4.5, 15.5-15.5.4, 15.6 - Denial of Service via Malicious NuGet Package Upload
Jan 26, 2023
CVSS 4.3
EPSS 0.00
CVE-2022-2907 MEDIUM
GitLab 12.9-15.1.5, 15.2-15.2.3, 15.3-15.3.1 - Unauthenticated Repository Content Exposure via Crafted Link
Jan 17, 2023
CVSS 5.7
EPSS 0.01
CVE-2022-2251 MEDIUM
GitLab Runner < 15.3.5, 15.4 < 15.4.4, 15.5 < 15.5.2 - OS Command Injection via Branch Name
Jan 17, 2023
CVSS 4.8
EPSS 0.02
CVE-2022-4365 MEDIUM
GitLab CE/EE <15.5.7-15.6.4-15.7.2 - Info Disclosure
Jan 12, 2023
CVSS 5.5
EPSS 0.01
CVE-2022-4342 MEDIUM
GitLab CE/EE <15.5.7/<15.6.4/<15.7.2 - Info Disclosure
Jan 12, 2023
CVSS 5.5
EPSS 0.02
CVE-2022-4167 MEDIUM
GitLab 13.11.0-15.5.6, 15.6.0-15.6.3, 15.7.0-15.7.1 - Incorrect Authorization in Group Access Token Revocation
Jan 12, 2023
CVSS 5.3
EPSS 0.00
CVE-2022-4131 MEDIUM
GitLab 10.8.0-15.5.6, 15.6.0-15.6.3, 15.7.0-15.7.1 - Denial of Service via User Agent Regex Parsing
Jan 12, 2023
CVSS 4.3
EPSS 0.00
CVE-2022-4037 MEDIUM
GitLab CE/EE <15.5.7, <15.6.4, <15.7.2 - Info Disclosure
Jan 12, 2023
CVSS 6.4
EPSS 0.00
CVE-2022-3870 MEDIUM
GitLab CE/EE <15.5.7-15.6.4-15.7.2 - Info Disclosure
Jan 12, 2023
CVSS 5.3
EPSS 0.01
CVE-2022-3613 MEDIUM
GitLab < 15.5.7, 15.6 < 15.6.4, 15.7 < 15.7.2 - Denial of Service via Prometheus Server Query
Jan 12, 2023
CVSS 5.8
EPSS 0.00
CVE-2022-3573 MEDIUM
GitLab CE/EE <15.5.7/<15.6.4/<15.7.2 - XSS
Jan 12, 2023
CVSS 5.4
EPSS 0.01
CVE-2022-3514 MEDIUM
GitLab CE/EE <15.5.7-15.6.4-15.7.2 - DoS
Jan 12, 2023
CVSS 4.3
EPSS 0.00
CVE-2022-3819 LOW
GitLab CE/EE <15.3.5-15.5.2 - Auth Bypass
Nov 10, 2022
CVSS 3.5
EPSS 0.00
CVE-2022-3818 MEDIUM
GitLab < 15.3.5, 15.4 < 15.4.4, 15.5 < 15.5.2 - Denial of Service via URL Parsing
Nov 10, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-3793 MEDIUM
GitLab CE/EE <15.3.5-15.5.2 - Info Disclosure
Nov 10, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-3726 MEDIUM
GitLab 12.6-15.3.5, 15.4-15.4.4, 15.5-15.5.2 - Server-Side Request Forgery via Swagger OpenAPI Viewer
Nov 10, 2022
CVSS 4.8
EPSS 0.00
CVE-2022-3706 LOW
GitLab CE/EE <15.3.5, <15.4.4, <15.5.2 - Privilege Escalation
Nov 10, 2022
CVSS 3.1
EPSS 0.00
CVE-2022-3413 MEDIUM
GitLab 14.5-15.3.5 15.4-15.4.4 15.5-15.5.2 - Authorization Bypass in Audit Events Display
Nov 10, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-3486 MEDIUM
GitLab 9.3-15.3.5, 15.4-15.4.4, 15.5-15.5.2 - Open Redirect
Nov 09, 2022
CVSS 4.7
EPSS 0.00
Products
gitlab 1,368 GitLab 108 gitlab-shell 5 dynamic_application_security_testing_analyzer 4 runner 3 gitlab-vscode-extension 2 GitLab AI Gateway 1 dast_api_scanner 1 gitaly 1 gitlab_runner 1 language_server 1 omnibus 1
Quick Filters
Critical CVEs With Exploits In CISA KEV