gitlab

1,383 tracked vulnerabilities.

CVE-2022-2303 MEDIUM
GitLab CE/EE <15.0.5, <15.1.4, <15.2.1 - Auth Bypass
Aug 05, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-2095 MEDIUM
GitLab 13.7-15.0.4, 15.1-15.1.3, 15.2 - Authenticated Deploy Key Information Disclosure
Aug 05, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-1948 HIGH
GitLab 15.0 - Stored Cross-Site Scripting via Quick Actions Contact Details Injection
Jul 28, 2022
CVSS 8.7
EPSS 0.01
CVE-2022-1954 MEDIUM
GitLab 1.0.2-14.10.4, 15.0-15.0.3, 15.1 - Regular Expression Denial of Service via Web Server Response Headers
Jul 01, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-0167 LOW
GitLab <14.4.5-14.6.2 - Info Disclosure
Jul 01, 2022
CVSS 3.1
EPSS 0.00
CVE-2022-2270 LOW
GitLab 12.4-14.10.4, 15.0-15.0.3, 15.1 - Incorrect Default Permissions
Jul 01, 2022
CVSS 3.5
EPSS 0.00
CVE-2022-2229 HIGH
GitLab CE/EE <14.10.5-15.0.4-15.1.1 - Info Disclosure
Jul 01, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-2228 MEDIUM
GitLab EE <14.10.5, <15.0.4, <15.1.1 - Info Disclosure
Jul 01, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-1999 LOW
GitLab CE/EE <14.10.5-15.1.1 - Info Disclosure
Jul 01, 2022
CVSS 3.1
EPSS 0.00
CVE-2022-1981 LOW
GitLab EE <14.10.5, <15.0.4, <15.1.1 - Auth Bypass
Jul 01, 2022
CVSS 2.7
EPSS 0.00
CVE-2022-1963 MEDIUM
GitLab CE/EE <14.10.5-15.0.4-15.1.1 - Info Disclosure
Jul 01, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-2281 LOW
GitLab 12.5-14.10.4, 15.0-15.0.3, 15.1 - Information Disclosure via Group Milestone Release Association
Jul 01, 2022
CVSS 2.6
EPSS 0.00
CVE-2022-2250 MEDIUM
GitLab 11.1-14.10.5 15.0-15.0.4 15.1-15.1.1 - Open Redirect
Jul 01, 2022
CVSS 4.7
EPSS 0.00
CVE-2022-2244 MEDIUM
GitLab EE/CE <14.10.5, <15.0.4, <15.1.1 - Privilege Escalation
Jul 01, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-2243 MEDIUM
GitLab 14.8-14.10.4, 15.0-15.0.3, 15.1 - Authenticated Issue Enumeration in Non-Linked Sentry Projects
Jul 01, 2022
CVSS 5.0
EPSS 0.00
CVE-2022-2235 HIGH
GitLab 14.5-14.10.4, 15.0-15.0.3, 15.1 - Stored Cross-Site Scripting via ZenTao External Issue Tracker Link
Jul 01, 2022
CVSS 8.7
EPSS 0.00
CVE-2022-2230 HIGH
GitLab 14.4-14.10.4, 15.0-15.0.3, 15.1 - Stored Cross-Site Scripting in Project Settings Page
Jul 01, 2022
CVSS 8.1
EPSS 0.02
CVE-2022-2227 LOW
GitLab < 14.10.5, 15.0 < 15.0.4, 15.1 < 15.1.1 - Improper Access Control in Runner Jobs API
Jul 01, 2022
CVSS 3.1
EPSS 0.00
CVE-2022-2185 CRITICAL NUCLEI
GitLab <14.10.5-15.1.1 - Authenticated RCE
Jul 01, 2022
CVSS 9.9
EPSS 0.87
CVE-2022-1983 MEDIUM
GitLab EE <14.10.5-15.0.4-15.1.1 - Privilege Escalation
Jul 01, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-1680 CRITICAL
GitLab EE <14.9.5-15.0.1 - Privilege Escalation
Jun 06, 2022
CVSS 9.9
EPSS 0.04
CVE-2022-1944 MEDIUM
GitLab CE/EE <14.9.5-15.0.1 - Privilege Escalation
Jun 06, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-1940 HIGH
GitLab 13.11-14.9.5, 14.10-14.10.4, 15.0-15.0.1 - Stored Cross-Site Scripting via Jira Integration
Jun 06, 2022
CVSS 7.7
EPSS 0.00
CVE-2022-1936 MEDIUM
GitLab 12.0.0-14.9.4, 14.10.0-14.10.3, 15.0.0 - Incorrect Authorization via Project Deploy Token
Jun 06, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-1935 MEDIUM
GitLab EE 12.0-14.9.4, 14.10-14.10.3, 15.0 - Incorrect Authorization via Project Trigger Token Bypass
Jun 06, 2022
CVSS 6.5
EPSS 0.00
Products
gitlab 1,368 GitLab 108 gitlab-shell 5 dynamic_application_security_testing_analyzer 4 runner 3 gitlab-vscode-extension 2 GitLab AI Gateway 1 dast_api_scanner 1 gitaly 1 gitlab_runner 1 language_server 1 omnibus 1
Quick Filters
Critical CVEs With Exploits In CISA KEV