gitlab
1,423 tracked vulnerabilities.
CVE-2022-2428
MEDIUM
GitLab < 15.1.6, 15.2-15.2.4, 15.3-15.3.2 - Server-Side Request Forgery via Jupyter Notebook Viewer
Oct 17, 2022
CVSS 6.4
EPSS 0.01
CVE-2022-2539
MEDIUM
GitLab CE/EE <15.0.5-15.2.1 - Info Disclosure
Aug 05, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-2534
LOW
GitLab CE/EE <15.0.5-15.2.1 - Info Disclosure
Aug 05, 2022
CVSS 2.2
EPSS 0.01
CVE-2022-2531
MEDIUM
GitLab EE <15.0.5-15.2.1 - Path Traversal
Aug 05, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-2512
MEDIUM
GitLab CE/EE <15.0.5-15.2.1 - Info Disclosure
Aug 05, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-2501
MEDIUM
GitLab EE <15.0.5-15.2.1 - Auth Bypass
Aug 05, 2022
CVSS 5.9
EPSS 0.01
CVE-2022-2500
MEDIUM
GitLab < 15.0.5, 15.1 < 15.1.4, 15.2 < 15.2.1 - Stored Cross-Site Scripting in Job Error Messages
Aug 05, 2022
CVSS 4.4
EPSS 0.01
CVE-2022-2499
LOW
GitLab 13.10.0-15.0.4, 15.1.0-15.1.3, 15.2.0 - Authorization Bypass via Jira Integration
Aug 05, 2022
CVSS 3.5
EPSS 0.01
CVE-2022-2498
MEDIUM
GitLab 12.8-15.0.4, 15.1-15.1.3, 15.2 - Improper Privilege Management in Pipeline Subscriptions
Aug 05, 2022
CVSS 6.4
EPSS 0.01
CVE-2022-2497
HIGH
GitLab CE/EE <15.0.5, <15.1.4, <15.2.1 - Info Disclosure
Aug 05, 2022
CVSS 8.5
EPSS 0.01
CVE-2022-2459
LOW
GitLab < 15.0.5, 15.1 < 15.1.4, 15.2 < 15.2.1 - Missing Authorization for Email Invited Members
Aug 05, 2022
CVSS 2.7
EPSS 0.01
CVE-2022-2456
MEDIUM
GitLab CE/EE <15.0.5, <15.1.4, <15.2.1 - Info Disclosure
Aug 05, 2022
CVSS 4.9
EPSS 0.01
CVE-2022-2417
MEDIUM
GitLab 12.10-15.0.4, 15.1-15.1.3, 15.2-15.2.0 - Authenticated Supply Chain Attack via Branch Name Spoofing
Aug 05, 2022
CVSS 6.2
EPSS 0.01
CVE-2022-2326
MEDIUM
GitLab CE/EE <15.0.5, <15.1.4, <15.2.1 - Info Disclosure
Aug 05, 2022
CVSS 6.4
EPSS 0.01
CVE-2022-2307
LOW
GitLab CE/EE <15.0.5-15.2.1 - Info Disclosure
Aug 05, 2022
CVSS 3.5
EPSS 0.00
CVE-2022-2303
MEDIUM
GitLab CE/EE <15.0.5, <15.1.4, <15.2.1 - Auth Bypass
Aug 05, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-2095
MEDIUM
GitLab 13.7-15.0.4, 15.1-15.1.3, 15.2 - Authenticated Deploy Key Information Disclosure
Aug 05, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-1948
HIGH
GitLab 15.0 - Stored Cross-Site Scripting via Quick Actions Contact Details Injection
Jul 28, 2022
CVSS 8.7
EPSS 0.01
CVE-2022-1954
MEDIUM
GitLab 1.0.2-14.10.4, 15.0-15.0.3, 15.1 - Regular Expression Denial of Service via Web Server Response Headers
Jul 01, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-0167
LOW
GitLab <14.4.5-14.6.2 - Info Disclosure
Jul 01, 2022
CVSS 3.1
EPSS 0.01
CVE-2022-2270
LOW
GitLab 12.4-14.10.4, 15.0-15.0.3, 15.1 - Incorrect Default Permissions
Jul 01, 2022
CVSS 3.5
EPSS 0.01
CVE-2022-2229
HIGH
GitLab CE/EE <14.10.5-15.0.4-15.1.1 - Info Disclosure
Jul 01, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-2228
MEDIUM
GitLab EE <14.10.5, <15.0.4, <15.1.1 - Info Disclosure
Jul 01, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-1999
LOW
GitLab CE/EE <14.10.5-15.1.1 - Info Disclosure
Jul 01, 2022
CVSS 3.1
EPSS 0.01
CVE-2022-1981
LOW
GitLab EE <14.10.5, <15.0.4, <15.1.1 - Auth Bypass
Jul 01, 2022
CVSS 2.7
EPSS 0.01