gitlab

1,383 tracked vulnerabilities.

CVE-2022-1162 CRITICAL NUCLEI
GitLab 14.7-14.7.6, 14.8-14.8.4, 14.9-14.9.1 - Authentication Bypass via Hardcoded OmniAuth Password
Apr 04, 2022
CVSS 9.1
EPSS 0.88
CVE-2022-1148 MEDIUM
GitLab CE/EE <14.7.7-14.9.2 - Info Disclosure
Apr 04, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-1121 MEDIUM
GitLab < 14.7.7, 14.8 < 14.8.5, 14.9 < 14.9.2 - Resource Consumption via GitLab Pages Timeout Bypass
Apr 04, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-1120 MEDIUM
GitLab < 14.7.7, 14.8 < 14.8.5, 14.9 < 14.9.2 - Sensitive Information Exposure via CI/CD Include Directive Error Message
Apr 04, 2022
CVSS 4.8
EPSS 0.00
CVE-2022-1111 LOW
GitLab CE/EE <14.9.2-14.8.5-14.0.7 - Info Disclosure
Apr 04, 2022
CVSS 2.4
EPSS 0.00
CVE-2022-1105 MEDIUM
GitLab CE/EE <14.7.7-14.9.2 - Info Disclosure
Apr 04, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-1100 MEDIUM
GitLab 13.1-14.7.6, 14.8.0-14.8.4, 14.9.0-14.9.1 - Denial of Service via Release Asset Link Update API
Apr 04, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-1099 MEDIUM
GitLab < 14.7.7, 14.8 < 14.8.5, 14.9 < 14.9.2 - Uncontrolled Resource Consumption via Runner Tag Addition
Apr 04, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-0740 LOW
GitLab CE/EE <14.7.7-14.9.2 - Auth Bypass
Apr 04, 2022
CVSS 3.1
EPSS 0.00
CVE-2022-0741 MEDIUM
GitLab 10.0.0-14.6.5 - Environment Variable Exposure via Sendmail Email Address Injection
Apr 01, 2022
CVSS 5.8
EPSS 0.00
CVE-2022-0489 LOW
GitLab 8.15.0-14.6.4 - Denial of Service via Math Feature Formula in Issue Comments
Apr 01, 2022
CVSS 3.5
EPSS 0.00
CVE-2022-0425 MEDIUM
GitLab 7.9-14.7.1 - Server-Side Request Forgery via Irker DNS Rebinding
Apr 01, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-0390 MEDIUM
Gitlab CE/EE <14.5.4-14.7.1 - Info Disclosure
Apr 01, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-0373 MEDIUM
GitLab CE/EE <14.7.1 - Info Disclosure
Apr 01, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-0751 MEDIUM
GitLab 10.0-14.6.5 - Inaccurate Display of Snippet Files with Special Characters
Mar 28, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-0738 MEDIUM
GitLab <14.6.5-14.8.2 - Info Disclosure
Mar 28, 2022
CVSS 4.2
EPSS 0.00
CVE-2022-0735 CRITICAL NUCLEI
GitLab CE/EE <14.6.5-14.8.2 - Info Disclosure
Mar 28, 2022
CVSS 10.0
EPSS 0.71
CVE-2022-0549 MEDIUM
GitLab CE/EE <14.3.6, <14.4 before 14.4.4, <14.5 before 14.5.2 - Pr...
Mar 28, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-0488 LOW
GitLab CE/EE <8.10 - Info Disclosure
Mar 28, 2022
CVSS 3.5
EPSS 0.00
CVE-2022-0427 HIGH
GitLab 14.5-14.5.4 - Cross-Site Request Forgery via Jupyter Notebook HTML Attribute
Mar 28, 2022
CVSS 7.7
EPSS 0.00
CVE-2022-0371 MEDIUM
GitLab CE/EE <14.5.4-14.6.4-14.7.1 - Info Disclosure
Mar 28, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-0344 LOW
GitLab <14.5.4-14.6.4-14.7.1 - Info Disclosure
Mar 28, 2022
CVSS 3.1
EPSS 0.00
CVE-2022-0283 MEDIUM
GitLab < 14.5.4 - Open Redirect via Jira Integration
Mar 28, 2022
CVSS 4.7
EPSS 0.00
CVE-2022-0249 LOW
GitLab 12.0-14.5.3 - Server-Side Request Forgery via Shared Address Space
Mar 28, 2022
CVSS 3.1
EPSS 0.00
CVE-2022-0136 MEDIUM
GitLab 10.5-14.5.4, 14.6-14.6.4, 14.7-14.7.1 - Server-Side Request Forgery via Project Import
Mar 28, 2022
CVSS 5.4
EPSS 0.00
Products
gitlab 1,368 GitLab 108 gitlab-shell 5 dynamic_application_security_testing_analyzer 4 runner 3 gitlab-vscode-extension 2 GitLab AI Gateway 1 dast_api_scanner 1 gitaly 1 gitlab_runner 1 language_server 1 omnibus 1
Quick Filters
Critical CVEs With Exploits In CISA KEV