gitlab

1,383 tracked vulnerabilities.

CVE-2022-0123 MEDIUM
GitLab <14.4.5, 14.5.0-14.5.3, 14.6.0-14.6.1 - Info Disclosure
Mar 28, 2022
CVSS 5.9
EPSS 0.00
CVE-2022-0244 HIGH
GitLab CE/EE <14.5 - Info Disclosure
Jan 18, 2022
CVSS 8.6
EPSS 0.00
CVE-2022-0172 MEDIUM
GitLab CE/EE <12.3 - Info Disclosure
Jan 18, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-0154 HIGH
GitLab <14.4.5, <14.5.3, <14.6.2 - CSRF
Jan 18, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-0152 MEDIUM
GitLab <14.4.5-14.6.2 - Info Disclosure
Jan 18, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-0151 MEDIUM
GitLab 12.10-14.4.4, 14.5.0-14.5.2, 14.6.0-14.6.1 - Denial of Service via Package Deletion Request
Jan 18, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-0125 MEDIUM
GitLab <14.4.5-14.6.2 - Privilege Escalation
Jan 18, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-0124 MEDIUM
GitLab <14.4.5, 14.5.0-14.5.3, 14.6.0-14.6.1 - Open Redirect
Jan 18, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-0093 LOW
GitLab <14.4.5, 14.5.0-14.5.3, 14.6.0-14.6.1 - Info Disclosure
Jan 18, 2022
CVSS 3.5
EPSS 0.00
CVE-2022-0090 MEDIUM
GitLab <14.4.5, 14.5.0-14.5.3, 14.6.0-14.6.1 - Improper Privilege Management via Git Sub-Command Replacement References
Jan 18, 2022
CVSS 6.5
EPSS 0.00
CVE-2021-39947 MEDIUM
GitLab Runner <14.5.2 - Buffer Overflow
Jun 06, 2022
CVSS 5.3
EPSS 0.00
CVE-2021-39908 MEDIUM
GitLab 0.8.0-14.2.5, 14.3.0-14.3.3, 14.4.0 - Code Injection via Unicode Character Obfuscation
Apr 01, 2022
CVSS 6.5
EPSS 0.00
CVE-2021-4191 MEDIUM NUCLEI
GitLab GraphQL API User Enumeration
Mar 28, 2022
CVSS 5.3
EPSS 0.92
CVE-2021-39876 MEDIUM
GitLab 11.3-14.1.7 - Unauthenticated Information Disclosure via Assignee Auto-Complete Endpoint
Mar 28, 2022
CVSS 4.3
EPSS 0.00
CVE-2021-39943 MEDIUM
GitLab 14.1.0-14.3.5, 14.4.0-14.4.3, 14.5.0-14.5.1 - Incorrect Authorization in External Status Check API
Feb 09, 2022
CVSS 4.3
EPSS 0.00
CVE-2021-39946 HIGH
GitLab 14.3-14.3.6, 14.4-14.4.4, 14.5-14.5.2 - Cross-Site Scripting via Emoji HTML Generation
Jan 18, 2022
CVSS 8.7
EPSS 0.00
CVE-2021-39942 MEDIUM
GitLab 12.0-14.3.5, 14.4-14.4.3, 14.5-14.5.1 - Denial of Service via NPM Package Repository File Size Limit Bypass
Jan 18, 2022
CVSS 4.3
EPSS 0.00
CVE-2021-39927 LOW
GitLab 8.4-14.4.4, 14.5.0-14.5.2, 14.6.0-14.6.1 - Server-Side Request Forgery via Localhost Port 80/443
Jan 18, 2022
CVSS 3.5
EPSS 0.00
CVE-2021-39892 MEDIUM
GitLab CE/EE <12.0 - Info Disclosure
Jan 18, 2022
CVSS 4.3
EPSS 0.00
CVE-2021-39945 LOW
GitLab 9.4.0-14.3.5, 14.4.0-14.4.3, 14.5.0-14.5.1 - Incorrect Authorization in Merge Request Approval
Dec 13, 2021
CVSS 2.7
EPSS 0.00
CVE-2021-39944 HIGH
GitLab 11.0-14.3.5, 14.4-14.4.3, 14.5-14.5.1 - Privilege Escalation via Project Import
Dec 13, 2021
CVSS 7.1
EPSS 0.00
CVE-2021-39941 LOW
GitLab 12.0-14.3.6, 14.4-14.4.4, 14.5-14.5.2 - Unauthenticated Exposure of Sensitive Information via Default Branch Name
Dec 13, 2021
CVSS 3.7
EPSS 0.00
CVE-2021-39940 MEDIUM
GitLab 13.2-14.3.5, 14.4-14.4.3, 14.5-14.5.1 - Regular Expression Denial of Service in Maven Package Registry
Dec 13, 2021
CVSS 4.3
EPSS 0.00
CVE-2021-39939 MEDIUM
GitLab Runner 13.7-14.3.5, 14.4-14.4.3, 14.5-14.5.1 - Uncontrolled Resource Consumption via Crafted Docker Image
Dec 13, 2021
CVSS 6.5
EPSS 0.00
CVE-2021-39938 LOW
GitLab 8.15.0-14.3.5, 14.4.0-14.4.3, 14.5.0-14.5.1 - Denial of Service via Deploy Slash Command Regex
Dec 13, 2021
CVSS 3.1
EPSS 0.00
Products
gitlab 1,368 GitLab 110 gitlab-shell 5 dynamic_application_security_testing_analyzer 4 runner 3 gitlab-vscode-extension 2 GitLab AI Gateway 1 dast_api_scanner 1 gitaly 1 gitlab_runner 1 language_server 1 omnibus 1
Quick Filters
Critical CVEs With Exploits In CISA KEV