Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / gitlab

gitlab

1,383 tracked vulnerabilities.

CVE-2021-39937 MEDIUM

GitLab < 14.3.6, 14.4-14.4.4, 14.5-14.5.2 - Improper Privilege Management via Access Memoization Collision

CVE-2021-39936 LOW

GitLab 10.7-14.3.5, 14.4-14.4.3, 14.5-14.5.1 - Incorrect Authorization via Deploy Token

CVE-2021-39935 MEDIUM KEV

GitLab 10.5-14.3.5, 14.4-14.4.3, 14.5-14.5.1 - Unauthenticated Server-Side Request Forgery via CI Lint API

CVE-2021-39934 MEDIUM

GitLab 12.10-14.3.5, 14.4-14.4.3, 14.5-14.5.1 - Unauthorized Service Desk Email Address Disclosure

CVE-2021-39933 MEDIUM

GitLab 12.10-14.3.5, 14.4-14.4.3, 14.5-14.5.1 - Denial of Service via Inefficient Regular Expression

CVE-2021-39932 MEDIUM

GitLab 11.0-14.3.5, 14.4-14.4.3, 14.5-14.5.1 - Denial of Service via Diff Feature

CVE-2021-39931 LOW

GitLab CE/EE <14.3.6-14.5.2 - Info Disclosure

CVE-2021-39930 MEDIUM

GitLab EE 12.4-14.3.6 14.4.0-14.4.4 14.5.0-14.5.2 - Unauthenticated Custom Project and Group Template Access

CVE-2021-39919 MEDIUM

GitLab 14.0-14.3.5, 14.4-14.4.3, 14.5-14.5.1 - Weak Password Recovery Mechanism via Token Logging

CVE-2021-39918 LOW

GitLab 11.1.0-14.3.5, 14.4.0-14.4.3, 14.5.0-14.5.1 - Incorrect Authorization in Vulnerability Comment Feature

CVE-2021-39917 MEDIUM

GitLab 12.9-14.3.5, 14.4-14.4.3, 14.5-14.5.1 - Denial of Service via Quick Actions Regex Backtracking

CVE-2021-39916 MEDIUM

GitLab 14.1-14.3.5, 14.4-14.4.3, 14.5-14.5.1 - Authenticated External Status Check Configuration Exposure

CVE-2021-39915 MEDIUM

GitLab 13.0-14.3.5, 14.4-14.4.3, 14.5-14.5.1 - Unauthenticated Exposure of Project Access Token Names via GraphQL API

CVE-2021-39910 LOW

GitLab 12.6-14.3.5, 14.4-14.4.3, 14.5-14.5.1 - HTML Injection via Swagger UI

CVE-2021-39890 LOW

GitLab 14.1.1-14.1.6 - Two-Factor Authentication Bypass via Basic Authentication

CVE-2021-22170 MEDIUM

GitLab 11.6.0-13.5.5 - Use of a Broken or Risky Cryptographic Algorithm

CVE-2021-39913 MEDIUM

GitLab < 14.2.6, 14.3 < 14.3.4, 14.4 < 14.4.1 - Sensitive Information Disclosure in Migration Log

CVE-2021-39912 MEDIUM

GitLab 13.7.0-14.2.5 - Denial of Service via Malformed TIFF Image

CVE-2021-39911 LOW

GitLab CE/EE <14.2.6-14.4.1 - Info Disclosure

CVE-2021-39909 MEDIUM

GitLab 11.3.0-14.2.5, 14.3.0-14.3.3, 14.4.0 - CODEOWNERS Approval Bypass via Email Address Verification Lack

CVE-2021-39907 MEDIUM

GitLab 13.7.0-14.2.5 - Denial of Service via EXIF Data Processing

CVE-2021-39906 HIGH

GitLab 13.5.0-14.2.5 - Stored Cross-Site Scripting via IPYNB File Upload

CVE-2021-39905 MEDIUM

GitLab 8.9.6-14.2.5 - Information Disclosure via Public Project Group Sharing

CVE-2021-39904 MEDIUM

GitLab 13.1-14.2.5, 14.3-14.3.3, 14.4 - Improper Access Control in GraphQL API

CVE-2021-39901 LOW

GitLab CE/EE <11.10 - Info Disclosure

Previous Page 31 of 56 Next

Products

gitlab 1,368 GitLab 110 gitlab-shell 5 dynamic_application_security_testing_analyzer 4 runner 3 gitlab-vscode-extension 2 GitLab AI Gateway 1 dast_api_scanner 1 gitaly 1 gitlab_runner 1 language_server 1 omnibus 1

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy