gitlab

1,423 tracked vulnerabilities.

CVE-2021-39947 MEDIUM
GitLab Runner <14.5.2 - Buffer Overflow
Jun 06, 2022
CVSS 5.3
EPSS 0.01
CVE-2021-39908 MEDIUM
GitLab 0.8.0-14.2.5, 14.3.0-14.3.3, 14.4.0 - Code Injection via Unicode Character Obfuscation
Apr 01, 2022
CVSS 6.5
EPSS 0.01
CVE-2021-4191 MEDIUM NUCLEI
GitLab GraphQL API User Enumeration
Mar 28, 2022
CVSS 5.3
EPSS 0.80
CVE-2021-39876 MEDIUM
GitLab 11.3-14.1.7 - Unauthenticated Information Disclosure via Assignee Auto-Complete Endpoint
Mar 28, 2022
CVSS 4.3
EPSS 0.01
CVE-2021-39943 MEDIUM
GitLab 14.1.0-14.3.5, 14.4.0-14.4.3, 14.5.0-14.5.1 - Incorrect Authorization in External Status Check API
Feb 09, 2022
CVSS 4.3
EPSS 0.01
CVE-2021-39946 HIGH
GitLab 14.3-14.3.6, 14.4-14.4.4, 14.5-14.5.2 - Cross-Site Scripting via Emoji HTML Generation
Jan 18, 2022
CVSS 8.7
EPSS 0.01
CVE-2021-39942 MEDIUM
GitLab 12.0-14.3.5, 14.4-14.4.3, 14.5-14.5.1 - Denial of Service via NPM Package Repository File Size Limit Bypass
Jan 18, 2022
CVSS 4.3
EPSS 0.01
CVE-2021-39927 LOW
GitLab 8.4-14.4.4, 14.5.0-14.5.2, 14.6.0-14.6.1 - Server-Side Request Forgery via Localhost Port 80/443
Jan 18, 2022
CVSS 3.5
EPSS 0.01
CVE-2021-39892 MEDIUM
GitLab CE/EE <12.0 - Info Disclosure
Jan 18, 2022
CVSS 4.3
EPSS 0.01
CVE-2021-39945 LOW
GitLab 9.4.0-14.3.5, 14.4.0-14.4.3, 14.5.0-14.5.1 - Incorrect Authorization in Merge Request Approval
Dec 13, 2021
CVSS 2.7
EPSS 0.01
CVE-2021-39944 HIGH
GitLab 11.0-14.3.5, 14.4-14.4.3, 14.5-14.5.1 - Privilege Escalation via Project Import
Dec 13, 2021
CVSS 7.1
EPSS 0.01
CVE-2021-39941 LOW
GitLab 12.0-14.3.6, 14.4-14.4.4, 14.5-14.5.2 - Unauthenticated Exposure of Sensitive Information via Default Branch Name
Dec 13, 2021
CVSS 3.7
EPSS 0.01
CVE-2021-39940 MEDIUM
GitLab 13.2-14.3.5, 14.4-14.4.3, 14.5-14.5.1 - Regular Expression Denial of Service in Maven Package Registry
Dec 13, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-39939 MEDIUM
GitLab Runner 13.7-14.3.5, 14.4-14.4.3, 14.5-14.5.1 - Uncontrolled Resource Consumption via Crafted Docker Image
Dec 13, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-39938 LOW
GitLab 8.15.0-14.3.5, 14.4.0-14.4.3, 14.5.0-14.5.1 - Denial of Service via Deploy Slash Command Regex
Dec 13, 2021
CVSS 3.1
EPSS 0.01
CVE-2021-39937 MEDIUM
GitLab < 14.3.6, 14.4-14.4.4, 14.5-14.5.2 - Improper Privilege Management via Access Memoization Collision
Dec 13, 2021
CVSS 5.9
EPSS 0.01
CVE-2021-39936 LOW
GitLab 10.7-14.3.5, 14.4-14.4.3, 14.5-14.5.1 - Incorrect Authorization via Deploy Token
Dec 13, 2021
CVSS 3.5
EPSS 0.01
CVE-2021-39935 MEDIUM KEV
GitLab 10.5-14.3.5, 14.4-14.4.3, 14.5-14.5.1 - Unauthenticated Server-Side Request Forgery via CI Lint API
Dec 13, 2021
CVSS 6.8
EPSS 0.36
CVE-2021-39934 MEDIUM
GitLab 12.10-14.3.5, 14.4-14.4.3, 14.5-14.5.1 - Unauthorized Service Desk Email Address Disclosure
Dec 13, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-39933 MEDIUM
GitLab 12.10-14.3.5, 14.4-14.4.3, 14.5-14.5.1 - Denial of Service via Inefficient Regular Expression
Dec 13, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-39932 MEDIUM
GitLab 11.0-14.3.5, 14.4-14.4.3, 14.5-14.5.1 - Denial of Service via Diff Feature
Dec 13, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-39931 LOW
GitLab CE/EE <14.3.6-14.5.2 - Info Disclosure
Dec 13, 2021
CVSS 3.1
EPSS 0.01
CVE-2021-39930 MEDIUM
GitLab EE 12.4-14.3.6 14.4.0-14.4.4 14.5.0-14.5.2 - Unauthenticated Custom Project and Group Template Access
Dec 13, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-39919 MEDIUM
GitLab 14.0-14.3.5, 14.4-14.4.3, 14.5-14.5.1 - Weak Password Recovery Mechanism via Token Logging
Dec 13, 2021
CVSS 4.4
EPSS 0.00
CVE-2021-39918 LOW
GitLab 11.1.0-14.3.5, 14.4.0-14.4.3, 14.5.0-14.5.1 - Incorrect Authorization in Vulnerability Comment Feature
Dec 13, 2021
CVSS 3.1
EPSS 0.01