gitlab
1,423 tracked vulnerabilities.
CVE-2021-39917
MEDIUM
GitLab 12.9-14.3.5, 14.4-14.4.3, 14.5-14.5.1 - Denial of Service via Quick Actions Regex Backtracking
Dec 13, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-39916
MEDIUM
GitLab 14.1-14.3.5, 14.4-14.4.3, 14.5-14.5.1 - Authenticated External Status Check Configuration Exposure
Dec 13, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-39915
MEDIUM
GitLab 13.0-14.3.5, 14.4-14.4.3, 14.5-14.5.1 - Unauthenticated Exposure of Project Access Token Names via GraphQL API
Dec 13, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-39910
LOW
GitLab 12.6-14.3.5, 14.4-14.4.3, 14.5-14.5.1 - HTML Injection via Swagger UI
Dec 13, 2021
CVSS 2.6
EPSS 0.01
CVE-2021-39890
LOW
GitLab 14.1.1-14.1.6 - Two-Factor Authentication Bypass via Basic Authentication
Dec 06, 2021
CVSS 3.1
EPSS 0.01
CVE-2021-22170
MEDIUM
GitLab 11.6.0-13.5.5 - Use of a Broken or Risky Cryptographic Algorithm
Dec 06, 2021
CVSS 6.2
EPSS 0.01
CVE-2021-39913
MEDIUM
GitLab < 14.2.6, 14.3 < 14.3.4, 14.4 < 14.4.1 - Sensitive Information Disclosure in Migration Log
Nov 05, 2021
CVSS 4.4
EPSS 0.00
CVE-2021-39912
MEDIUM
GitLab 13.7.0-14.2.5 - Denial of Service via Malformed TIFF Image
Nov 05, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-39911
LOW
GitLab CE/EE <14.2.6-14.4.1 - Info Disclosure
Nov 05, 2021
CVSS 1.7
EPSS 0.01
CVE-2021-39909
MEDIUM
GitLab 11.3.0-14.2.5, 14.3.0-14.3.3, 14.4.0 - CODEOWNERS Approval Bypass via Email Address Verification Lack
Nov 05, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-39907
MEDIUM
GitLab 13.7.0-14.2.5 - Denial of Service via EXIF Data Processing
Nov 05, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-39906
HIGH
GitLab 13.5.0-14.2.5 - Stored Cross-Site Scripting via IPYNB File Upload
Nov 05, 2021
CVSS 8.7
EPSS 0.61
CVE-2021-39905
MEDIUM
GitLab 8.9.6-14.2.5 - Information Disclosure via Public Project Group Sharing
Nov 05, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-39904
MEDIUM
GitLab 13.1-14.2.5, 14.3-14.3.3, 14.4 - Improper Access Control in GraphQL API
Nov 05, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-39901
LOW
GitLab CE/EE <11.10 - Info Disclosure
Nov 05, 2021
CVSS 2.7
EPSS 0.01
CVE-2021-39898
LOW
GitLab 10.6.0-14.1.6 - Exposure of Sensitive Information via Project Export
Nov 05, 2021
CVSS 3.7
EPSS 0.01
CVE-2021-39897
LOW
GitLab CE/EE >=10.5 - Info Disclosure
Nov 05, 2021
CVSS 2.6
EPSS 0.01
CVE-2021-39895
MEDIUM
GitLab 8.0.0-14.1.7 - Information Disclosure via Imported Pipeline Schedules
Nov 05, 2021
CVSS 6.0
EPSS 0.01
CVE-2021-22260
HIGH
GitLab 13.7-14.0.8, 14.1-14.1.3, 14.2-14.2.1 - Stored Cross-Site Scripting in DataDog Integration
Nov 05, 2021
CVSS 7.7
EPSS 0.01
CVE-2021-39914
LOW
GitLab 8.13-14.2.5 14.3.0-14.3.3 14.4.0 - Regular Expression Denial of Service via Username Provisioning
Nov 04, 2021
CVSS 3.1
EPSS 0.01
CVE-2021-39903
MEDIUM
GitLab CE/EE <13.0 - Privilege Escalation
Nov 04, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-39902
MEDIUM
GitLab 13.4-14.2.6 - Incorrect Authorization in Incident Severity Modification
Nov 04, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-22263
MEDIUM
GitLab 13.0-14.0.8, 14.1-14.1.3, 14.2-14.2.1 - Privilege Escalation via Project Token Abuse
Oct 11, 2021
CVSS 5.5
EPSS 0.01
CVE-2021-39880
MEDIUM
GitLab 11.9-13.12, 14.0-14.0.8, 14.1-14.1.3, 14.2-14.2.1 - Denial of Service via Apollo Upload Server Middleware
Oct 05, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-39891
MEDIUM
GitLab CE/EE >=8.0 - Info Disclosure
Oct 05, 2021
CVSS 5.9
EPSS 0.01