gitlab

1,383 tracked vulnerabilities.

CVE-2021-22242 HIGH
GitLab 11.4.0-13.12.8 - Stored Cross-Site Scripting via Mermaid Markdown
Aug 25, 2021
CVSS 8.7
EPSS 0.02
CVE-2021-22237 MEDIUM
GitLab <13.12.9, <14.0.7, <14.1.2 - Info Disclosure
Aug 25, 2021
CVSS 6.6
EPSS 0.00
CVE-2021-22236 MEDIUM
GitLab 14.1.0-14.1.1 - Incorrect Authorization via OAuth Client ID Handling
Aug 25, 2021
CVSS 5.5
EPSS 0.00
CVE-2021-22253 MEDIUM
GitLab EE 13.4.0-13.12.8 - Improper Authorization in Deployment Access Control
Aug 23, 2021
CVSS 4.9
EPSS 0.00
CVE-2021-22252 MEDIUM
GitLab CE/EE <13.7 - Info Disclosure
Aug 23, 2021
CVSS 6.5
EPSS 0.00
CVE-2021-22251 MEDIUM
GitLab 12.2.0-13.12.8 - Incorrect Authorization via Email Domain Validation Bypass
Aug 23, 2021
CVSS 4.3
EPSS 0.00
CVE-2021-22249 MEDIUM
GitLab 12.2.0-13.12.8 - Private Email Address Disclosure via Verbose Error Message
Aug 23, 2021
CVSS 4.3
EPSS 0.00
CVE-2021-22248 MEDIUM
GitLab CE/EE <13.12 - Info Disclosure
Aug 23, 2021
CVSS 5.3
EPSS 0.00
CVE-2021-22254 LOW
GitLab <14.1.2-14.0.7-13.12.9 - Privilege Escalation
Aug 20, 2021
CVSS 3.1
EPSS 0.00
CVE-2021-22246 HIGH
GitLab < 13.11.6 - Denial of Service via Webhook Feature
Aug 20, 2021
CVSS 7.7
EPSS 0.00
CVE-2021-22238 MEDIUM
GitLab 13.3.0-13.12.8 - Stored Cross-Site Scripting via Design Feature in Issues
Aug 20, 2021
CVSS 6.8
EPSS 0.01
CVE-2021-22234 CRITICAL
GitLab 13.11-13.11.6, 13.12-13.12.7, 14.0-14.0.3 - Arbitrary File Read via Design Image
Aug 05, 2021
CVSS 9.6
EPSS 0.00
CVE-2021-22241 HIGH
GitLab 14.0.0-14.0.6 - Stored Cross-Site Scripting via Default Branch Name
Aug 05, 2021
CVSS 8.7
EPSS 0.00
CVE-2021-22240 MEDIUM
GitLab 13.7.0-13.11.6 - Incorrect Authorization via Single Sign-On User Creation
Aug 05, 2021
CVSS 4.2
EPSS 0.00
CVE-2021-22233 MEDIUM
GitLab 13.10.0-13.11.6 - Unauthenticated Information Disclosure via Project Details
Jul 07, 2021
CVSS 4.3
EPSS 0.00
CVE-2021-22225 MEDIUM
GitLab 13.11.3-13.11.5 - Stored Cross-Site Scripting via Markdown
Jul 07, 2021
CVSS 4.7
EPSS 0.00
CVE-2021-22224 HIGH
GitLab 13.12.0-13.12.5 - Cross-Site Request Forgery via GraphQL API
Jul 07, 2021
CVSS 7.1
EPSS 0.00
CVE-2021-22231 LOW
GitLab 8.0.0-13.11.5 - Denial of Service via Crafted Username
Jul 07, 2021
CVSS 3.5
EPSS 0.00
CVE-2021-22230 MEDIUM
GitLab CE/EE <14.0.2 - Code Injection
Jul 07, 2021
CVSS 4.9
EPSS 0.00
CVE-2021-22227 MEDIUM
GitLab < 13.11.6 - Reflected Cross-Site Scripting
Jul 07, 2021
CVSS 6.1
EPSS 0.00
CVE-2021-22228 MEDIUM
GitLab <13.11.6, <13.12.6, <14.0.2 - Info Disclosure
Jul 06, 2021
CVSS 6.5
EPSS 0.00
CVE-2021-22223 MEDIUM
GitLab 13.9.0-13.11.5 - Cross-Site Scripting via Feature Flag Name
Jul 06, 2021
CVSS 6.1
EPSS 0.00
CVE-2021-22232 LOW
GitLab 9.5.0-13.11.5 - HTML Injection via Full Name Field
Jul 06, 2021
CVSS 3.5
EPSS 0.00
CVE-2021-22229 MEDIUM
GitLab CE/EE <12.8 - Info Disclosure
Jul 06, 2021
CVSS 5.9
EPSS 0.00
CVE-2021-22226 MEDIUM
GitLab CE/EE <13.9 - Info Disclosure
Jul 06, 2021
CVSS 6.5
EPSS 0.00
Products
gitlab 1,368 GitLab 110 gitlab-shell 5 dynamic_application_security_testing_analyzer 4 runner 3 gitlab-vscode-extension 2 GitLab AI Gateway 1 dast_api_scanner 1 gitaly 1 gitlab_runner 1 language_server 1 omnibus 1
Quick Filters
Critical CVEs With Exploits In CISA KEV