gitlab
1,423 tracked vulnerabilities.
CVE-2021-39883
MEDIUM
GitLab 13.11.0-14.1.6, 14.2.0-14.2.4, 14.3.0 - Unauthorized Epic Visibility to Subgroup Members
Oct 04, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-39879
LOW
GitLab 7.11.0-14.1.7 - Missing Authentication for Two-Factor Disabling
Oct 04, 2021
CVSS 2.2
EPSS 0.00
CVE-2021-39877
HIGH
GitLab 12.2.0-14.1.6 - Uncontrolled Resource Consumption via Specially Crafted File
Oct 04, 2021
CVSS 7.7
EPSS 0.01
CVE-2021-39874
MEDIUM
GitLab CE/EE <11.0 - Info Disclosure
Oct 04, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-39873
MEDIUM
GitLab - Content Spoofing via Error Response
Oct 04, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-39871
MEDIUM
GitLab 13.0-14.1.7 - Bitbucket Server Import Restriction Bypass via Crafted API Call
Oct 04, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-39868
MEDIUM
GitLab 8.12.0-14.1.7 - Authenticated Unlimited Repository Size Assignment via Project Export
Oct 04, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-22259
MEDIUM
GitLab 12.6.0-14.1.6 - Denial of Service via Dependencies API
Oct 04, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-22239
MEDIUM
GitLab 14.0.0-14.0.7 - Unauthenticated Metadata Injection in Issue Creation
Sep 09, 2021
CVSS 5.0
EPSS 0.01
CVE-2021-22256
MEDIUM
GitLab 12.6.0-13.12.8 - Unauthenticated Issue Creation for Sentry Errors
Aug 25, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-22250
MEDIUM
GitLab CE/EE <13.3 - Info Disclosure
Aug 25, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-22247
MEDIUM
GitLab 13.0.0-13.12.9 - Incorrect Authorization for CI/CD Analytics
Aug 25, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-22245
LOW
GitLab < 13.12.9 - Denial of Service via Improper Commit Author Validation
Aug 25, 2021
CVSS 2.7
EPSS 0.01
CVE-2021-22244
LOW
GitLab 13.1.0-13.12.9 - Unauthenticated Improper Authorization in Vulnerability Report Feature
Aug 25, 2021
CVSS 3.1
EPSS 0.01
CVE-2021-22243
MEDIUM
GitLab 7.10.0-13.12.8 - Incorrect Authorization via Invite URL
Aug 25, 2021
CVSS 5.0
EPSS 0.01
CVE-2021-22242
HIGH
GitLab 11.4.0-13.12.8 - Stored Cross-Site Scripting via Mermaid Markdown
Aug 25, 2021
CVSS 8.7
EPSS 0.64
CVE-2021-22237
MEDIUM
GitLab <13.12.9, <14.0.7, <14.1.2 - Info Disclosure
Aug 25, 2021
CVSS 6.6
EPSS 0.01
CVE-2021-22236
MEDIUM
GitLab 14.1.0-14.1.1 - Incorrect Authorization via OAuth Client ID Handling
Aug 25, 2021
CVSS 5.5
EPSS 0.01
CVE-2021-22253
MEDIUM
GitLab EE 13.4.0-13.12.8 - Improper Authorization in Deployment Access Control
Aug 23, 2021
CVSS 4.9
EPSS 0.01
CVE-2021-22252
MEDIUM
GitLab CE/EE <13.7 - Info Disclosure
Aug 23, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-22251
MEDIUM
GitLab 12.2.0-13.12.8 - Incorrect Authorization via Email Domain Validation Bypass
Aug 23, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-22249
MEDIUM
GitLab 12.2.0-13.12.8 - Private Email Address Disclosure via Verbose Error Message
Aug 23, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-22248
MEDIUM
GitLab CE/EE <13.12 - Info Disclosure
Aug 23, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-22254
LOW
GitLab <14.1.2-14.0.7-13.12.9 - Privilege Escalation
Aug 20, 2021
CVSS 3.1
EPSS 0.01
CVE-2021-22246
HIGH
GitLab < 13.11.6 - Denial of Service via Webhook Feature
Aug 20, 2021
CVSS 7.7
EPSS 0.01