gitlab
1,423 tracked vulnerabilities.
CVE-2021-22238
MEDIUM
GitLab 13.3.0-13.12.8 - Stored Cross-Site Scripting via Design Feature in Issues
Aug 20, 2021
CVSS 6.8
EPSS 0.72
CVE-2021-22234
CRITICAL
GitLab 13.11-13.11.6, 13.12-13.12.7, 14.0-14.0.3 - Arbitrary File Read via Design Image
Aug 05, 2021
CVSS 9.6
EPSS 0.01
CVE-2021-22241
HIGH
GitLab 14.0.0-14.0.6 - Stored Cross-Site Scripting via Default Branch Name
Aug 05, 2021
CVSS 8.7
EPSS 0.01
CVE-2021-22240
MEDIUM
GitLab 13.7.0-13.11.6 - Incorrect Authorization via Single Sign-On User Creation
Aug 05, 2021
CVSS 4.2
EPSS 0.01
CVE-2021-22233
MEDIUM
GitLab 13.10.0-13.11.6 - Unauthenticated Information Disclosure via Project Details
Jul 07, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-22225
MEDIUM
GitLab 13.11.3-13.11.5 - Stored Cross-Site Scripting via Markdown
Jul 07, 2021
CVSS 4.7
EPSS 0.01
CVE-2021-22224
HIGH
GitLab 13.12.0-13.12.5 - Cross-Site Request Forgery via GraphQL API
Jul 07, 2021
CVSS 7.1
EPSS 0.01
CVE-2021-22231
LOW
GitLab 8.0.0-13.11.5 - Denial of Service via Crafted Username
Jul 07, 2021
CVSS 3.5
EPSS 0.01
CVE-2021-22230
MEDIUM
GitLab CE/EE <14.0.2 - Code Injection
Jul 07, 2021
CVSS 4.9
EPSS 0.01
CVE-2021-22227
MEDIUM
GitLab < 13.11.6 - Reflected Cross-Site Scripting
Jul 07, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-22228
MEDIUM
GitLab <13.11.6, <13.12.6, <14.0.2 - Info Disclosure
Jul 06, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-22223
MEDIUM
GitLab 13.9.0-13.11.5 - Cross-Site Scripting via Feature Flag Name
Jul 06, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-22232
LOW
GitLab 9.5.0-13.11.5 - HTML Injection via Full Name Field
Jul 06, 2021
CVSS 3.5
EPSS 0.01
CVE-2021-22229
MEDIUM
GitLab CE/EE <12.8 - Info Disclosure
Jul 06, 2021
CVSS 5.9
EPSS 0.01
CVE-2021-22226
MEDIUM
GitLab CE/EE <13.9 - Info Disclosure
Jul 06, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-32823
LOW
bindata < 2.4.10 - Denial of Service via Slow Bit Class Creation
Jun 24, 2021
CVSS 3.7
EPSS 0.02
CVE-2021-22181
HIGH
GitLab 11.8.0-13.10.4 - Denial of Service via Recursive Pipeline Relationship
Jun 11, 2021
CVSS 7.7
EPSS 0.01
CVE-2021-22175
MEDIUM
KEVNUCLEI
GitLab 10.5.0-13.6.6 - Unauthenticated Server-Side Request Forgery via Webhook Internal Network Requests
Jun 11, 2021
CVSS 6.8
EPSS 0.53
CVE-2021-22220
MEDIUM
GitLab 13.10-13.10.5 - Stored Cross-Site Scripting in Blob Viewer of Notebooks
Jun 08, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-22216
MEDIUM
GitLab < 13.10.5 - Denial of Service via Long Issue or Merge Request Description
Jun 08, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-22221
MEDIUM
GitLab 12.9.0-13.10.4, 13.11.0-13.11.4, 13.12.0-13.12.1 - Insufficient Session Expiration
Jun 08, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-22219
MEDIUM
GitLab 9.5.0-13.10.4 13.11.0-13.11.4 13.12.0-13.12.1 - Sensitive Information Exposure in Log Files
Jun 08, 2021
CVSS 4.4
EPSS 0.01
CVE-2021-22217
MEDIUM
GitLab < 13.10.5 - Denial of Service via Specially Crafted Issue or Merge Request
Jun 08, 2021
CVSS 6.5
EPSS 0.02
CVE-2021-22213
HIGH
GitLab 7.10.0-13.10.4 - Cross-Site Leak via OAuth Flow
Jun 08, 2021
CVSS 8.8
EPSS 0.02
CVE-2021-22218
LOW
GitLab 12.8-13.10.4, 13.11-13.11.4, 13.12-13.12.1 - Improper Certificate Validation
Jun 08, 2021
CVSS 2.6
EPSS 0.00