gitlab

1,423 tracked vulnerabilities.

CVE-2021-22238 MEDIUM
GitLab 13.3.0-13.12.8 - Stored Cross-Site Scripting via Design Feature in Issues
Aug 20, 2021
CVSS 6.8
EPSS 0.72
CVE-2021-22234 CRITICAL
GitLab 13.11-13.11.6, 13.12-13.12.7, 14.0-14.0.3 - Arbitrary File Read via Design Image
Aug 05, 2021
CVSS 9.6
EPSS 0.01
CVE-2021-22241 HIGH
GitLab 14.0.0-14.0.6 - Stored Cross-Site Scripting via Default Branch Name
Aug 05, 2021
CVSS 8.7
EPSS 0.01
CVE-2021-22240 MEDIUM
GitLab 13.7.0-13.11.6 - Incorrect Authorization via Single Sign-On User Creation
Aug 05, 2021
CVSS 4.2
EPSS 0.01
CVE-2021-22233 MEDIUM
GitLab 13.10.0-13.11.6 - Unauthenticated Information Disclosure via Project Details
Jul 07, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-22225 MEDIUM
GitLab 13.11.3-13.11.5 - Stored Cross-Site Scripting via Markdown
Jul 07, 2021
CVSS 4.7
EPSS 0.01
CVE-2021-22224 HIGH
GitLab 13.12.0-13.12.5 - Cross-Site Request Forgery via GraphQL API
Jul 07, 2021
CVSS 7.1
EPSS 0.01
CVE-2021-22231 LOW
GitLab 8.0.0-13.11.5 - Denial of Service via Crafted Username
Jul 07, 2021
CVSS 3.5
EPSS 0.01
CVE-2021-22230 MEDIUM
GitLab CE/EE <14.0.2 - Code Injection
Jul 07, 2021
CVSS 4.9
EPSS 0.01
CVE-2021-22227 MEDIUM
GitLab < 13.11.6 - Reflected Cross-Site Scripting
Jul 07, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-22228 MEDIUM
GitLab <13.11.6, <13.12.6, <14.0.2 - Info Disclosure
Jul 06, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-22223 MEDIUM
GitLab 13.9.0-13.11.5 - Cross-Site Scripting via Feature Flag Name
Jul 06, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-22232 LOW
GitLab 9.5.0-13.11.5 - HTML Injection via Full Name Field
Jul 06, 2021
CVSS 3.5
EPSS 0.01
CVE-2021-22229 MEDIUM
GitLab CE/EE <12.8 - Info Disclosure
Jul 06, 2021
CVSS 5.9
EPSS 0.01
CVE-2021-22226 MEDIUM
GitLab CE/EE <13.9 - Info Disclosure
Jul 06, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-32823 LOW
bindata < 2.4.10 - Denial of Service via Slow Bit Class Creation
Jun 24, 2021
CVSS 3.7
EPSS 0.02
CVE-2021-22181 HIGH
GitLab 11.8.0-13.10.4 - Denial of Service via Recursive Pipeline Relationship
Jun 11, 2021
CVSS 7.7
EPSS 0.01
CVE-2021-22175 MEDIUM KEVNUCLEI
GitLab 10.5.0-13.6.6 - Unauthenticated Server-Side Request Forgery via Webhook Internal Network Requests
Jun 11, 2021
CVSS 6.8
EPSS 0.53
CVE-2021-22220 MEDIUM
GitLab 13.10-13.10.5 - Stored Cross-Site Scripting in Blob Viewer of Notebooks
Jun 08, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-22216 MEDIUM
GitLab < 13.10.5 - Denial of Service via Long Issue or Merge Request Description
Jun 08, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-22221 MEDIUM
GitLab 12.9.0-13.10.4, 13.11.0-13.11.4, 13.12.0-13.12.1 - Insufficient Session Expiration
Jun 08, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-22219 MEDIUM
GitLab 9.5.0-13.10.4 13.11.0-13.11.4 13.12.0-13.12.1 - Sensitive Information Exposure in Log Files
Jun 08, 2021
CVSS 4.4
EPSS 0.01
CVE-2021-22217 MEDIUM
GitLab < 13.10.5 - Denial of Service via Specially Crafted Issue or Merge Request
Jun 08, 2021
CVSS 6.5
EPSS 0.02
CVE-2021-22213 HIGH
GitLab 7.10.0-13.10.4 - Cross-Site Leak via OAuth Flow
Jun 08, 2021
CVSS 8.8
EPSS 0.02
CVE-2021-22218 LOW
GitLab 12.8-13.10.4, 13.11-13.11.4, 13.12-13.12.1 - Improper Certificate Validation
Jun 08, 2021
CVSS 2.6
EPSS 0.00