gitlab
1,423 tracked vulnerabilities.
CVE-2021-22215
HIGH
GitLab 13.11.0-13.11.4 - Information Disclosure via On-Call Rotation Data
Jun 08, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-22214
MEDIUM
NUCLEI
GitLab 10.5-13.10.4 - Unauthenticated Server-Side Request Forgery via Webhook Internal Network Requests
Jun 08, 2021
CVSS 6.8
EPSS 0.28
CVE-2021-22210
MEDIUM
GitLab 13.2.0-13.9.7 - Allocation of Resources Without Limits or Throttling via API Branch Query
May 06, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-22209
HIGH
GitLab 13.8.0-13.9.6 - Incorrect Authorization via GraphQL Mutation
May 06, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-22208
MEDIUM
GitLab 13.5.0-13.9.7 - Unauthenticated Issue Timestamp Manipulation
May 06, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-22206
MEDIUM
GitLab 11.6.0-13.9.6 - Cleartext Storage of Sensitive Information in Pull Mirror Credentials
May 06, 2021
CVSS 6.8
EPSS 0.01
CVE-2021-22211
LOW
GitLab 13.7.0-13.9.6 - Incorrect Authorization via Dependency Proxy
May 06, 2021
CVSS 3.1
EPSS 0.01
CVE-2021-22205
CRITICAL
KEVNUCLEI
GitLab 11.9.0-13.8.7 - Unauthenticated Remote Code Execution via ExifTool Image Parsing
Apr 23, 2021
CVSS 10.0
EPSS 1.00
CVE-2021-22199
LOW
GitLab 12.9-13.8.6 - Stored Cross-Site Scripting via Scoped Labels
Apr 22, 2021
CVSS 3.5
EPSS 0.01
CVE-2021-22190
HIGH
GitLab 13.7.0-13.7.8 - Path Traversal via GitLab Workhorse
Apr 12, 2021
CVSS 8.5
EPSS 0.01
CVE-2021-22203
HIGH
GitLab CE/EE <13.8.7/<13.9.5/<13.10.1 - Info Disclosure
Apr 02, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-22202
LOW
GitLab < 13.10.0 - Cross-Site Request Forgery via System Hooks API
Apr 02, 2021
CVSS 2.4
EPSS 0.00
CVE-2021-22201
CRITICAL
GitLab CE/EE <13.9 - Info Disclosure
Apr 02, 2021
CVSS 9.6
EPSS 0.03
CVE-2021-22200
MEDIUM
GitLab CE/EE <12.6 - Info Disclosure
Apr 02, 2021
CVSS 5.9
EPSS 0.01
CVE-2021-22198
MEDIUM
GitLab CE/EE >=13.8 - Privilege Escalation
Apr 02, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-22197
LOW
GitLab 10.6.0-13.8.6 - Authenticated Denial of Service via Merge Request Infinite Loop
Apr 02, 2021
CVSS 3.5
EPSS 0.01
CVE-2021-22196
MEDIUM
GitLab 13.4.0-13.8.6 - Stored Cross-Site Scripting via Merge Request Branch Name
Apr 02, 2021
CVSS 6.3
EPSS 0.01
CVE-2021-22195
HIGH
GitLab VSCode Extension < 3.15.0 - Client-Side Code Execution via Uncontrolled Search Path Element
Apr 01, 2021
CVSS 8.6
EPSS 0.01
CVE-2021-22177
MEDIUM
GitLab 12.6.0-13.6.6 - Denial of Service via gitlab-shell Command
Apr 01, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-22194
MEDIUM
GitLab - Cleartext Storage of Sensitive Information in Redis
Mar 26, 2021
CVSS 5.7
EPSS 0.00
CVE-2021-22184
MEDIUM
GitLab 12.8.0-13.6.5 - Sensitive Information Disclosure in Server Logs
Mar 26, 2021
CVSS 6.2
EPSS 0.00
CVE-2021-22180
MEDIUM
GitLab 13.4-13.6.7 - Unauthenticated Direct Request Access to Analytic Pages
Mar 26, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-22172
MEDIUM
GitLab 12.8.0-13.6.5 - Unauthenticated Exposure of Sensitive Tag Data via Releases Page
Mar 26, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-22169
MEDIUM
GitLab 13.4.0-13.5.5 - Internal IP Address Exposure via Error Message
Mar 24, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-22193
LOW
GitLab 7.1.0-13.6.5 - Information Disclosure via Private Project Name Validation
Mar 24, 2021
CVSS 3.5
EPSS 0.01