gitlab
1,423 tracked vulnerabilities.
CVE-2020-26407
MEDIUM
GitLab 12.4-13.4.6, 13.5-13.5.4, 13.6-13.6.1 - Stored Cross-Site Scripting via Malicious Project Import
Dec 10, 2020
CVSS 5.5
EPSS 0.01
CVE-2020-13359
HIGH
GitLab 12.10-13.2.9 13.4-13.4.4 13.5-13.5.1 - Authenticated Terraform State Overwrite via Delete Operation
Nov 19, 2020
CVSS 7.6
EPSS 0.01
CVE-2020-13356
HIGH
GitLab CE/EE >=8.8.9,<13.3.9 - Auth Bypass
Nov 19, 2020
CVSS 8.2
EPSS 0.02
CVE-2020-13355
HIGH
GitLab CE/EE >=8.14,<13.3.9,>=13.4,<13.4.5,>=13.5,<13.5.2 - Path Tr...
Nov 19, 2020
CVSS 7.5
EPSS 0.02
CVE-2020-26405
HIGH
GitLab 12.8-13.2.9 13.4-13.4.4 13.5-13.5.1 - Path Traversal and Arbitrary File Write via Package Upload
Nov 17, 2020
CVSS 7.1
EPSS 0.01
CVE-2020-13349
MEDIUM
GitLab 8.12.0-13.3.8, 13.4.0-13.4.4, 13.5.0-13.5.1 - Denial of Service via Advanced Search Regex
Nov 17, 2020
CVSS 4.3
EPSS 0.01
CVE-2020-13348
MEDIUM
GitLab EE -<13.3.9,-13.4.5,-13.5.2 - Privilege Escalation
Nov 17, 2020
CVSS 5.7
EPSS 0.01
CVE-2020-13351
MEDIUM
GitLab CE/EE 13.0-13.3.9,13.4.0-13.4.5,13.5.0-13.5.2 - Info Disclosure
Nov 17, 2020
CVSS 6.5
EPSS 0.01
CVE-2020-13350
LOW
GitLab CE/EE >=13.5.0,<13.5.2,>=13.4.0,<13.4.5,<13.3.9 - CSRF
Nov 17, 2020
CVSS 3.1
EPSS 0.01
CVE-2020-26406
MEDIUM
GitLab 13.3-13.3.8, 13.4-13.4.4, 13.5-13.5.1 - Unauthorized SAST CiConfiguration Information Disclosure via GraphQL
Nov 17, 2020
CVSS 5.3
EPSS 0.01
CVE-2020-13358
MEDIUM
GitLab CE/EE 13.3-13.4.5, 13.3-13.3.9, 13.5-13.5.2 - Unauthorized A...
Nov 17, 2020
CVSS 4.7
EPSS 0.00
CVE-2020-13354
MEDIUM
GitLab 12.6.0-13.3.8 - Denial of Service via Container Registry Name Check
Nov 17, 2020
CVSS 4.3
EPSS 0.01
CVE-2020-13353
LOW
Gitaly 1.79.0-13.3.9 - Insufficient Session Expiration via URL Repository Import
Nov 17, 2020
CVSS 2.5
EPSS 0.00
CVE-2020-13352
LOW
GitLab CE/EE >=10.2,<13.3.9,>=13.4,<13.4.5,>=13.5,<13.5.2 - Info Di...
Nov 17, 2020
CVSS 3.7
EPSS 0.01
CVE-2020-13327
MEDIUM
GitLab Runner <13.4.2-<13.3.7-<13.2.10 - Info Disclosure
Oct 22, 2020
CVSS 6.0
EPSS 0.01
CVE-2020-13341
MEDIUM
GitLab <13.2.10-13.4.2 - Privilege Escalation
Oct 12, 2020
CVSS 4.9
EPSS 0.01
CVE-2020-13344
MEDIUM
GitLab <13.2.10-13.4.2 - Info Disclosure
Oct 08, 2020
CVSS 5.7
EPSS 0.00
CVE-2020-13340
HIGH
GitLab < 13.2.10, 13.3.7, 13.4.2 - Stored Cross-Site Scripting in CI Job Log
Oct 08, 2020
CVSS 8.7
EPSS 0.69
CVE-2020-13339
MEDIUM
GitLab < 13.2.10 - Stored Cross-Site Scripting in SVG File Preview
Oct 08, 2020
CVSS 5.5
EPSS 0.01
CVE-2020-13342
LOW
GitLab <13.2.10-13.4.2 - Info Disclosure
Oct 07, 2020
CVSS 2.7
EPSS 0.01
CVE-2020-13347
CRITICAL
Gitlab Runner <13.2.4-13.4.1 - Command Injection
Oct 07, 2020
CVSS 9.1
EPSS 0.02
CVE-2020-13346
MEDIUM
GitLab <13.2.10-13.4.2 - Info Disclosure
Oct 07, 2020
CVSS 6.5
EPSS 0.01
CVE-2020-13335
MEDIUM
GitLab >=7.12 - Privilege Escalation
Oct 07, 2020
CVSS 4.3
EPSS 0.01
CVE-2020-13334
MEDIUM
GitLab <13.2.10-13.4.2 - Info Disclosure
Oct 07, 2020
CVSS 5.9
EPSS 0.02
CVE-2020-13345
MEDIUM
GitLab 10.8.0-13.2.9 - Reflected Cross-Site Scripting on Multiple Routes
Oct 06, 2020
CVSS 5.5
EPSS 0.01