gitlab

1,383 tracked vulnerabilities.

CVE-2020-10956 CRITICAL
GitLab 8.10-12.9 - Server-Side Request Forgery via Project Import Note Feature
Mar 27, 2020
CVSS 9.8
EPSS 0.00
CVE-2020-10955 MEDIUM
GitLab EE/CE <12.9 - Info Disclosure
Mar 27, 2020
CVSS 6.5
EPSS 0.00
CVE-2020-10954 HIGH
GitLab < 12.9 - Denial of Service via Repository Archive Download
Mar 27, 2020
CVSS 7.5
EPSS 0.00
CVE-2020-10953 HIGH
GitLab 11.7.0-12.9 - Path Traversal via NPM Feature
Mar 27, 2020
CVSS 7.5
EPSS 0.00
CVE-2020-10952 MEDIUM
GitLab EE/CE <12.9.1 - Info Disclosure
Mar 27, 2020
CVSS 6.5
EPSS 0.00
CVE-2020-10077 CRITICAL
GitLab 3.0.0-12.8.1 - Server-Side Request Forgery via Deprecated Service
Mar 13, 2020
CVSS 9.8
EPSS 0.00
CVE-2020-10076 MEDIUM
GitLab 12.1-12.8.1 - Stored Cross-Site Scripting in Merge Request Display
Mar 13, 2020
CVSS 6.1
EPSS 0.00
CVE-2020-10075 MEDIUM
GitLab 12.5-12.8.1 - HTML Injection via Error Header
Mar 13, 2020
CVSS 6.1
EPSS 0.00
CVE-2020-10074 CRITICAL
GitLab 10.1-12.8.1 - Incorrect Access Control via Expired Link
Mar 13, 2020
CVSS 9.8
EPSS 0.00
CVE-2020-10073 HIGH
GitLab EE 12.4.2-12.8.1 - Denial of Service via Project Home Page Permissions Check
Mar 13, 2020
CVSS 7.5
EPSS 0.00
CVE-2020-10092 MEDIUM
GitLab 12.1-12.8.1 - Stored Cross-Site Scripting in Grafana Integration View
Mar 13, 2020
CVSS 6.1
EPSS 0.00
CVE-2020-10091 MEDIUM
GitLab 9.3.0-12.8.1 - Cross-Site Scripting via File Viewer
Mar 13, 2020
CVSS 6.1
EPSS 0.00
CVE-2020-10090 MEDIUM
GitLab 11.7-12.8.1 - Unauthorized Information Disclosure in Group Epic Data
Mar 13, 2020
CVSS 5.3
EPSS 0.00
CVE-2020-10089 HIGH
GitLab 8.11-12.8.1 - Denial of Service via Recursive Feature Requests
Mar 13, 2020
CVSS 7.5
EPSS 0.00
CVE-2020-10088 HIGH
GitLab 12.5-12.8.1 - Insecure Permissions via Group Invitation
Mar 13, 2020
CVSS 8.1
EPSS 0.00
CVE-2020-10087 HIGH
GitLab < 12.8.2 - Information Disclosure via Badge Image Proxy Bypass
Mar 13, 2020
CVSS 7.5
EPSS 0.00
CVE-2020-10086 MEDIUM
GitLab 10.4-12.8.1 - Path Traversal and Arbitrary File Read
Mar 13, 2020
CVSS 5.3
EPSS 0.00
CVE-2020-10085 MEDIUM
GitLab 12.3.5-12.8.1 - Information Disclosure via Merge Request Title Exposure
Mar 13, 2020
CVSS 5.3
EPSS 0.00
CVE-2020-10084 MEDIUM
GitLab 11.6.0-12.8.1 - Information Disclosure via Vulnerability Feedback Endpoint
Mar 13, 2020
CVSS 5.3
EPSS 0.00
CVE-2020-10083 CRITICAL
GitLab 12.7-12.8.1 - Insecure Permissions
Mar 13, 2020
CVSS 9.1
EPSS 0.00
CVE-2020-10082 MEDIUM
GitLab 12.2-12.8.1 - Denial of Service via Public Issue Designs
Mar 13, 2020
CVSS 5.3
EPSS 0.00
CVE-2020-10081 MEDIUM
GitLab < 12.8.2 - Incorrect Access Control in LFS Import Process
Mar 13, 2020
CVSS 6.5
EPSS 0.00
CVE-2020-10080 MEDIUM
GitLab 8.3-12.8.1 - Unauthenticated Information Disclosure via Contribution Analytics Page
Mar 13, 2020
CVSS 5.3
EPSS 0.00
CVE-2020-10079 MEDIUM
GitLab 7.10.0-12.8.1 - Missing Authentication for Critical Function
Mar 13, 2020
CVSS 5.3
EPSS 0.00
CVE-2020-10078 MEDIUM
GitLab 12.1-12.8.1 - Stored Cross-Site Scripting in Merge Request Submission Form
Mar 13, 2020
CVSS 6.1
EPSS 0.00
Products
gitlab 1,368 GitLab 110 gitlab-shell 5 dynamic_application_security_testing_analyzer 4 runner 3 gitlab-vscode-extension 2 GitLab AI Gateway 1 dast_api_scanner 1 gitaly 1 gitlab_runner 1 language_server 1 omnibus 1
Quick Filters
Critical CVEs With Exploits In CISA KEV