gitlab
1,423 tracked vulnerabilities.
CVE-2020-13266
MEDIUM
GitLab CE/EE <13.0.1 - Privilege Escalation
Jun 09, 2020
CVSS 4.3
EPSS 0.01
CVE-2020-12448
MEDIUM
GitLab 12.8.0-12.8.9 - Unauthenticated Sensitive Information Exposure via NuGet
May 07, 2020
CVSS 5.3
EPSS 0.01
CVE-2020-12277
MEDIUM
GitLab 10.8-12.9 - Unauthenticated Repository Mirroring via Unauthorized Feature Access
Apr 29, 2020
CVSS 5.3
EPSS 0.01
CVE-2020-12276
MEDIUM
GitLab 9.5.9-12.9 - Stored Cross-Site Scripting in Admin Notification Feature
Apr 29, 2020
CVSS 4.8
EPSS 0.01
CVE-2020-12275
MEDIUM
GitLab 12.6-12.9 - Unauthenticated Privilege Escalation via Personal Snippet API
Apr 29, 2020
CVSS 5.3
EPSS 0.01
CVE-2020-11649
MEDIUM
GitLab 8.15-12.9.2 - Missing Authentication for Critical Function
Apr 22, 2020
CVSS 6.5
EPSS 0.01
CVE-2020-11506
HIGH
GitLab 10.7.0-12.9.2 - Exposure of Sensitive Information via Workhorse Request Smuggling
Apr 22, 2020
CVSS 7.5
EPSS 0.01
CVE-2020-11505
HIGH
GitLab < 12.7.9, 12.8.x < 12.8.9, 12.9.x < 12.9.3 - Exposure of Sensitive Information via Workhorse Request Smuggling
Apr 22, 2020
CVSS 7.5
EPSS 0.01
CVE-2020-10981
MEDIUM
GitLab EE/CE <12.9 - Info Disclosure
Apr 08, 2020
CVSS 4.3
EPSS 0.01
CVE-2020-10980
CRITICAL
GitLab 8.0.0-12.9 - Server-Side Request Forgery via FogBugz Integration
Apr 08, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-10979
MEDIUM
GitLab EE/CE <12.9 - Info Disclosure
Apr 08, 2020
CVSS 4.3
EPSS 0.01
CVE-2020-10978
MEDIUM
GitLab EE/CE 8.11-12.9 - Info Disclosure
Apr 08, 2020
CVSS 5.3
EPSS 0.01
CVE-2020-10977
MEDIUM
GitLab EE/CE <12.9 - Path Traversal
Apr 08, 2020
CVSS 5.5
EPSS 0.43
CVE-2020-10976
HIGH
GitLab EE/CE <12.9 - Info Disclosure
Apr 08, 2020
CVSS 7.5
EPSS 0.01
CVE-2020-10975
MEDIUM
GitLab EE/CE 10.8-12.9 - Info Disclosure
Apr 08, 2020
CVSS 4.3
EPSS 0.01
CVE-2020-10956
CRITICAL
GitLab 8.10-12.9 - Server-Side Request Forgery via Project Import Note Feature
Mar 27, 2020
CVSS 9.8
EPSS 0.01
CVE-2020-10955
MEDIUM
GitLab EE/CE <12.9 - Info Disclosure
Mar 27, 2020
CVSS 6.5
EPSS 0.01
CVE-2020-10954
HIGH
GitLab < 12.9 - Denial of Service via Repository Archive Download
Mar 27, 2020
CVSS 7.5
EPSS 0.01
CVE-2020-10953
HIGH
GitLab 11.7.0-12.9 - Path Traversal via NPM Feature
Mar 27, 2020
CVSS 7.5
EPSS 0.01
CVE-2020-10952
MEDIUM
GitLab EE/CE <12.9.1 - Info Disclosure
Mar 27, 2020
CVSS 6.5
EPSS 0.01
CVE-2020-10077
CRITICAL
GitLab 3.0.0-12.8.1 - Server-Side Request Forgery via Deprecated Service
Mar 13, 2020
CVSS 9.8
EPSS 0.01
CVE-2020-10076
MEDIUM
GitLab 12.1-12.8.1 - Stored Cross-Site Scripting in Merge Request Display
Mar 13, 2020
CVSS 6.1
EPSS 0.01
CVE-2020-10075
MEDIUM
GitLab 12.5-12.8.1 - HTML Injection via Error Header
Mar 13, 2020
CVSS 6.1
EPSS 0.01
CVE-2020-10074
CRITICAL
GitLab 10.1-12.8.1 - Incorrect Access Control via Expired Link
Mar 13, 2020
CVSS 9.8
EPSS 0.01
CVE-2020-10073
HIGH
GitLab EE 12.4.2-12.8.1 - Denial of Service via Project Home Page Permissions Check
Mar 13, 2020
CVSS 7.5
EPSS 0.01