gitlab

1,383 tracked vulnerabilities.

CVE-2019-15576 HIGH
GitLab <12.3.2, <12.2.6, <12.1.12 - Unauthenticated Information Disclosure via GraphQL Endpoint
Dec 18, 2019
CVSS 7.5
EPSS 0.01
CVE-2019-15575 HIGH
GitLab <12.3.2, <12.2.6, <12.1.12 - Command Injection via API Blobs Scope
Dec 18, 2019
CVSS 7.5
EPSS 0.03
CVE-2019-18456 MEDIUM
GitLab 8.17.0-12.4.0 - Insecure Permissions in Elasticsearch Search Feature
Nov 26, 2019
CVSS 5.3
EPSS 0.00
CVE-2019-18455 HIGH
GitLab 11.0.0-12.4.0 - Denial of Service via Nested GraphQL Query Loop
Nov 26, 2019
CVSS 7.5
EPSS 0.00
CVE-2019-18454 MEDIUM
GitLab 10.5-12.4 - Cross-Site Scripting in RDoc Wiki Page Link Validation
Nov 26, 2019
CVSS 6.1
EPSS 0.00
CVE-2019-18453 MEDIUM
GitLab 11.6-12.4 - Insecure Permission Assignment in Email Comment Feature
Nov 26, 2019
CVSS 4.3
EPSS 0.00
CVE-2019-18452 MEDIUM
GitLab CE/EE <12.5 - Info Disclosure
Nov 26, 2019
CVSS 5.3
EPSS 0.00
CVE-2019-18451 MEDIUM
GitLab 10.7.4-12.4 - Open Redirect via InternalRedirect Filtering
Nov 26, 2019
CVSS 6.1
EPSS 0.00
CVE-2019-18450 MEDIUM
GitLab < 12.4.0 - Insecure Permissions in Project Labels
Nov 26, 2019
CVSS 4.3
EPSS 0.00
CVE-2019-18449 MEDIUM
GitLab < 12.4.0 - Insecure Permissions in Autocomplete Feature
Nov 26, 2019
CVSS 4.3
EPSS 0.00
CVE-2019-18448 MEDIUM
GitLab < 12.4.0 - Incorrect Access Control
Nov 26, 2019
CVSS 6.5
EPSS 0.00
CVE-2019-18447 MEDIUM
GitLab < 12.4.0 - Insecure Permission Assignment
Nov 26, 2019
CVSS 4.3
EPSS 0.00
CVE-2019-18446 MEDIUM
GitLab 8.15.0-12.4.0 - Insecure Permission Assignment
Nov 26, 2019
CVSS 4.3
EPSS 0.00
CVE-2019-18459 MEDIUM
GitLab CE/EE 11.3-12.3 - Info Disclosure
Nov 26, 2019
CVSS 5.3
EPSS 0.00
CVE-2019-18458 LOW
GitLab 10.5.0-12.4.0 - Insecure Permission Preservation
Nov 26, 2019
CVSS 2.7
EPSS 0.00
CVE-2019-18457 HIGH
GitLab 11.8.0-12.4.0 - Insecure Permissions in Security Token Handling
Nov 26, 2019
CVSS 8.8
EPSS 0.00
CVE-2019-18463 MEDIUM
GitLab < 12.4.0 - Insecure Permissions
Nov 26, 2019
CVSS 4.3
EPSS 0.00
CVE-2019-18462 MEDIUM
GitLab 11.3-12.4 - Insecure Permission Assignment
Nov 26, 2019
CVSS 4.3
EPSS 0.00
CVE-2019-18461 MEDIUM
GitLab 11.3.0-12.3.0 - Incorrect Access Control
Nov 26, 2019
CVSS 4.3
EPSS 0.00
CVE-2019-18460 HIGH
GitLab 8.15-12.4 - Exposure of Sensitive Information via Comments Search Elasticsearch Integration
Nov 26, 2019
CVSS 7.5
EPSS 0.00
CVE-2019-15593 MEDIUM
GitLab 12.2.3 - Denial of Service via Issue Comments
Nov 22, 2019
CVSS 6.5
EPSS 0.00
CVE-2019-15729 HIGH
GitLab 8.18-12.2.1 - Information Disclosure via Merge Request Pipeline Endpoint
Sep 17, 2019
CVSS 7.5
EPSS 0.00
CVE-2019-15741 CRITICAL
GitLab Omnibus 7.4-12.2.1 - Privilege Escalation via Logrotate Interaction
Sep 16, 2019
CVSS 9.8
EPSS 0.02
CVE-2019-15740 MEDIUM
GitLab 7.9.0-12.2.1 - Exposure of Sensitive Information via EXIF Geolocation Data
Sep 16, 2019
CVSS 5.3
EPSS 0.00
CVE-2019-15739 MEDIUM
GitLab 8.1-12.2.1 - Stored Cross-Site Scripting in Markdown Renderer
Sep 16, 2019
CVSS 6.1
EPSS 0.00
Products
gitlab 1,368 GitLab 110 gitlab-shell 5 dynamic_application_security_testing_analyzer 4 runner 3 gitlab-vscode-extension 2 GitLab AI Gateway 1 dast_api_scanner 1 gitaly 1 gitlab_runner 1 language_server 1 omnibus 1
Quick Filters
Critical CVEs With Exploits In CISA KEV