gitlab

1,383 tracked vulnerabilities.

CVE-2018-19574 MEDIUM
GitLab 7.6-11.3.10, 11.4-11.4.7, 11.5 - Cross-Site Scripting in OAuth Authorization Page
Jul 10, 2019
CVSS 5.4
EPSS 0.00
CVE-2018-19573 MEDIUM
GitLab 10.3-11.x < 11.3.11, 11.4 < 11.4.8, 11.5 < 11.5.1 - Stored Cross-Site Scripting via Mermaid Markdown Renderer
Jul 10, 2019
CVSS 5.4
EPSS 0.00
CVE-2018-19572 MEDIUM
GitLab CE/E 8.17+ - Unauthorized Access
Jul 10, 2019
CVSS 5.9
EPSS 0.00
CVE-2018-19570 MEDIUM
GitLab 11.3-11.3.10, 11.4-11.4.7, 11.5 - Cross-Site Scripting via Unrecognized HTML Tags in Markdown Fields
Jul 10, 2019
CVSS 5.4
EPSS 0.00
CVE-2018-19569 HIGH
GitLab CE/EE <11.3.11, <11.4.8, <11.5.1 - Auth Bypass
Jul 10, 2019
CVSS 8.8
EPSS 0.00
CVE-2018-19577 MEDIUM
Gitlab CE/EE <11.3.11-11.5.1 - Info Disclosure
Jul 10, 2019
CVSS 5.3
EPSS 0.00
CVE-2018-19496 MEDIUM
GitLab <11.3.11-11.5.1 - Privilege Escalation
Jul 10, 2019
CVSS 6.5
EPSS 0.00
CVE-2018-19495 MEDIUM
GitLab < 11.3.11, 11.4.x < 11.4.8, 11.5.x < 11.5.1 - Server-Side Request Forgery via Prometheus Integration
Jul 10, 2019
CVSS 6.5
EPSS 0.00
CVE-2018-19494 MEDIUM
GitLab <11.3.11-11.5.1 - Info Disclosure
Jul 10, 2019
CVSS 4.3
EPSS 0.00
CVE-2018-19493 MEDIUM
GitLab 11.x < 11.3.11, 11.4.x < 11.4.8, 11.5.x < 11.5.1 - Stored Cross-Site Scripting in Environment Pages
Jul 10, 2019
CVSS 6.1
EPSS 0.00
CVE-2018-20500 HIGH
GitLab 9.4.0-11.4.12, 11.5.0-11.5.5, 11.6.0 - Insecure Runner Registration Token Permissions
May 17, 2019
CVSS 7.5
EPSS 0.00
CVE-2018-19585 HIGH
GitLab CE/EE <11.3.11-11.5.1 - CRLF Injection
May 17, 2019
CVSS 7.5
EPSS 0.12
CVE-2018-19359 HIGH
GitLab <11.5.0-rc12, 11.4.6, 11.3.10 - Info Disclosure
Apr 25, 2019
CVSS 8.8
EPSS 0.00
CVE-2018-18643 MEDIUM
GitLab 11.2-11.4.6 - Stored Cross-Site Scripting
Apr 25, 2019
CVSS 6.1
EPSS 0.00
CVE-2018-20229 HIGH
GitLab <11.3.14-11.5.5 - Path Traversal
Apr 04, 2019
CVSS 7.5
EPSS 0.00
CVE-2018-20144 HIGH
GitLab <11.3.13-11.5.4 - Info Disclosure
Mar 28, 2019
CVSS 7.5
EPSS 0.00
CVE-2018-19856 HIGH
GitLab <11.3.12-11.5.3 - Path Traversal
Mar 26, 2019
CVSS 7.5
EPSS 0.00
CVE-2018-18843 CRITICAL
GitLab 11.0.0-11.2.8 - Server-Side Request Forgery via Kubernetes Integration
Dec 04, 2018
CVSS 10.0
EPSS 0.00
CVE-2018-18648 HIGH
GitLab 11.2.0-11.2.6, 11.3.0-11.3.7, 11.4.0-11.4.2 - Information Exposure Through Error Message
Dec 04, 2018
CVSS 7.5
EPSS 0.00
CVE-2018-18647 MEDIUM
GitLab 8.11-11.2.6 11.3.x<11.3.8 11.4.x<11.4.3 - Missing Authorization
Dec 04, 2018
CVSS 6.5
EPSS 0.00
CVE-2018-18646 HIGH
GitLab 5.3-11.2.6, 11.3.x < 11.3.8, 11.4.x < 11.4.3 - Server-Side Request Forgery
Dec 04, 2018
CVSS 8.8
EPSS 0.00
CVE-2018-18645 MEDIUM
GitLab < 11.2.7, 11.3.x < 11.3.8, 11.4.x < 11.4.3 - Information Exposure via Unsubscribe Links in Email Replies
Dec 04, 2018
CVSS 4.3
EPSS 0.00
CVE-2018-18644 MEDIUM
GitLab 11.x < 11.2.7, 11.3.x < 11.3.8, 11.4.x < 11.4.3 - Information Exposure via Prometheus Integration
Dec 04, 2018
CVSS 6.5
EPSS 0.00
CVE-2018-18642 MEDIUM
GitLab 10.4.0-11.2.6, 11.3.0-11.3.7, 11.4.0-11.4.2 - Cross-Site Scripting
Dec 04, 2018
CVSS 6.1
EPSS 0.00
CVE-2018-18641 CRITICAL
GitLab 8.10.0-11.2.6 11.3.0-11.3.7 11.4.0-11.4.2 - Cleartext Storage of Sensitive Information
Dec 04, 2018
CVSS 9.8
EPSS 0.00
Products
gitlab 1,368 GitLab 110 gitlab-shell 5 dynamic_application_security_testing_analyzer 4 runner 3 gitlab-vscode-extension 2 GitLab AI Gateway 1 dast_api_scanner 1 gitaly 1 gitlab_runner 1 language_server 1 omnibus 1
Quick Filters
Critical CVEs With Exploits In CISA KEV