gitlab
1,423 tracked vulnerabilities.
CVE-2018-20500
HIGH
GitLab 9.4.0-11.4.12, 11.5.0-11.5.5, 11.6.0 - Insecure Runner Registration Token Permissions
May 17, 2019
CVSS 7.5
EPSS 0.01
CVE-2018-19585
HIGH
GitLab CE/EE <11.3.11-11.5.1 - CRLF Injection
May 17, 2019
CVSS 7.5
EPSS 0.15
CVE-2018-19359
HIGH
GitLab <11.5.0-rc12, 11.4.6, 11.3.10 - Info Disclosure
Apr 25, 2019
CVSS 8.8
EPSS 0.02
CVE-2018-18643
MEDIUM
GitLab 11.2-11.4.6 - Stored Cross-Site Scripting
Apr 25, 2019
CVSS 6.1
EPSS 0.01
CVE-2018-20229
HIGH
GitLab <11.3.14-11.5.5 - Path Traversal
Apr 04, 2019
CVSS 7.5
EPSS 0.02
CVE-2018-20144
HIGH
GitLab <11.3.13-11.5.4 - Info Disclosure
Mar 28, 2019
CVSS 7.5
EPSS 0.02
CVE-2018-19856
HIGH
GitLab <11.3.12-11.5.3 - Path Traversal
Mar 26, 2019
CVSS 7.5
EPSS 0.02
CVE-2018-18843
CRITICAL
GitLab 11.0.0-11.2.8 - Server-Side Request Forgery via Kubernetes Integration
Dec 04, 2018
CVSS 10.0
EPSS 0.02
CVE-2018-18648
HIGH
GitLab 11.2.0-11.2.6, 11.3.0-11.3.7, 11.4.0-11.4.2 - Information Exposure Through Error Message
Dec 04, 2018
CVSS 7.5
EPSS 0.01
CVE-2018-18647
MEDIUM
GitLab 8.11-11.2.6 11.3.x<11.3.8 11.4.x<11.4.3 - Missing Authorization
Dec 04, 2018
CVSS 6.5
EPSS 0.01
CVE-2018-18646
HIGH
GitLab 5.3-11.2.6, 11.3.x < 11.3.8, 11.4.x < 11.4.3 - Server-Side Request Forgery
Dec 04, 2018
CVSS 8.8
EPSS 0.01
CVE-2018-18645
MEDIUM
GitLab < 11.2.7, 11.3.x < 11.3.8, 11.4.x < 11.4.3 - Information Exposure via Unsubscribe Links in Email Replies
Dec 04, 2018
CVSS 4.3
EPSS 0.01
CVE-2018-18644
MEDIUM
GitLab 11.x < 11.2.7, 11.3.x < 11.3.8, 11.4.x < 11.4.3 - Information Exposure via Prometheus Integration
Dec 04, 2018
CVSS 6.5
EPSS 0.01
CVE-2018-18642
MEDIUM
GitLab 10.4.0-11.2.6, 11.3.0-11.3.7, 11.4.0-11.4.2 - Cross-Site Scripting
Dec 04, 2018
CVSS 6.1
EPSS 0.01
CVE-2018-18641
CRITICAL
GitLab 8.10.0-11.2.6 11.3.0-11.3.7 11.4.0-11.4.2 - Cleartext Storage of Sensitive Information
Dec 04, 2018
CVSS 9.8
EPSS 0.01
CVE-2018-18640
MEDIUM
GitLab < 11.2.7, 11.3.x < 11.3.8, 11.4.x < 11.4.3 - Information Exposure Through Browser Caching
Dec 04, 2018
CVSS 6.5
EPSS 0.01
CVE-2018-17976
MEDIUM
GitLab 11.0.0-11.1.8 - Information Exposure via Epic Change Descriptions
Dec 04, 2018
CVSS 6.5
EPSS 0.01
CVE-2018-17975
MEDIUM
GitLab 11.x < 11.1.8, 11.2.x < 11.2.5, 11.3.x < 11.3.2 - Information Exposure via GFM Markdown API
Dec 04, 2018
CVSS 5.3
EPSS 0.01
CVE-2018-17939
HIGH
GitLab 11.1.x-11.1.8 11.2.x-11.2.5 11.3.x-11.3.2 - Information Exposure via Merge Request JSON Endpoint
Dec 04, 2018
CVSS 7.5
EPSS 0.01
CVE-2018-18649
CRITICAL
GitLab 11.2.0-11.2.6, 11.3.0-11.3.7, 11.4.0-11.4.2 - Remote Code Execution via Wiki API
Nov 29, 2018
CVSS 9.8
EPSS 0.07
CVE-2018-16051
MEDIUM
GitLab 8.10.0-11.0.5, 11.1.0-11.1.4, 11.2.0-11.2.1 - Exposure of Sensitive Information via Orphaned Upload Files
Oct 03, 2018
CVSS 6.5
EPSS 0.01
CVE-2018-16050
MEDIUM
GitLab 11.1.x < 11.1.5 and 11.2.x < 11.2.2 - Stored Cross-Site Scripting in Merge Request Changes View
Oct 03, 2018
CVSS 6.1
EPSS 0.01
CVE-2018-16049
CRITICAL
GitLab 8.10.0-11.0.5, 11.1.0-11.1.4, 11.2.0-11.2.1 - Sensitive Data Disclosure in Sidekiq Logs
Oct 03, 2018
CVSS 9.8
EPSS 0.02
CVE-2018-16048
MEDIUM
GitLab 8.10.0-11.0.5 11.1.0-11.1.4 11.2.0-11.2.1 - Missing Authorization for API Repository Storage
Oct 03, 2018
CVSS 6.5
EPSS 0.01
CVE-2018-12607
MEDIUM
GitLab CE/EE <10.7.6, <10.8.5, <11.0.1 - XSS
Aug 03, 2018
CVSS 5.4
EPSS 0.01