gitlab

1,423 tracked vulnerabilities.

CVE-2018-20500 HIGH
GitLab 9.4.0-11.4.12, 11.5.0-11.5.5, 11.6.0 - Insecure Runner Registration Token Permissions
May 17, 2019
CVSS 7.5
EPSS 0.01
CVE-2018-19585 HIGH
GitLab CE/EE <11.3.11-11.5.1 - CRLF Injection
May 17, 2019
CVSS 7.5
EPSS 0.15
CVE-2018-19359 HIGH
GitLab <11.5.0-rc12, 11.4.6, 11.3.10 - Info Disclosure
Apr 25, 2019
CVSS 8.8
EPSS 0.02
CVE-2018-18643 MEDIUM
GitLab 11.2-11.4.6 - Stored Cross-Site Scripting
Apr 25, 2019
CVSS 6.1
EPSS 0.01
CVE-2018-20229 HIGH
GitLab <11.3.14-11.5.5 - Path Traversal
Apr 04, 2019
CVSS 7.5
EPSS 0.02
CVE-2018-20144 HIGH
GitLab <11.3.13-11.5.4 - Info Disclosure
Mar 28, 2019
CVSS 7.5
EPSS 0.02
CVE-2018-19856 HIGH
GitLab <11.3.12-11.5.3 - Path Traversal
Mar 26, 2019
CVSS 7.5
EPSS 0.02
CVE-2018-18843 CRITICAL
GitLab 11.0.0-11.2.8 - Server-Side Request Forgery via Kubernetes Integration
Dec 04, 2018
CVSS 10.0
EPSS 0.02
CVE-2018-18648 HIGH
GitLab 11.2.0-11.2.6, 11.3.0-11.3.7, 11.4.0-11.4.2 - Information Exposure Through Error Message
Dec 04, 2018
CVSS 7.5
EPSS 0.01
CVE-2018-18647 MEDIUM
GitLab 8.11-11.2.6 11.3.x<11.3.8 11.4.x<11.4.3 - Missing Authorization
Dec 04, 2018
CVSS 6.5
EPSS 0.01
CVE-2018-18646 HIGH
GitLab 5.3-11.2.6, 11.3.x < 11.3.8, 11.4.x < 11.4.3 - Server-Side Request Forgery
Dec 04, 2018
CVSS 8.8
EPSS 0.01
CVE-2018-18645 MEDIUM
GitLab < 11.2.7, 11.3.x < 11.3.8, 11.4.x < 11.4.3 - Information Exposure via Unsubscribe Links in Email Replies
Dec 04, 2018
CVSS 4.3
EPSS 0.01
CVE-2018-18644 MEDIUM
GitLab 11.x < 11.2.7, 11.3.x < 11.3.8, 11.4.x < 11.4.3 - Information Exposure via Prometheus Integration
Dec 04, 2018
CVSS 6.5
EPSS 0.01
CVE-2018-18642 MEDIUM
GitLab 10.4.0-11.2.6, 11.3.0-11.3.7, 11.4.0-11.4.2 - Cross-Site Scripting
Dec 04, 2018
CVSS 6.1
EPSS 0.01
CVE-2018-18641 CRITICAL
GitLab 8.10.0-11.2.6 11.3.0-11.3.7 11.4.0-11.4.2 - Cleartext Storage of Sensitive Information
Dec 04, 2018
CVSS 9.8
EPSS 0.01
CVE-2018-18640 MEDIUM
GitLab < 11.2.7, 11.3.x < 11.3.8, 11.4.x < 11.4.3 - Information Exposure Through Browser Caching
Dec 04, 2018
CVSS 6.5
EPSS 0.01
CVE-2018-17976 MEDIUM
GitLab 11.0.0-11.1.8 - Information Exposure via Epic Change Descriptions
Dec 04, 2018
CVSS 6.5
EPSS 0.01
CVE-2018-17975 MEDIUM
GitLab 11.x < 11.1.8, 11.2.x < 11.2.5, 11.3.x < 11.3.2 - Information Exposure via GFM Markdown API
Dec 04, 2018
CVSS 5.3
EPSS 0.01
CVE-2018-17939 HIGH
GitLab 11.1.x-11.1.8 11.2.x-11.2.5 11.3.x-11.3.2 - Information Exposure via Merge Request JSON Endpoint
Dec 04, 2018
CVSS 7.5
EPSS 0.01
CVE-2018-18649 CRITICAL
GitLab 11.2.0-11.2.6, 11.3.0-11.3.7, 11.4.0-11.4.2 - Remote Code Execution via Wiki API
Nov 29, 2018
CVSS 9.8
EPSS 0.07
CVE-2018-16051 MEDIUM
GitLab 8.10.0-11.0.5, 11.1.0-11.1.4, 11.2.0-11.2.1 - Exposure of Sensitive Information via Orphaned Upload Files
Oct 03, 2018
CVSS 6.5
EPSS 0.01
CVE-2018-16050 MEDIUM
GitLab 11.1.x < 11.1.5 and 11.2.x < 11.2.2 - Stored Cross-Site Scripting in Merge Request Changes View
Oct 03, 2018
CVSS 6.1
EPSS 0.01
CVE-2018-16049 CRITICAL
GitLab 8.10.0-11.0.5, 11.1.0-11.1.4, 11.2.0-11.2.1 - Sensitive Data Disclosure in Sidekiq Logs
Oct 03, 2018
CVSS 9.8
EPSS 0.02
CVE-2018-16048 MEDIUM
GitLab 8.10.0-11.0.5 11.1.0-11.1.4 11.2.0-11.2.1 - Missing Authorization for API Repository Storage
Oct 03, 2018
CVSS 6.5
EPSS 0.01
CVE-2018-12607 MEDIUM
GitLab CE/EE <10.7.6, <10.8.5, <11.0.1 - XSS
Aug 03, 2018
CVSS 5.4
EPSS 0.01