gitlab

1,423 tracked vulnerabilities.

CVE-2018-12606 MEDIUM
GitLab CE/EE <10.7.6, <10.8.5, <11.0.1 - XSS
Aug 03, 2018
CVSS 5.4
EPSS 0.01
CVE-2018-12605 MEDIUM
GitLab 10.7.x < 10.7.6 - Cross-Site Scripting via url_for Arbitrary Protocol
Aug 03, 2018
CVSS 5.4
EPSS 0.01
CVE-2018-14606 MEDIUM
GitLab <10.8.7, <11.0.5, <11.1.2 - XSS
Jul 27, 2018
CVSS 5.4
EPSS 0.01
CVE-2018-14605 MEDIUM
GitLab <10.8.7, <11.0.5, <11.1.2 - XSS
Jul 27, 2018
CVSS 5.4
EPSS 0.01
CVE-2018-14604 MEDIUM
GitLab <10.8.7, <11.0.5, <11.1.2 - XSS
Jul 27, 2018
CVSS 6.1
EPSS 0.01
CVE-2018-14603 HIGH
GitLab <10.8.7, <11.0.5, <11.1.2 - CSRF
Jul 27, 2018
CVSS 8.8
EPSS 0.01
CVE-2018-14602 HIGH
GitLab <10.8.7, <11.0.5, <11.1.2 - Info Disclosure
Jul 27, 2018
CVSS 7.5
EPSS 0.02
CVE-2018-14601 HIGH
GitLab 11.1.x < 11.1.2 - Denial of Service via Markdown Rendering
Jul 27, 2018
CVSS 7.5
EPSS 0.01
CVE-2018-14364 CRITICAL
GitLab <10.7.7, <10.8.6, <11.0.4 - Path Traversal
Jul 18, 2018
CVSS 9.8
EPSS 0.50
CVE-2018-10379 MEDIUM
GitLab CE/EE <10.5.8-10.7.2 - Persistent XSS
May 31, 2018
CVSS 6.1
EPSS 0.01
CVE-2018-8801 MEDIUM
GitLab 8.3-10.x - Server-Side Request Forgery in Services and Webhooks
Apr 25, 2018
CVSS 6.5
EPSS 0.01
CVE-2018-9244 MEDIUM
GitLab 9.2-10.4 - Stored Cross-Site Scripting in Milestone Dropdown Feature
Apr 05, 2018
CVSS 6.1
EPSS 0.01
CVE-2018-9243 MEDIUM
GitLab 8.4-10.4 - Stored Cross-Site Scripting in Merge Request Changes Tab
Apr 05, 2018
CVSS 6.1
EPSS 0.01
CVE-2018-8971 CRITICAL
GitLab < 10.3.9, 10.4.x < 10.4.6, 10.5.x < 10.5.6 - User Impersonation via Auth0 Misconfiguration
Mar 24, 2018
CVSS 9.8
EPSS 0.01
CVE-2018-3710 HIGH
GitLab 8.9.0-9.5.9 - Remote Code Execution via Insecure Temporary File in Project Import
Mar 21, 2018
CVSS 7.8
EPSS 0.03
CVE-2017-0921 HIGH
GitLab <10.1.6-10.3.4 - Info Disclosure
Jul 03, 2018
CVSS 8.1
EPSS 0.01
CVE-2017-0919 HIGH
GitLab <10.1.6-10.3.4 - Auth Bypass
Jul 03, 2018
CVSS 7.5
EPSS 0.01
CVE-2017-0920 MEDIUM
GitLab <10.1.6, 10.2.6, 10.3.4 - Auth Bypass
Mar 22, 2018
CVSS 4.3
EPSS 0.01
CVE-2017-0927 MEDIUM
GitLab 8.16.0-9.5.9 - Unauthenticated Improper Authorization in Deployment Keys
Mar 21, 2018
CVSS 6.5
EPSS 0.01
CVE-2017-0926 HIGH
GitLab 8.8.0-9.5.9 - Unauthenticated Unauthorized User Login via OAuth Sign-In
Mar 21, 2018
CVSS 8.8
EPSS 0.01
CVE-2017-0925 HIGH
Gitlab EE <10.1.0 - Info Disclosure
Mar 21, 2018
CVSS 7.2
EPSS 0.01
CVE-2017-0924 MEDIUM
GitLab 10.2.4 - Stored Cross-Site Scripting in Labels Component
Mar 21, 2018
CVSS 6.1
EPSS 0.01
CVE-2017-0923 MEDIUM
GitLab 9.1 - Stored Cross-Site Scripting in IPython Notebooks
Mar 21, 2018
CVSS 6.1
EPSS 0.01
CVE-2017-0922 HIGH
GitLab 9.1.0-9.5.10 - Authorization Bypass in Projects::BoardsController
Mar 21, 2018
CVSS 7.5
EPSS 0.01
CVE-2017-0918 HIGH
Gitlab CE <10.3 - Path Traversal, RCE
Mar 21, 2018
CVSS 8.8
EPSS 0.05