gitlab
1,423 tracked vulnerabilities.
CVE-2018-12606
MEDIUM
GitLab CE/EE <10.7.6, <10.8.5, <11.0.1 - XSS
Aug 03, 2018
CVSS 5.4
EPSS 0.01
CVE-2018-12605
MEDIUM
GitLab 10.7.x < 10.7.6 - Cross-Site Scripting via url_for Arbitrary Protocol
Aug 03, 2018
CVSS 5.4
EPSS 0.01
CVE-2018-14606
MEDIUM
GitLab <10.8.7, <11.0.5, <11.1.2 - XSS
Jul 27, 2018
CVSS 5.4
EPSS 0.01
CVE-2018-14605
MEDIUM
GitLab <10.8.7, <11.0.5, <11.1.2 - XSS
Jul 27, 2018
CVSS 5.4
EPSS 0.01
CVE-2018-14604
MEDIUM
GitLab <10.8.7, <11.0.5, <11.1.2 - XSS
Jul 27, 2018
CVSS 6.1
EPSS 0.01
CVE-2018-14603
HIGH
GitLab <10.8.7, <11.0.5, <11.1.2 - CSRF
Jul 27, 2018
CVSS 8.8
EPSS 0.01
CVE-2018-14602
HIGH
GitLab <10.8.7, <11.0.5, <11.1.2 - Info Disclosure
Jul 27, 2018
CVSS 7.5
EPSS 0.02
CVE-2018-14601
HIGH
GitLab 11.1.x < 11.1.2 - Denial of Service via Markdown Rendering
Jul 27, 2018
CVSS 7.5
EPSS 0.01
CVE-2018-14364
CRITICAL
GitLab <10.7.7, <10.8.6, <11.0.4 - Path Traversal
Jul 18, 2018
CVSS 9.8
EPSS 0.50
CVE-2018-10379
MEDIUM
GitLab CE/EE <10.5.8-10.7.2 - Persistent XSS
May 31, 2018
CVSS 6.1
EPSS 0.01
CVE-2018-8801
MEDIUM
GitLab 8.3-10.x - Server-Side Request Forgery in Services and Webhooks
Apr 25, 2018
CVSS 6.5
EPSS 0.01
CVE-2018-9244
MEDIUM
GitLab 9.2-10.4 - Stored Cross-Site Scripting in Milestone Dropdown Feature
Apr 05, 2018
CVSS 6.1
EPSS 0.01
CVE-2018-9243
MEDIUM
GitLab 8.4-10.4 - Stored Cross-Site Scripting in Merge Request Changes Tab
Apr 05, 2018
CVSS 6.1
EPSS 0.01
CVE-2018-8971
CRITICAL
GitLab < 10.3.9, 10.4.x < 10.4.6, 10.5.x < 10.5.6 - User Impersonation via Auth0 Misconfiguration
Mar 24, 2018
CVSS 9.8
EPSS 0.01
CVE-2018-3710
HIGH
GitLab 8.9.0-9.5.9 - Remote Code Execution via Insecure Temporary File in Project Import
Mar 21, 2018
CVSS 7.8
EPSS 0.03
CVE-2017-0921
HIGH
GitLab <10.1.6-10.3.4 - Info Disclosure
Jul 03, 2018
CVSS 8.1
EPSS 0.01
CVE-2017-0919
HIGH
GitLab <10.1.6-10.3.4 - Auth Bypass
Jul 03, 2018
CVSS 7.5
EPSS 0.01
CVE-2017-0920
MEDIUM
GitLab <10.1.6, 10.2.6, 10.3.4 - Auth Bypass
Mar 22, 2018
CVSS 4.3
EPSS 0.01
CVE-2017-0927
MEDIUM
GitLab 8.16.0-9.5.9 - Unauthenticated Improper Authorization in Deployment Keys
Mar 21, 2018
CVSS 6.5
EPSS 0.01
CVE-2017-0926
HIGH
GitLab 8.8.0-9.5.9 - Unauthenticated Unauthorized User Login via OAuth Sign-In
Mar 21, 2018
CVSS 8.8
EPSS 0.01
CVE-2017-0925
HIGH
Gitlab EE <10.1.0 - Info Disclosure
Mar 21, 2018
CVSS 7.2
EPSS 0.01
CVE-2017-0924
MEDIUM
GitLab 10.2.4 - Stored Cross-Site Scripting in Labels Component
Mar 21, 2018
CVSS 6.1
EPSS 0.01
CVE-2017-0923
MEDIUM
GitLab 9.1 - Stored Cross-Site Scripting in IPython Notebooks
Mar 21, 2018
CVSS 6.1
EPSS 0.01
CVE-2017-0922
HIGH
GitLab 9.1.0-9.5.10 - Authorization Bypass in Projects::BoardsController
Mar 21, 2018
CVSS 7.5
EPSS 0.01
CVE-2017-0918
HIGH
Gitlab CE <10.3 - Path Traversal, RCE
Mar 21, 2018
CVSS 8.8
EPSS 0.05