gitlab

1,423 tracked vulnerabilities.

CVE-2017-0917 MEDIUM
GitLab 10.1.0-10.1.5 - Stored Cross-Site Scripting in CI Job Component
Mar 21, 2018
CVSS 6.1
EPSS 0.01
CVE-2017-0916 CRITICAL
GitLab 8.8.0-10.1.5 - Remote Code Execution via Web Hook Input Validation Bypass
Mar 21, 2018
CVSS 9.8
EPSS 0.06
CVE-2017-0915 CRITICAL
GitLab 8.9.0-9.5.9 - Remote Code Execution via GitlabProjectsImportService Input Validation
Mar 21, 2018
CVSS 9.8
EPSS 0.06
CVE-2017-0914 HIGH
GitLab 10.1, 10.2, 10.2.4 - SQL Injection in MilestoneFinder
Mar 21, 2018
CVSS 7.5
EPSS 0.01
CVE-2017-17716 MEDIUM
GitLab 9.4.x - Improper Certificate Validation in LDAP SSL Verification
Dec 17, 2017
CVSS 5.9
EPSS 0.01
CVE-2017-12426 HIGH
GitLab CE/EE <8.17.8, <9.0.13, <9.1.10, <9.2.10, <9.3.10, <9.4.4 - RCE
Aug 14, 2017
CVSS 8.8
EPSS 0.04
CVE-2017-11438 MEDIUM
GitLab CE and EE < 9.0.11, 9.1.8, 9.2.8 - Authenticated Privilege Escalation via Group Creation
Aug 02, 2017
CVSS 6.3
EPSS 0.01
CVE-2017-11437 MEDIUM
GitLab EE < 8.17.7, 9.0.11, 9.1.8, 9.2.8, 9.3.8 - Authenticated Repository Access via Mirroring Feature
Aug 02, 2017
CVSS 6.5
EPSS 0.01
CVE-2017-8778 MEDIUM
GitLab < 8.14.9, 8.15.x < 8.15.6, 8.16.x < 8.16.5 - Stored Cross-Site Scripting via SVG Attachment or Avatar
May 04, 2017
CVSS 6.1
EPSS 0.01
CVE-2017-0882 MEDIUM
GitLab <8.15.8-8.17.4 - Info Disclosure
Mar 28, 2017
CVSS 6.3
EPSS 0.01
CVE-2016-9469 HIGH
GitLab 8.12.0-8.14.2 - Authenticated Issue and Merge Request Deletion
Mar 28, 2017
CVSS 8.2
EPSS 0.02
CVE-2016-4340 HIGH
GitLab 8.2.0-8.6.7 Authenticated Privilege Escalation via Impersonate
Jan 23, 2017
CVSS 8.8
EPSS 0.10
CVE-2016-9086 MEDIUM
GitLab 8.9.0-8.13.2 - Authenticated Sensitive Information Exposure via Project Import/Export
Nov 03, 2016
CVSS 6.5
EPSS 0.05
CVE-2014-8540 MEDIUM
GitLab 6.0.0-6.9.2 and 7.x < 7.4.3 - Authenticated Arbitrary Group Ownership Modification via Groups API
Jan 05, 2018
CVSS 6.5
EPSS 0.02
CVE-2014-3456
GitLab Enterprise Edition 6.6.0 - Cross-Site Scripting
May 13, 2014
EPSS 0.01
CVE-2013-4583 HIGH
GitLab <5.4.2/6.2.4/6.2.1 - Privilege Escalation
Jan 28, 2020
CVSS 8.8
EPSS 0.02
CVE-2013-4582 MEDIUM
GitLab <5.4.2, <6.2.4, <6.2.1 - Info Disclosure
Jan 28, 2020
CVSS 6.5
EPSS 0.02
CVE-2013-4489
GitLab 5.2-5.4.1 and 6.x-6.2.3 - Authenticated Remote Code Execution via Grit Gem Search Feature
May 17, 2014
EPSS 0.01
CVE-2013-4546
GitLab <1.7.4 - Authenticated Command Injection
May 13, 2014
EPSS 0.02
CVE-2013-4490
GitLab <5.4.1, <6.2.3 - Command Injection
May 13, 2014
EPSS 0.42
CVE-2013-4581
GitLab < 6.2.3 - Remote Code Execution via SSH
May 12, 2014
EPSS 0.02
CVE-2013-4580
GitLab <5.4.2, <6.2.4, <6.2.1 - Auth Bypass
May 12, 2014
EPSS 0.01
CVE-2013-7316
GitLab < 6.5.0 - Cross-Site Scripting via HTML File Upload
Jan 24, 2014
EPSS 0.02