VYPR

CE/EE

by GitLab Inc.

Source repositories

CVEs (41)

  • CVE-2020-26417MedDec 11, 2020
    risk 0.35cvss 5.3epss 0.01

    Information disclosure via GraphQL in GitLab CE/EE 13.1 and later exposes private group and project membership. This affects versions >=13.6 to <13.6.2, >=13.5 to <13.5.5, and >=13.1 to <13.4.7.

  • CVE-2020-26408MedDec 11, 2020
    risk 0.35cvss 5.3epss 0.01

    A limited information disclosure vulnerability exists in Gitlab CE/EE from >= 12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2 that allows an attacker to view limited information in user's private profile

  • CVE-2019-15579MedJan 28, 2020
    risk 0.35cvss 5.3epss 0.01

    An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) where the assignee(s) of a confidential issue in a private project would be disclosed to a guest via milestones.

  • CVE-2019-15578MedJan 28, 2020
    risk 0.35cvss 5.3epss 0.01

    An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). The path of a private project, that used to be public, would be disclosed in the unsubscribe email link of issues and merge requests.

  • CVE-2026-9204MedJun 11, 2026
    risk 0.34cvss 5.3epss 0.00

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to read arbitrary files from the Gitaly server and access internal…

  • CVE-2026-6713MedMay 27, 2026
    risk 0.34cvss 5.3epss 0.00

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an unauthorized user to enumerate private projects due to incorrect authorization checks.

  • CVE-2020-13358MedNov 17, 2020
    risk 0.31cvss 4.7epss 0.00

    A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. Affected versions are: >=13.4, <13.4.5,>=13.3, <13.3.9,>=13.5, <13.5.2.

  • CVE-2026-6277MedJun 11, 2026
    risk 0.28cvss 4.3epss 0.00

    GitLab has remediated an issue in GitLab EE affecting all versions from 13.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with Security Manager-role permissions to manage project security…

  • CVE-2026-9807MedMay 28, 2026
    risk 0.28cvss 4.3epss 0.00

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed a blocked Project Access Token to continue accessing private resources due to incorrect…

  • CVE-2026-8716MedMay 27, 2026
    risk 0.28cvss 4.3epss 0.00

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.7 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authenticated user to access CI data from a different ref type than intended.

  • CVE-2026-5296MedMay 27, 2026
    risk 0.28cvss 4.3epss 0.00

    GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that when foundational flows were enabled at the group level, could have allowed an authenticated user with developer-role permissions to…

  • CVE-2026-2601MedMay 27, 2026
    risk 0.28cvss 4.3epss 0.00

    GitLab has remediated an issue in GitLab EE affecting all versions from 11.5 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to access sensitive deployment data on…

  • CVE-2020-13357MedDec 11, 2020
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, >= 13.5 to <13.5.5, and >= 13.6 to <13.6.2 allowed an unauthorized user to access the user list corresponding to a feature flag in a project.

  • CVE-2020-26409MedDec 11, 2020
    risk 0.28cvss 4.3epss 0.01

    A DOS vulnerability exists in Gitlab CE/EE >=10.3, <13.4.7,>=13.5, <13.5.5,>=13.6, <13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields.

  • CVE-2020-13354MedNov 17, 2020
    risk 0.28cvss 4.3epss 0.01

    A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 12.6. The container registry name check could cause exponential number of backtracks for certain user supplied values resulting in high CPU usage. Affected versions are: >=12.6, <13.3.9.

  • CVE-2019-5465MedJan 28, 2020
    risk 0.28cvss 4.3epss 0.01

    An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue ID.

  • CVE-2026-6976LowJun 11, 2026
    risk 0.24cvss 3.7epss 0.00

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to hide changes from merge request…

  • CVE-2020-13352LowNov 17, 2020
    risk 0.24cvss 3.7epss 0.01

    Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group. Affected versions are: >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.

  • CVE-2026-3553LowJun 11, 2026
    risk 0.20cvss 3.1epss 0.00

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to access confidential issue details due to incorrect authorization…

  • CVE-2020-13350LowNov 17, 2020
    risk 0.20cvss 3.1epss 0.01

    CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners. Affected versions are >=13.5.0, <13.5.2,>=13.4.0, <13.4.5,<13.3.9.