VYPR

GitLab

by GitLab Inc.

Source repositories

CVEs (1,214)

  • CVE-2019-15721MedSep 16, 2019
    risk 0.35cvss 5.4epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 10.8 through 12.2.1. An internal endpoint unintentionally allowed group maintainers to view and edit group runner settings.

  • CVE-2019-6995MedSep 9, 2019
    risk 0.35cvss 6.5epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Users are able to comment on locked project issues.

  • CVE-2019-6786MedSep 9, 2019
    risk 0.35cvss 6.5epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control (issue 1 of 3). The contents of an LFS object can be accessed by an unauthorized user, if the file size and OID are…

  • CVE-2019-6785MedSep 9, 2019
    risk 0.35cvss 6.5epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Denial of Service. Inputting an overly long string into a Markdown field could cause a denial of service.

  • CVE-2019-5471MedSep 9, 2019
    risk 0.35cvss 5.4epss 0.01

    An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6.

  • CVE-2018-19573MedJul 10, 2019
    risk 0.35cvss 5.4epss 0.01

    GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid.

  • CVE-2019-10111MedMay 15, 2019
    risk 0.35cvss 5.4epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allows persistent XSS in the merge request "resolve conflicts" page.

  • CVE-2019-10109MedMay 15, 2019
    risk 0.35cvss 5.3epss 0.02

    An Information Exposure issue (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. EXIF geolocation data were not removed from images when uploaded to GitLab. As a result, anyone with access to…

  • CVE-2019-10108MedMay 15, 2019
    risk 0.35cvss 5.4epss 0.01

    An Incorrect Access Control (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allowed non-members of a private project/group to add and read labels.

  • CVE-2019-9225MedApr 17, 2019
    risk 0.35cvss 5.3epss 0.02

    An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 5 of 5).

  • CVE-2019-9224MedApr 17, 2019
    risk 0.35cvss 5.3epss 0.02

    An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 4 of 5).

  • CVE-2019-9178MedApr 17, 2019
    risk 0.35cvss 5.3epss 0.02

    An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 4 of 5).

  • CVE-2019-9175MedApr 17, 2019
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 3 of 5).

  • CVE-2019-9170MedApr 17, 2019
    risk 0.35cvss 5.3epss 0.02

    An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control.

  • CVE-2019-7155MedApr 16, 2019
    risk 0.35cvss 6.5epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. A user retains their role within a project in a private group after being removed from the…

  • CVE-2018-17975MedDec 4, 2018
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. There is Information Exposure via the GFM markdown API.

  • CVE-2018-12606MedAug 3, 2018
    risk 0.35cvss 5.4epss 0.01

    An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The wiki contains a persistent XSS issue due to a lack of output encoding affecting a specific markdown feature.

  • CVE-2018-12605MedAug 3, 2018
    risk 0.35cvss 5.4epss 0.01

    An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter.

  • CVE-2026-9204MedJun 11, 2026
    risk 0.34cvss 5.3epss 0.00

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to read arbitrary files from the Gitaly server and access internal…

  • CVE-2026-6713MedMay 27, 2026
    risk 0.34cvss 5.3epss 0.00

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an unauthorized user to enumerate private projects due to incorrect authorization checks.

Page 25 of 61