VYPR

GitLab

by GitLab Inc.

Source repositories

CVEs (1,214)

  • CVE-2025-0186MedApr 22, 2026
    risk 0.42cvss 6.5epss 0.00

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause denial of service under certain conditions by exhausting server resources by…

  • CVE-2026-1101MedApr 8, 2026
    risk 0.42cvss 6.5epss 0.00

    GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to cause denial of service to the GitLab instance due to improper input validation in GraphQL…

  • CVE-2018-16051MedOct 3, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Orphaned Upload Files Exposure.

  • CVE-2018-16048MedOct 3, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Missing Authorization Control for API Repository Storage.

  • CVE-2018-14602HigJul 27, 2018
    risk 0.42cvss 7.5epss 0.02

    An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. Information Disclosure can occur because the Prometheus metrics feature discloses private project pathnames.

  • CVE-2018-14601HigJul 27, 2018
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.2. A Denial of Service can occur because Markdown rendering times are slow.

  • CVE-2018-8801MedApr 25, 2018
    risk 0.42cvss 6.5epss 0.01

    GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to SSRF in the Services and webhooks component.

  • CVE-2014-8540MedJan 5, 2018
    risk 0.42cvss 6.5epss 0.02

    The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks.

  • CVE-2017-11437MedAug 2, 2017
    risk 0.42cvss 6.5epss 0.01

    GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users.

  • CVE-2017-11438MedAug 2, 2017
    risk 0.41cvss 6.3epss 0.01

    GitLab Community Edition (CE) and Enterprise Edition (EE) before 9.0.11, 9.1.8, 9.2.8 allow an authenticated user with the ability to create a group to add themselves to any project that is inside a subgroup.

  • CVE-2017-0882MedMar 28, 2017
    risk 0.41cvss 6.3epss 0.01

    Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC.

  • CVE-2018-16050MedOct 3, 2018
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.5 and 11.2.x before 11.2.2. There is Persistent XSS in the Merge Request Changes View.

  • CVE-2018-10379MedMay 31, 2018
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2. The Move Issue feature contained a persistent XSS vulnerability.

  • CVE-2018-9244MedApr 5, 2018
    risk 0.40cvss 6.1epss 0.01

    GitLab Community and Enterprise Editions version 9.2 up to 10.4 are vulnerable to XSS because a lack of input validation in the milestones component leads to cross site scripting (specifically, data-milestone-id in the milestone dropdown feature). This is fixed in 10.6.3,…

  • CVE-2018-9243MedApr 5, 2018
    risk 0.40cvss 6.1epss 0.01

    GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack of input validation in the merge request component leads to cross site scripting (specifically, filenames in changes tabs of merge requests). This is fixed in 10.6.3, 10.5.7, and…

  • CVE-2017-0924MedMar 21, 2018
    risk 0.40cvss 6.1epss 0.01

    Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the labels component resulting in persistent cross site scripting.

  • CVE-2017-8778MedMay 4, 2017
    risk 0.40cvss 6.1epss 0.01

    GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document.

  • CVE-2026-3160MedMay 14, 2026
    risk 0.38cvss 5.8epss 0.00

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to view Jira issues outside the configured project scope due to an integration filter…

  • CVE-2017-17716MedDec 17, 2017
    risk 0.38cvss 5.9epss 0.01

    GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate verification, but a verify_certificates LDAP option was mentioned in the 9.4 release announcement. This issue occurred because code was not merged. This is related to use of the omniauth-ldap library and the…

  • CVE-2026-1516MedApr 8, 2026
    risk 0.37cvss 5.7epss 0.00

    GitLab has remediated an issue in GitLab EE affecting all versions from 18.0.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that in Code Quality reports could have allowed an authenticated user to leak IP addresses of users viewing the report via specially crafted…

Page 3 of 61