VYPR

GitLab

by GitLab Inc.

Source repositories

CVEs (1,214)

  • CVE-2019-9171LowApr 17, 2019
    risk 0.24cvss 3.7epss 0.01

    An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 1 of 5).

  • CVE-2026-7471LowMay 14, 2026
    risk 0.23cvss 3.5epss 0.00

    GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with control of a virtual registry upstream to make requests to internal hosts due to improper…

  • CVE-2026-3254LowApr 22, 2026
    risk 0.23cvss 3.5epss 0.00

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to load unauthorized content into another user's browser due to improper input validation in the Mermaid sandbox.

  • CVE-2023-2030LowJan 12, 2024
    risk 0.23cvss 3.5epss 0.00

    An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an attacker could potentially modify the metadata of signed commits.

  • CVE-2023-4700LowNov 6, 2023
    risk 0.23cvss 3.5epss 0.00

    An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals.

  • CVE-2023-3906LowSep 29, 2023
    risk 0.23cvss 3.5epss 0.00

    An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1, allowed an authenticated attacker to craft image urls which bypass the asset proxy.

  • CVE-2023-0120LowSep 1, 2023
    risk 0.23cvss 3.5epss 0.00

    An issue has been discovered in GitLab affecting all versions starting from 10.0 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to edit labels description by an…

  • CVE-2023-1936LowJul 11, 2023
    risk 0.23cvss 3.5epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to leak the email address of a user who created a…

  • CVE-2022-4201LowJan 27, 2023
    risk 0.23cvss 3.5epss 0.01

    A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner.

  • CVE-2022-3819LowNov 10, 2022
    risk 0.23cvss 3.5epss 0.00

    An improper authorization issue in GitLab CE/EE affecting all versions from 15.0 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a malicious users to set emojis on internal notes they don't have access to.

  • CVE-2022-3280LowNov 9, 2022
    risk 0.23cvss 3.5epss 0.01

    An open redirect in GitLab CE/EE affecting all versions from 10.1 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick users into visiting a trustworthy URL and being redirected to arbitrary content.

  • CVE-2022-3331LowOct 17, 2022
    risk 0.23cvss 3.5epss 0.01

    An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab's Zentao integration has an insecure direct object reference vulnerability that…

  • CVE-2022-3293LowOct 17, 2022
    risk 0.23cvss 3.5epss 0.01

    Email addresses were leaked in WebHook logs in GitLab EE affecting all versions from 9.3 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1

  • CVE-2022-3288LowOct 17, 2022
    risk 0.23cvss 3.5epss 0.01

    A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to manipulate pages where the content of the default branch would be expected.

  • CVE-2022-2499LowAug 5, 2022
    risk 0.23cvss 3.5epss 0.01

    An issue has been discovered in GitLab EE affecting all versions starting from 13.10 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab's Jira integration has an insecure direct object reference vulnerability that…

  • CVE-2022-2307LowAug 5, 2022
    risk 0.23cvss 3.5epss 0.00

    A lack of cascading deletes in GitLab CE/EE affecting all versions starting from 13.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious Group Owner to retain a usable Group Access Token even after the…

  • CVE-2022-2270LowJul 1, 2022
    risk 0.23cvss 3.5epss 0.01

    An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab was leaking Conan packages names due to incorrect permissions verification.

  • CVE-2022-0489LowApr 1, 2022
    risk 0.23cvss 3.5epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions starting with 8.15 . It was possible to trigger a DOS by using the math feature with a specific formula in issue comments.

  • CVE-2022-0488LowMar 28, 2022
    risk 0.23cvss 3.5epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions starting with version 8.10. It was possible to trigger a timeout on a page with markdown by using a specific amount of block-quotes.

  • CVE-2022-0093LowJan 18, 2022
    risk 0.23cvss 3.5epss 0.01

    An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab allows a user with an expired password to access sensitive information through RSS feeds.

Page 38 of 61