VYPR

GitLab

by GitLab Inc.

Source repositories

CVEs (1,214)

  • CVE-2025-9957LowApr 22, 2026
    risk 0.18cvss 2.7epss 0.00

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user with project owner permissions to bypass group fork prevention…

  • CVE-2026-4916LowApr 8, 2026
    risk 0.18cvss 2.7epss 0.00

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with custom role permissions to demote or remove higher-privileged group members due to…

  • CVE-2021-22175KEVJun 11, 2021
    risk 0.18cvss epss 0.53

    When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled

  • CVE-2026-9694LowJun 11, 2026
    risk 0.17cvss 2.6epss 0.00

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions, could have allowed an unauthenticated user to impersonate the GitLab Support Bot and inject arbitrary…

  • CVE-2026-6883LowMay 14, 2026
    risk 0.17cvss 2.6epss 0.00

    GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to bypass merge request approval requirements due to improper cleanup of orphaned policy…

  • CVE-2021-39935KEVDec 13, 2021
    risk 0.17cvss epss 0.30

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API

  • CVE-2021-39911LowNov 5, 2021
    risk 0.11cvss 1.7epss 0.01

    An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 exposes private email address of Issue and Merge Requests assignee to Webhook data…

  • CVE-2023-2825May 26, 2023
    risk 0.10cvss epss 0.72

    An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups.

  • CVE-2022-2992Oct 17, 2022
    risk 0.10cvss epss 0.86

    A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint.

  • CVE-2021-4191Mar 28, 2022
    risk 0.10cvss epss 0.80

    An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration to unauthenticated users through the GraphQL API.

  • CVE-2023-2442Jun 7, 2023
    risk 0.07cvss epss 0.96

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A specially crafted merge request could lead to a stored XSS on the client side which allows attackers to perform arbitrary…

  • CVE-2022-2185Jul 1, 2022
    risk 0.07cvss epss 0.77

    A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user authorized to import projects could import a maliciously crafted project leading to remote code…

  • CVE-2021-22214Jun 8, 2021
    risk 0.07cvss epss 0.28

    When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited

  • CVE-2022-0735Mar 28, 2022
    risk 0.06cvss epss 0.13

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user was able to steal runner registration tokens through an…

  • CVE-2013-4490May 13, 2014
    risk 0.06cvss epss 0.42

    The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key.

  • CVE-2023-5612Jan 26, 2024
    risk 0.05cvss epss 0.04

    An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled.

  • CVE-2023-0050Mar 9, 2023
    risk 0.05cvss epss 0.92

    An issue has been discovered in GitLab affecting all versions starting from 13.7 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A specially crafted Kroki diagram could lead to a stored XSS on the client side which…

  • CVE-2022-2884Oct 17, 2022
    risk 0.05cvss epss 0.76

    A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint

  • CVE-2024-0402Jan 26, 2024
    risk 0.04cvss epss 0.03

    An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace.

  • CVE-2023-2164Aug 1, 2023
    risk 0.04cvss epss 0.64

    An issue has been discovered in GitLab affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to trigger a stored XSS vulnerability via user…

Page 6 of 61