VYPR

GitLab

by GitLab Inc.

Source repositories

CVEs (1,214)

  • CVE-2018-18649Nov 29, 2018
    risk 0.04cvss epss 0.07

    An issue was discovered in the wiki API in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for remote code execution.

  • CVE-2022-1162Apr 4, 2022
    risk 0.03cvss epss 0.76

    A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts

  • CVE-2020-10977Apr 8, 2020
    risk 0.03cvss epss 0.43

    GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects.

  • CVE-2013-7316Jan 24, 2014
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in GitLab 6.0 and other versions before 6.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML file, as demonstrated by README.html.

  • CVE-2024-1451Feb 21, 2024
    risk 0.02cvss epss 0.51

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.1. A crafted payload added to the user profile page could lead to a stored XSS on the client side, allowing attackers to perform arbitrary actions on behalf of victims."

  • CVE-2023-0523Apr 5, 2023
    risk 0.02cvss epss 0.01

    An issue has been discovered in GitLab affecting all versions starting from 15.6 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. An XSS was possible via a malicious email address for certain instances.

  • CVE-2022-3513Apr 5, 2023
    risk 0.02cvss epss 0.01

    An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A specially crafted payload could lead to a reflected XSS on the client side which…

  • CVE-2025-0314Jan 24, 2025
    risk 0.01cvss epss 0.00

    An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.6.4, 17.7 before 17.7.3, and 17.8 before 17.8.1. Improper rendering of certain file types lead to cross-site scripting.

  • CVE-2024-4835May 23, 2024
    risk 0.01cvss epss 0.01

    A XSS condition exists within GitLab in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this condition, an attacker can craft a malicious page to exfiltrate sensitive user information.

  • CVE-2024-2434Apr 25, 2024
    risk 0.01cvss epss 0.23

    An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16.9 prior to 16.9.6, 16.10 prior to 16.10.4, and 16.11 prior to 16.11.1 where path traversal could lead to DoS and restricted file read.

  • CVE-2023-5933Jan 26, 2024
    risk 0.01cvss epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input sanitization of user name allows arbitrary API PUT requests.

  • CVE-2023-0921Jun 6, 2023
    risk 0.01cvss epss 0.84

    A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage.

  • CVE-2023-1178May 3, 2023
    risk 0.01cvss epss 0.01

    An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. File integrity may be compromised when source code or installation packages are pulled…

  • CVE-2019-14944Apr 15, 2023
    risk 0.01cvss epss 0.02

    An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Gitaly allows injection of command-line flags. This sometimes leads to privilege escalation or remote code execution.

  • CVE-2023-1708Apr 5, 2023
    risk 0.01cvss epss 0.01

    An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable characters gets copied from clipboard, allowing unexpected commands to be executed on victim machine.

  • CVE-2022-3572Jan 24, 2023
    risk 0.01cvss epss 0.01

    A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions from 13.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the Jira Connect integration which could lead to a reflected…

  • CVE-2022-3265Nov 9, 2022
    risk 0.01cvss epss 0.86

    A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed…

  • CVE-2021-22201Apr 2, 2021
    risk 0.01cvss epss 0.03

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server.

  • CVE-2026-2370Mar 29, 2026
    risk 0.00cvss epss 0.00

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 affecting Jira Connect installations that could have allowed an authenticated user with minimal workspace permissions to obtain…

  • CVE-2025-13078Mar 25, 2026
    risk 0.00cvss epss 0.00

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when processing certain…

Page 7 of 61