← Back

Gitlab

gitlab

1,402 CVEs • 11 products

Products (11)

Click to collapse
Toggle
Gitlab
gitlab
1,387 CVEs
Gitlab Shell
gitlab-shell
5 CVEs
Dynamic Application Security Testing Analyzer
dynamic_application_security_testing_analyzer
4 CVEs
Runner
runner
3 CVEs
Gitlab Vscode Extension
gitlab-vscode-extension
2 CVEs
Omnibus
omnibus
1 CVE
Gitaly
gitaly
1 CVE
Gitlab Runner
gitlab_runner
1 CVE
Dast Api Scanner
dast_api_scanner
1 CVE
\
1 CVE
Language Server
language_server
1 CVE

CVEs (1,402)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-13054
1Gitlab
1Gitlab
Aug 6, 2025
Mar 13, 2025
N/A· v4
6.5 MEDIUM· v3
N/A· v2
An issue was discovered in GitLab CE/EE affecting all versions before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2. where a denial of service vulnerability could allow an attacker to cause a system reboot under...Show more
An issue was discovered in GitLab CE/EE affecting all versions before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2. where a denial of service vulnerability could allow an attacker to cause a system reboot under certain conditions.Show less
CVE-2024-12380
1Gitlab
1Gitlab
Aug 6, 2025
Mar 13, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
An issue was discovered in GitLab EE/CE affecting all versions starting from 11.5 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. Certain user inputs in reposi...Show more
An issue was discovered in GitLab EE/CE affecting all versions starting from 11.5 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. Certain user inputs in repository mirroring settings could potentially expose sensitive authentication information.Show less
CVE-2025-2045
1Gitlab
1Gitlab
Aug 6, 2025
Mar 6, 2025
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Improper authorization in GitLab EE affecting all versions from 17.7 prior to 17.7.6, 17.8 prior to 17.8.4, 17.9 prior to 17.9.1 allow users with limited permissions to access to potentially sensitive project analytics...Show more
Improper authorization in GitLab EE affecting all versions from 17.7 prior to 17.7.6, 17.8 prior to 17.8.4, 17.9 prior to 17.9.1 allow users with limited permissions to access to potentially sensitive project analytics data.Show less
CVE-2025-1540
1Gitlab
1Gitlab
Aug 6, 2025
Mar 6, 2025
N/A· v4
4.2 MEDIUM· v3
N/A· v2
An issue has been discovered in GitLab CE/EE for Self-Managed and Dedicated instances affecting all versions from 17.5 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2. It was possible for a user added as...Show more
An issue has been discovered in GitLab CE/EE for Self-Managed and Dedicated instances affecting all versions from 17.5 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2. It was possible for a user added as an External to read and clone internal projects under certain circumstances."Show less
CVE-2025-0555
1Gitlab
1Gitlab
Mar 7, 2025
Mar 3, 2025
N/A· v4
6.1 MEDIUM· v3
N/A· v2
A Cross Site Scripting (XSS) vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls and execute arbitrar...Show more
A Cross Site Scripting (XSS) vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls and execute arbitrary scripts in a users browser under specific conditions.Show less
CVE-2025-0475
1Gitlab
1Gitlab
Mar 7, 2025
Mar 3, 2025
N/A· v4
6.1 MEDIUM· v3
N/A· v2
An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1. A proxy feature could potentially allow unintended content rendering leading...Show more
An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1. A proxy feature could potentially allow unintended content rendering leading to XSS under specific circumstances.Show less
CVE-2024-10925
1Gitlab
1Gitlab
Aug 26, 2025
Mar 3, 2025
N/A· v4
5.4 MEDIUM· v3
N/A· v2
A vulnerability in GitLab-EE affecting all versions from 16.2 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows a Guest user to read Security policy YAML
CVE-2024-8186
1Gitlab
1Gitlab
Mar 6, 2025
Mar 3, 2025
N/A· v4
5.4 MEDIUM· v3
N/A· v2
An issue has been discovered in GitLab CE/EE affecting all versions from 16.6 before 17.7.6, 17.8 before 17.8.4, and 17.9 before 17.9.1. An attacker could inject HMTL into the child item search potentially leading to XSS...Show more
An issue has been discovered in GitLab CE/EE affecting all versions from 16.6 before 17.7.6, 17.8 before 17.8.4, and 17.9 before 17.9.1. An attacker could inject HMTL into the child item search potentially leading to XSS in certain situations.Show less
CVE-2024-3303
1Gitlab
1Gitlab
Aug 6, 2025
Feb 13, 2025
N/A· v4
5.7 MEDIUM· v3
N/A· v2
An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.6.5, starting from 17.7 prior to 17.7.4, and starting from 17.8 prior to 17.8.2, which allows an attacker to exfiltrate contents...Show more
An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.6.5, starting from 17.7 prior to 17.7.4, and starting from 17.8 prior to 17.8.2, which allows an attacker to exfiltrate contents of a private issue using prompt injection.Show less
CVE-2025-1198
1Gitlab
1Gitlab
Aug 6, 2025
Feb 13, 2025
N/A· v4
5.3 MEDIUM· v3
N/A· v2
An issue discovered in GitLab CE/EE affecting all versions from 16.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 meant that long-lived connections in ActionCable potentially allowed revoked Personal...Show more
An issue discovered in GitLab CE/EE affecting all versions from 16.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 meant that long-lived connections in ActionCable potentially allowed revoked Personal Access Tokens access to streaming results.Show less
CVE-2024-8266
1Gitlab
1Gitlab
Aug 6, 2025
Feb 13, 2025
N/A· v4
6.6 MEDIUM· v3
N/A· v2
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.6.0, which allows an attacker with maintainer role to trigger a pipeline as project owner under certain circumstances.
CVE-2024-7102
1Gitlab
1Gitlab
Aug 6, 2025
Feb 13, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.0 which allows an attacker to trigger a pipeline as another user under certain circumstances.
CVE-2025-0516
1Gitlab
1Gitlab
Aug 6, 2025
Feb 12, 2025
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Improper Authorization in GitLab CE/EE affecting all versions from 17.7 prior to 17.7.4, 17.8 prior to 17.8.2 allow users with limited permissions to perform unauthorized actions on critical project data.
CVE-2024-9870
1Gitlab
1Gitlab
Aug 6, 2025
Feb 12, 2025
N/A· v4
8.8 HIGH· v3
N/A· v2
An external service interaction vulnerability in GitLab EE affecting all versions from 15.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send requests from the GitLab server to u...Show more
An external service interaction vulnerability in GitLab EE affecting all versions from 15.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send requests from the GitLab server to unintended services.Show less
CVE-2025-1212
1Gitlab
1Gitlab
Aug 6, 2025
Feb 12, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
An information disclosure vulnerability in GitLab CE/EE affecting all versions from 8.3 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send a crafted request to a backend server to...Show more
An information disclosure vulnerability in GitLab CE/EE affecting all versions from 8.3 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send a crafted request to a backend server to reveal sensitive information.Show less
CVE-2025-1042
1Gitlab
1Gitlab
Aug 6, 2025
Feb 12, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
An insecure direct object reference vulnerability in GitLab EE affecting all versions from 15.7 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to view repositories in an unauthorized w...Show more
An insecure direct object reference vulnerability in GitLab EE affecting all versions from 15.7 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to view repositories in an unauthorized way.Show less
CVE-2025-0376
1Gitlab
1Gitlab
Aug 6, 2025
Feb 12, 2025
N/A· v4
6.1 MEDIUM· v3
N/A· v2
An XSS vulnerability exists in GitLab CE/EE affecting all versions from 13.3 prior to 17.6.5, 17.7 prior to 17.7.4 and 17.8 prior to 17.8.2 that allows an attacker to execute unauthorized actions via a change page.
CVE-2024-12379
1Gitlab
1Gitlab
Aug 6, 2025
Feb 12, 2025
N/A· v4
6.5 MEDIUM· v3
N/A· v2
A denial of service vulnerability in GitLab CE/EE affecting all versions from 14.1 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to impact the availability of GitLab via unbounded sym...Show more
A denial of service vulnerability in GitLab CE/EE affecting all versions from 14.1 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to impact the availability of GitLab via unbounded symbol creation via the scopes parameter in a Personal Access Token.Show less
CVE-2024-10383
1Gitlab
1Gitlab
Aug 14, 2025
Feb 7, 2025
N/A· v4
6.1 MEDIUM· v3
N/A· v2
An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 pr...Show more
An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporarily affected versions 17.4, 17.5 and 17.6, where a XSS attack was possible when loading .ipynb files in the web IDEShow less
CVE-2025-1072
1Gitlab
1Gitlab
Aug 6, 2025
Feb 7, 2025
N/A· v4
6.5 MEDIUM· v3
N/A· v2
A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14.1 prior to 17.3.7, 17.4 prior to 17.4.4, and 17.5 prior to 17.5.2. A denial of service could occur upon import...Show more
A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14.1 prior to 17.3.7, 17.4 prior to 17.4.4, and 17.5 prior to 17.5.2. A denial of service could occur upon importing maliciously crafted content using the Fogbugz importer.Show less