Filtered by vendor Gitlab
Subscriptions
Total
1359 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-5816 | 1 Gitlab | 1 Gitlab | 2026-04-23 | 8 High |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute arbitrary JavaScript in a user's browser session due to improper path validation under certain conditions. | ||||
| CVE-2026-6515 | 1 Gitlab | 1 Gitlab | 2026-04-23 | 5.4 Medium |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed a user to use invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions. | ||||
| CVE-2024-1250 | 1 Gitlab | 1 Gitlab | 2026-04-23 | 6.5 Medium |
| An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. When a user is assigned a custom role with manage_group_access_tokens permission, they may be able to create group access tokens with Owner privileges, which may lead to privilege escalation. | ||||
| CVE-2024-1066 | 1 Gitlab | 1 Gitlab | 2026-04-23 | 6.5 Medium |
| An issue has been discovered in GitLab EE affecting all versions from 13.3.0 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows an attacker to do a resource exhaustion using GraphQL `vulnerabilitiesCountByDay` | ||||
| CVE-2024-0402 | 1 Gitlab | 1 Gitlab | 2026-04-23 | 9.9 Critical |
| An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace. | ||||
| CVE-2023-6680 | 1 Gitlab | 1 Gitlab | 2026-04-23 | 7.4 High |
| An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all versions from 11.6 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows an attacker to authenticate as another user given their public key if they use Smartcard authentication. Smartcard authentication is an experimental feature and has to be manually enabled by an administrator. | ||||
| CVE-2023-5963 | 1 Gitlab | 1 Gitlab | 2026-04-23 | 3.1 Low |
| An issue has been discovered in GitLab EE with Advanced Search affecting all versions from 13.9 to 16.3.6, 16.4 prior to 16.4.2 and 16.5 prior to 16.5.1 that could allow a denial of service in the Advanced Search function by chaining too many syntax operators. | ||||
| CVE-2023-5831 | 1 Gitlab | 1 Gitlab | 2026-04-23 | 3.7 Low |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, and all versions starting from 16.5.0 before 16.5.1 which have the `super_sidebar_logged_out` feature flag enabled. Affected versions with this default-disabled feature flag enabled may unintentionally disclose GitLab version metadata to unauthorized actors. | ||||
| CVE-2023-5226 | 1 Gitlab | 1 Gitlab | 2026-04-23 | 4.8 Medium |
| An issue has been discovered in GitLab affecting all versions before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. Under certain circumstances, a malicious actor bypass prohibited branch checks using a specially crafted branch name to manipulate repository content in the UI. | ||||
| CVE-2023-3907 | 1 Gitlab | 1 Gitlab | 2026-04-23 | 4.9 Medium |
| A privilege escalation vulnerability in GitLab EE affecting all versions from 16.0 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows a project Maintainer to use a Project Access Token to escalate their role to Owner | ||||
| CVE-2023-4647 | 1 Gitlab | 1 Gitlab | 2026-04-21 | 5.3 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which the projects API pagination can be skipped, potentially leading to DoS on certain instances. | ||||
| CVE-2023-4630 | 1 Gitlab | 1 Gitlab | 2026-04-21 | 5 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which any user can read limited information about any project's imports. | ||||
| CVE-2023-4379 | 1 Gitlab | 1 Gitlab | 2026-04-21 | 8.1 High |
| An issue has been discovered in GitLab EE affecting all versions starting from 15.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Code owner approval was not removed from merge requests when the target branch was updated. | ||||
| CVE-2023-4008 | 1 Gitlab | 1 Gitlab | 2026-04-21 | 5.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to takeover GitLab Pages with unique domain URLs if the random string added was known. | ||||
| CVE-2023-4002 | 1 Gitlab | 1 Gitlab | 2026-04-21 | 5.3 Medium |
| An issue has been discovered in GitLab EE affecting all versions starting from 14.1 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for EE-licensed users to link any security policy project by its ID to projects or groups the user has access to, potentially revealing the security projects's configured security policies. | ||||
| CVE-2026-1456 | 1 Gitlab | 1 Gitlab | 2026-04-18 | 6.5 Medium |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through CPU exhaustion by submitting specially crafted markdown files that trigger exponential processing in markdown preview. | ||||
| CVE-2026-1282 | 1 Gitlab | 1 Gitlab | 2026-04-18 | 3.5 Low |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to inject malicious content into project labels titles. | ||||
| CVE-2026-1094 | 1 Gitlab | 2 Gitaly, Gitlab | 2026-04-18 | 4.6 Medium |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI. | ||||
| CVE-2026-1080 | 1 Gitlab | 1 Gitlab | 2026-04-18 | 4.3 Medium |
| GitLab has remediated an issue in GitLab EE affecting all versions from 16.7 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to access iteration data from private descendant groups by querying the iterations API endpoint. | ||||
| CVE-2026-1725 | 1 Gitlab | 1 Gitlab | 2026-04-18 | 5.3 Medium |
| GitLab has remediated an issue in GitLab CE/EE affecting versions from 18.9 before 18.9.1 that could have under certain conditions, allowed an unauthenticated user to cause denial of service by sending specially crafted requests to a CI jobs API endpoint. | ||||