Filtered by vendor Gitlab
Subscriptions
Filtered by product Gitlab
Subscriptions
Total
1180 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3279 | 1 Gitlab | 1 Gitlab | 2025-05-13 | 2.7 Low |
| An unhandled exception in job log parsing in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to prevent access to job logs | ||||
| CVE-2022-3067 | 1 Gitlab | 1 Gitlab | 2025-05-13 | 6.5 Medium |
| An issue has been discovered in the Import functionality of GitLab CE/EE affecting all versions starting from 14.4 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an authenticated user to read arbitrary projects' content given the project's ID. | ||||
| CVE-2025-1278 | 1 Gitlab | 1 Gitlab | 2025-05-12 | 5.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 12.0 before 17.9.8, 17.10 before 17.10.6, and 17.11 before 17.11.2. Under certain conditions users could bypass IP access restrictions and view sensitive information. | ||||
| CVE-2025-0549 | 1 Gitlab | 1 Gitlab | 2025-05-12 | 6.8 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.3 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. A security vulnerability allows attackers to bypass Device OAuth flow protections, enabling authorization form submission through minimal user interaction. | ||||
| CVE-2024-8973 | 1 Gitlab | 1 Gitlab | 2025-05-12 | 6.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. It was possible to cause a DoS condition via GitHub import requests using a malicious crafted payload. | ||||
| CVE-2024-1250 | 1 Gitlab | 1 Gitlab | 2025-05-07 | 6.5 Medium |
| An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. When a user is assigned a custom role with manage_group_access_tokens permission, they may be able to create group access tokens with Owner privileges, which may lead to privilege escalation. | ||||
| CVE-2022-2882 | 1 Gitlab | 1 Gitlab | 2025-05-07 | 5.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A malicious maintainer could exfiltrate a GitHub integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server. | ||||
| CVE-2022-2826 | 1 Gitlab | 1 Gitlab | 2025-05-07 | 2.7 Low |
| An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. TODO | ||||
| CVE-2022-3639 | 1 Gitlab | 1 Gitlab | 2025-05-07 | 4.3 Medium |
| A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 10.8 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Improper data handling on branch creation could have been used to trigger high CPU usage. | ||||
| CVE-2022-3018 | 1 Gitlab | 1 Gitlab | 2025-05-07 | 6.8 Medium |
| An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 allows a project maintainer to access the DataDog integration API key from webhook logs. | ||||
| CVE-2023-3444 | 1 Gitlab | 1 Gitlab | 2025-05-05 | 5.7 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.3 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to merge arbitrary code into protected branches. | ||||
| CVE-2024-1066 | 1 Gitlab | 1 Gitlab | 2025-05-05 | 6.5 Medium |
| An issue has been discovered in GitLab EE affecting all versions from 13.3.0 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows an attacker to do a resource exhaustion using GraphQL `vulnerabilitiesCountByDay` | ||||
| CVE-2023-0921 | 1 Gitlab | 1 Gitlab | 2025-05-05 | 4.3 Medium |
| A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage. | ||||
| CVE-2023-4647 | 1 Gitlab | 1 Gitlab | 2025-05-05 | 5.3 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which the projects API pagination can be skipped, potentially leading to DoS on certain instances. | ||||
| CVE-2022-2904 | 1 Gitlab | 1 Gitlab | 2025-05-02 | 7.3 High |
| A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 It was possible to exploit a vulnerability in the external status checks feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side. | ||||
| CVE-2022-3819 | 1 Gitlab | 1 Gitlab | 2025-05-01 | 3.5 Low |
| An improper authorization issue in GitLab CE/EE affecting all versions from 15.0 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a malicious users to set emojis on internal notes they don't have access to. | ||||
| CVE-2022-3818 | 1 Gitlab | 1 Gitlab | 2025-05-01 | 5.3 Medium |
| An uncontrolled resource consumption issue when parsing URLs in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to cause performance issues and potentially a denial of service on the GitLab instance. | ||||
| CVE-2022-3486 | 1 Gitlab | 1 Gitlab | 2025-05-01 | 4.7 Medium |
| An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows an attacker to redirect users to an arbitrary location if they trust the URL. | ||||
| CVE-2022-3280 | 1 Gitlab | 1 Gitlab | 2025-05-01 | 3.5 Low |
| An open redirect in GitLab CE/EE affecting all versions from 10.1 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick users into visiting a trustworthy URL and being redirected to arbitrary content. | ||||
| CVE-2022-3265 | 1 Gitlab | 1 Gitlab | 2025-05-01 | 7.3 High |
| A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side. | ||||