Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab gitlab vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2022-0751
Inaccurate display of Snippet files containing special characters in all versions of GitLab CE/EE allows an malicious user to create Snippets with misleading content which could trick unsuspecting users into executing arbitrary commands
Gitlab Gitlab
6.8
CVSSv2
CVE-2021-22175
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled
Gitlab Gitlab
6.8
CVSSv2
CVE-2021-22204
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
Exiftool Project Exiftool
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
28 Github repositories
6.8
CVSSv2
CVE-2021-22195
Client side code execution in gitlab-vscode-extension v3.15.0 and previous versions allows malicious user to execute code on user system
Gitlab Gitlab-vscode-extension
6.8
CVSSv2
CVE-2021-28834
Kramdown prior to 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated.
Kramdown Project Kramdown
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 10.0
6.8
CVSSv2
CVE-2020-13279
Client side code execution in gitlab-vscode-extension v2.2.0 allows malicious user to execute code on user system
Gitlab Gitlab-vscode-extension
6.8
CVSSv2
CVE-2019-5462
A privilege escalation issue exists in GitLab CE/EE 9.0 and later when trigger tokens are not rotated once ownership of them has changed.
Gitlab Gitlab
6.8
CVSSv2
CVE-2019-19261
GitLab Enterprise Edition (EE) 6.7 and later up to and including 12.5 allows SSRF.
Gitlab Gitlab
6.8
CVSSv2
CVE-2019-6793
An issue exists in GitLab Enterprise Edition prior to 11.5.8, 11.6.x prior to 11.6.6, and 11.7.x prior to 11.7.1. The Jira integration feature is vulnerable to an unauthenticated blind SSRF issue.
Gitlab Gitlab
6.8
CVSSv2
CVE-2018-14603
An issue exists in GitLab Community and Enterprise Edition prior to 10.8.7, 11.0.x prior to 11.0.5, and 11.1.x prior to 11.1.2. CSRF can occur in the Test feature of the System Hooks component.
Gitlab Gitlab
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »