Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2022-4054
An issue has been discovered in GitLab affecting all versions starting from 9.3 prior to 15.4.6, all versions starting from 15.5 prior to 15.5.5, all versions starting from 15.6 prior to 15.6.1. It was possible for a project maintainer to leak a webhook secret token by changing t...
Gitlab Gitlab 15.6.0
Gitlab Gitlab
7.5
CVSSv3
CVE-2022-4205
In Gitlab EE/CE prior to 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash.
Gitlab Gitlab 15.6.0
Gitlab Gitlab
4.3
CVSSv3
CVE-2023-3979
An issue has been discovered in GitLab affecting all versions starting from 10.6 prior to 16.2.8, all versions starting from 16.3 prior to 16.3.5, all versions starting from 16.4 prior to 16.4.1. It was possible that upstream members to collaborate with you on your branch get per...
Gitlab Gitlab
Gitlab Gitlab 16.4.0
6.5
CVSSv3
CVE-2022-3820
An issue has been discovered in GitLab affecting all versions starting from 15.4 before 15.4.4, and 15.5 before 15.5.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in poss...
Gitlab Gitlab 15.6.0
Gitlab Gitlab
5.4
CVSSv3
CVE-2018-17536
An issue exists in GitLab Community and Enterprise Edition prior to 11.1.7, 11.2.x prior to 11.2.4, and 11.3.x prior to 11.3.1. There is stored XSS on the merge request page via project import.
Gitlab Gitlab
Gitlab Gitlab 11.3.0
5.4
CVSSv3
CVE-2018-17537
An issue exists in GitLab Community and Enterprise Edition prior to 11.1.7, 11.2.x prior to 11.2.4, and 11.3.x prior to 11.3.1. blog-viewer has stored XSS during repository browsing, if package.json exists. .
Gitlab Gitlab
Gitlab Gitlab 11.3.0
7.5
CVSSv3
CVE-2023-4647
An issue has been discovered in GitLab affecting all versions starting from 15.2 prior to 16.1.5, all versions starting from 16.2 prior to 16.2.5, all versions starting from 16.3 prior to 16.3.1 in which the projects API pagination can be skipped, potentially leading to DoS on ce...
Gitlab Gitlab 16.3.0
Gitlab Gitlab
3.1
CVSSv3
CVE-2023-4658
An issue has been discovered in GitLab EE affecting all versions starting from 8.13 prior to 16.4.3, all versions starting from 16.5 prior to 16.5.3, all versions starting from 16.6 prior to 16.6.1. It was possible for an malicious user to abuse the `Allowed to merge` permission ...
Gitlab Gitlab
Gitlab Gitlab 16.6.0
5.3
CVSSv3
CVE-2023-3362
An information disclosure issue in GitLab CE/EE affecting all versions from 16.0 before 16.0.6, and version 16.1.0 allows unauthenticated actors to access the import error information if a project was imported from GitHub.
Gitlab Gitlab
Gitlab Gitlab 16.1.0
7.7
CVSSv3
CVE-2023-3399
An issue has been discovered in GitLab EE affecting all versions starting from 11.6 prior to 16.3.6, all versions starting from 16.4 prior to 16.4.2, all versions starting from 16.5 prior to 16.5.1. It was possible for an unauthorised project or group member to read the CI/CD var...
Gitlab Gitlab
Gitlab Gitlab 13.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »