Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

gitlab vulnerabilities and exploits

(subscribe to this query)
6.5
CVSSv3

CVE-2017-11437

GitLab Enterprise Edition (EE) prior to 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users.
Gitlab Gitlab 8.5.0Gitlab Gitlab 8.5.1Gitlab Gitlab 8.5.2Gitlab Gitlab 8.5.3Gitlab Gitlab 8.5.4Gitlab Gitlab 8.5.5Gitlab Gitlab 8.5.6Gitlab Gitlab 8.5.7Gitlab Gitlab 8.5.8Gitlab Gitlab 8.5.9Gitlab Gitlab 8.5.10Gitlab Gitlab 8.5.11
6.3
CVSSv3

CVE-2017-0882

Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC.
* Gitlab Community Edition And Gitlab Enterprise Edition 8.7.0 Through 8.15.7, 8.16.0 Through 8.16.7, 8.17.0 Through 8.17.3Gitlab Gitlab 8.2.0Gitlab Gitlab 8.2.1Gitlab Gitlab 8.2.2Gitlab Gitlab 8.2.3Gitlab Gitlab 8.2.4Gitlab Gitlab 8.2.5Gitlab Gitlab 8.3.0Gitlab Gitlab 8.3.8Gitlab Gitlab 8.3.9Gitlab Gitlab 8.4.0Gitlab Gitlab 8.4.9
6.5
CVSSv3

CVE-2016-9086

GitLab versions 8.9.x and above contain a critical security flaw in the "import/export project" feature of GitLab. Added in GitLab 8.9, this feature allows a user to export and then re-import their projects as tape archive files (tar). All GitLab versions before 8.13.0 ...
Gitlab Gitlab 8.9.0Gitlab Gitlab 8.9.1Gitlab Gitlab 8.9.2Gitlab Gitlab 8.9.3Gitlab Gitlab 8.9.4Gitlab Gitlab 8.9.5Gitlab Gitlab 8.9.6Gitlab Gitlab 8.9.7Gitlab Gitlab 8.9.8Gitlab Gitlab 8.9.9Gitlab Gitlab 8.9.10Gitlab Gitlab 8.9.11
6.8
CVSSv2

CVE-2013-4580

GitLab prior to 5.4.2, Community Edition prior to 6.2.4, and Enterprise Edition prior to 6.2.1, when using a MySQL backend, allows remote malicious users to impersonate arbitrary users and bypass authentication via unspecified API calls.
Gitlab GitlabGitlab Gitlab 0.8.0Gitlab Gitlab 0.9.1Gitlab Gitlab 0.9.4Gitlab Gitlab 0.9.6Gitlab Gitlab 1.0.0Gitlab Gitlab 1.0.1Gitlab Gitlab 1.0.2Gitlab Gitlab 1.1.0Gitlab Gitlab 1.2.0Gitlab Gitlab 1.2.1Gitlab Gitlab 1.2.2
8.8
CVSSv3

CVE-2017-12426

GitLab Community Edition (CE) and Enterprise Edition (EE) prior to 8.17.8, 9.0.x prior to 9.0.13, 9.1.x prior to 9.1.10, 9.2.x prior to 9.2.10, 9.3.x prior to 9.3.10, and 9.4.x prior to 9.4.4 might allow remote malicious users to execute arbitrary code via a crafted SSH URL in a ...
Gitlab GitlabGitlab Gitlab 9.0.0Gitlab Gitlab 9.0.1Gitlab Gitlab 9.0.2Gitlab Gitlab 9.0.3Gitlab Gitlab 9.0.4Gitlab Gitlab 9.0.5Gitlab Gitlab 9.0.6Gitlab Gitlab 9.0.7Gitlab Gitlab 9.0.8Gitlab Gitlab 9.0.9Gitlab Gitlab 9.0.10
8.8
CVSSv3

CVE-2016-4340

The impersonate feature in Gitlab 8.7.0, 8.6.0 up to and including 8.6.7, 8.5.0 up to and including 8.5.11, 8.4.0 up to and including 8.4.9, 8.3.0 up to and including 8.3.8, and 8.2.0 up to and including 8.2.4 allows remote authenticated users to "log in" as any other u...
Gitlab Gitlab 8.2.0Gitlab Gitlab 8.2.1Gitlab Gitlab 8.2.2Gitlab Gitlab 8.2.3Gitlab Gitlab 8.2.4Gitlab Gitlab 8.3.0Gitlab Gitlab 8.3.1Gitlab Gitlab 8.3.2Gitlab Gitlab 8.3.3Gitlab Gitlab 8.3.4Gitlab Gitlab 8.3.5Gitlab Gitlab 8.3.6
6.3
CVSSv3

CVE-2017-11438

GitLab Community Edition (CE) and Enterprise Edition (EE) prior to 9.0.11, 9.1.8, 9.2.8 allow an authenticated user with the ability to create a group to add themselves to any project that is inside a subgroup.
Gitlab Gitlab 9.0.0Gitlab Gitlab 9.0.1Gitlab Gitlab 9.0.2Gitlab Gitlab 9.0.3Gitlab Gitlab 9.0.4Gitlab Gitlab 9.0.5Gitlab Gitlab 9.0.6Gitlab Gitlab 9.0.7Gitlab Gitlab 9.0.8Gitlab Gitlab 9.0.9Gitlab Gitlab 9.0.10Gitlab Gitlab 9.1.0
6.8
CVSSv2

CVE-2013-4581

GitLab 5.0 prior to 5.4.2, Community Edition prior to 6.2.4, Enterprise Edition prior to 6.2.1 and gitlab-shell prior to 1.7.8 allows remote malicious users to execute arbitrary code via a crafted change using SSH.
Gitlab GitlabGitlab Gitlab 0.8.0Gitlab Gitlab 0.9.1Gitlab Gitlab 0.9.4Gitlab Gitlab 0.9.6Gitlab Gitlab 1.0.0Gitlab Gitlab 1.0.1Gitlab Gitlab 1.0.2Gitlab Gitlab 1.1.0Gitlab Gitlab 1.2.0Gitlab Gitlab 1.2.1Gitlab Gitlab 1.2.2
6.5
CVSSv2

CVE-2013-4546

The repository import feature in gitlab-shell prior to 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL.
Gitlab Gitlab 5.0.0Gitlab Gitlab 5.0.1Gitlab Gitlab 5.1.0Gitlab Gitlab 5.2.0Gitlab Gitlab 5.3.0Gitlab Gitlab 5.4.0Gitlab Gitlab 5.4.1Gitlab Gitlab 5.4.2Gitlab Gitlab 6.0.0Gitlab Gitlab 6.1.0Gitlab Gitlab 6.2.0Gitlab Gitlab 6.2.1
6.1
CVSSv3

CVE-2017-8778

GitLab prior to 8.14.9, 8.15.x prior to 8.15.6, and 8.16.x prior to 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document.
Gitlab GitlabGitlab Gitlab 8.15.0Gitlab Gitlab 8.15.1Gitlab Gitlab 8.15.2Gitlab Gitlab 8.15.3Gitlab Gitlab 8.15.4Gitlab Gitlab 8.15.5Gitlab Gitlab 8.16.0Gitlab Gitlab 8.16.1Gitlab Gitlab 8.16.2Gitlab Gitlab 8.16.3Gitlab Gitlab 8.16.4
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-4278updatenavifujitsu client computing limitedCVE-2025-32465CVE-2025-49184ibmCVE-2025-4275file uploadCVE-2025-33073sick agfile inclusionCVE-2025-26383unspecified
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook