Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitlab vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2017-11437
GitLab Enterprise Edition (EE) prior to 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users.
Gitlab Gitlab 8.5.0
Gitlab Gitlab 8.5.1
Gitlab Gitlab 8.5.2
Gitlab Gitlab 8.5.3
Gitlab Gitlab 8.5.4
Gitlab Gitlab 8.5.5
Gitlab Gitlab 8.5.6
Gitlab Gitlab 8.5.7
Gitlab Gitlab 8.5.8
Gitlab Gitlab 8.5.9
Gitlab Gitlab 8.5.10
Gitlab Gitlab 8.5.11
6.3
CVSSv3
CVE-2017-0882
Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on March 20th 2017 at 23:59 UTC.
* Gitlab Community Edition And Gitlab Enterprise Edition 8.7.0 Through 8.15.7, 8.16.0 Through 8.16.7, 8.17.0 Through 8.17.3
Gitlab Gitlab 8.2.0
Gitlab Gitlab 8.2.1
Gitlab Gitlab 8.2.2
Gitlab Gitlab 8.2.3
Gitlab Gitlab 8.2.4
Gitlab Gitlab 8.2.5
Gitlab Gitlab 8.3.0
Gitlab Gitlab 8.3.8
Gitlab Gitlab 8.3.9
Gitlab Gitlab 8.4.0
Gitlab Gitlab 8.4.9
6.5
CVSSv3
CVE-2016-9086
GitLab versions 8.9.x and above contain a critical security flaw in the "import/export project" feature of GitLab. Added in GitLab 8.9, this feature allows a user to export and then re-import their projects as tape archive files (tar). All GitLab versions before 8.13.0 ...
Gitlab Gitlab 8.9.0
Gitlab Gitlab 8.9.1
Gitlab Gitlab 8.9.2
Gitlab Gitlab 8.9.3
Gitlab Gitlab 8.9.4
Gitlab Gitlab 8.9.5
Gitlab Gitlab 8.9.6
Gitlab Gitlab 8.9.7
Gitlab Gitlab 8.9.8
Gitlab Gitlab 8.9.9
Gitlab Gitlab 8.9.10
Gitlab Gitlab 8.9.11
6.8
CVSSv2
CVE-2013-4580
GitLab prior to 5.4.2, Community Edition prior to 6.2.4, and Enterprise Edition prior to 6.2.1, when using a MySQL backend, allows remote malicious users to impersonate arbitrary users and bypass authentication via unspecified API calls.
Gitlab Gitlab
Gitlab Gitlab 0.8.0
Gitlab Gitlab 0.9.1
Gitlab Gitlab 0.9.4
Gitlab Gitlab 0.9.6
Gitlab Gitlab 1.0.0
Gitlab Gitlab 1.0.1
Gitlab Gitlab 1.0.2
Gitlab Gitlab 1.1.0
Gitlab Gitlab 1.2.0
Gitlab Gitlab 1.2.1
Gitlab Gitlab 1.2.2
8.8
CVSSv3
CVE-2017-12426
GitLab Community Edition (CE) and Enterprise Edition (EE) prior to 8.17.8, 9.0.x prior to 9.0.13, 9.1.x prior to 9.1.10, 9.2.x prior to 9.2.10, 9.3.x prior to 9.3.10, and 9.4.x prior to 9.4.4 might allow remote malicious users to execute arbitrary code via a crafted SSH URL in a ...
Gitlab Gitlab
Gitlab Gitlab 9.0.0
Gitlab Gitlab 9.0.1
Gitlab Gitlab 9.0.2
Gitlab Gitlab 9.0.3
Gitlab Gitlab 9.0.4
Gitlab Gitlab 9.0.5
Gitlab Gitlab 9.0.6
Gitlab Gitlab 9.0.7
Gitlab Gitlab 9.0.8
Gitlab Gitlab 9.0.9
Gitlab Gitlab 9.0.10
8.8
CVSSv3
CVE-2016-4340
The impersonate feature in Gitlab 8.7.0, 8.6.0 up to and including 8.6.7, 8.5.0 up to and including 8.5.11, 8.4.0 up to and including 8.4.9, 8.3.0 up to and including 8.3.8, and 8.2.0 up to and including 8.2.4 allows remote authenticated users to "log in" as any other u...
Gitlab Gitlab 8.2.0
Gitlab Gitlab 8.2.1
Gitlab Gitlab 8.2.2
Gitlab Gitlab 8.2.3
Gitlab Gitlab 8.2.4
Gitlab Gitlab 8.3.0
Gitlab Gitlab 8.3.1
Gitlab Gitlab 8.3.2
Gitlab Gitlab 8.3.3
Gitlab Gitlab 8.3.4
Gitlab Gitlab 8.3.5
Gitlab Gitlab 8.3.6
1 EDB exploit
6.3
CVSSv3
CVE-2017-11438
GitLab Community Edition (CE) and Enterprise Edition (EE) prior to 9.0.11, 9.1.8, 9.2.8 allow an authenticated user with the ability to create a group to add themselves to any project that is inside a subgroup.
Gitlab Gitlab 9.0.0
Gitlab Gitlab 9.0.1
Gitlab Gitlab 9.0.2
Gitlab Gitlab 9.0.3
Gitlab Gitlab 9.0.4
Gitlab Gitlab 9.0.5
Gitlab Gitlab 9.0.6
Gitlab Gitlab 9.0.7
Gitlab Gitlab 9.0.8
Gitlab Gitlab 9.0.9
Gitlab Gitlab 9.0.10
Gitlab Gitlab 9.1.0
6.8
CVSSv2
CVE-2013-4581
GitLab 5.0 prior to 5.4.2, Community Edition prior to 6.2.4, Enterprise Edition prior to 6.2.1 and gitlab-shell prior to 1.7.8 allows remote malicious users to execute arbitrary code via a crafted change using SSH.
Gitlab Gitlab
Gitlab Gitlab 0.8.0
Gitlab Gitlab 0.9.1
Gitlab Gitlab 0.9.4
Gitlab Gitlab 0.9.6
Gitlab Gitlab 1.0.0
Gitlab Gitlab 1.0.1
Gitlab Gitlab 1.0.2
Gitlab Gitlab 1.1.0
Gitlab Gitlab 1.2.0
Gitlab Gitlab 1.2.1
Gitlab Gitlab 1.2.2
6.5
CVSSv2
CVE-2013-4546
The repository import feature in gitlab-shell prior to 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL.
Gitlab Gitlab 5.0.0
Gitlab Gitlab 5.0.1
Gitlab Gitlab 5.1.0
Gitlab Gitlab 5.2.0
Gitlab Gitlab 5.3.0
Gitlab Gitlab 5.4.0
Gitlab Gitlab 5.4.1
Gitlab Gitlab 5.4.2
Gitlab Gitlab 6.0.0
Gitlab Gitlab 6.1.0
Gitlab Gitlab 6.2.0
Gitlab Gitlab 6.2.1
6.1
CVSSv3
CVE-2017-8778
GitLab prior to 8.14.9, 8.15.x prior to 8.15.6, and 8.16.x prior to 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document.
Gitlab Gitlab
Gitlab Gitlab 8.15.0
Gitlab Gitlab 8.15.1
Gitlab Gitlab 8.15.2
Gitlab Gitlab 8.15.3
Gitlab Gitlab 8.15.4
Gitlab Gitlab 8.15.5
Gitlab Gitlab 8.16.0
Gitlab Gitlab 8.16.1
Gitlab Gitlab 8.16.2
Gitlab Gitlab 8.16.3
Gitlab Gitlab 8.16.4
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-4278
updatenavi
fujitsu client computing limited
CVE-2025-32465
CVE-2025-49184
ibm
CVE-2025-4275
file upload
CVE-2025-33073
sick ag
file inclusion
CVE-2025-26383
unspecified
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »