BIT-GITLAB-2025-12669 Improper Control of Generation of Code ('Code Injection') in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to inject HTML and JavaScript into email notifications sent to other users due to improper input sanitizatio...

CVE-2025-12669

GitLab CVE-2025-12669 affects GitLab CE/EE versions 15.11 up to before 18.9.7, 18.10 up to before 18.10.6, and 18.11 up to before 18.11.3. The issue arises from improper input sanitization, allowing an authenticated user to inject HTML and JavaScript into email notifications sent to other users. ...

EUVD-2023-24027

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-10383

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and...

Linux Distros Unpatched Vulnerability : CVE-2023-2199

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.0 before 15.10.8, all versions starting from 15.11 before 15.11.7, all...

Linux Distros Unpatched Vulnerability : CVE-2022-4376

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11...

Linux Distros Unpatched Vulnerability : CVE-2023-1265

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions...

Linux Distros Unpatched Vulnerability : CVE-2023-6386

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A denial of service vulnerability was identified in GitLab CE/EE, affecting all versions from 15.11 prior to 16.6.7, 16.7 prior to 16.7.5 and 16.8 prior to 16.8...

CVE-2023-3210

An issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. An authenticated user could trigger a denial of service when importing or cloning malicious content...

UBUNTU-CVE-2024-9870

An external service interaction vulnerability in GitLab EE affecting all versions from 15.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send requests from the GitLab server to unintended services...

CVE-2024-9870

Removed by vendor...

GitLab: IDOR Exposes All Machine Learning Models

The vulnerability allows an attacker to access any Machine Learning Model Registry in GitLab, including private models, by guessing the incremental model IDs. The attacker can also access different versions of the models. This vulnerability was present in GitLab versions 15.11 and 16.2...

BIT-GITLAB-2024-4835 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

A XSS condition exists within GitLab in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this condition, an attacker can craft a malicious page to exfiltrate sensitive user information...

GitLab 15.11 < 16.10.6 / 16.11 < 16.11.3 / 17.0 < 17.0.1 (CVE-2024-4835)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A XSS condition exists within GitLab in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this condition, an attacker can craft a malicious page to exfiltrate...

PT-2024-4401 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 15.11 through 16.10.5 GitLab versions 16.11 through 16.11.2 GitLab versions 17.0 through 17.0.0 Description: A cross-site scripting XSS condition exists within GitLab. By leveraging this condition, an attacker can craft a...

GitLab 11.9 < 15.9.6 / 15.10 < 15.10.5 / 15.11 < 15.11.1 (CVE-2023-1265)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab CE/EE, which stems from a pin endpoi...

CVE-2024-2454 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. The pins endpoint is susceptible to DoS through a crafted request...

PT-2024-20438 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.11 through 16.9.7 GitLab CE/EE versions 16.10 through 16.10.5 GitLab CE/EE versions 16.11 through 16.11.2 Description: An issue has been discovered in GitLab CE/EE where the "pins endpoint" is susceptible to a Denial ...

BIT-GITLAB-2023-3210 Inefficient Regular Expression Complexity in GitLab

An issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. An authenticated user could trigger a denial of service when importing or cloning malicious content...