CVE-2026-1182

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.14 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to gain unauthorized access to confidential issue title created in public projects under certain circumstances...

pgAdmin 4 Multi‑Target Vulnerability Scanner

This project is a PHP‑based multi‑target vulnerability scanner designed to identify potential exposure to CVE‑2025‑13780 affecting pgAdmin 4 versions 8.14 and below. The tool operates as a heuristic / threat‑intelligence scanner, not an exploit...

CVE-2025-1477

Removed by vendor...

CVE-2025-1477 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 8.14 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an unauthenticated user to create a denial of service condition by sending specially crafted payloads to specific integration API endpoin...

CVE-2019-19311

GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 allows XSS in group and profile fields...

CVE-2024-6678

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, which allows an attacker to trigger a pipeline as an arbitrary user under certain circumstances...

CVE-2024-6678

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, which allows an attacker to trigger a pipeline as an arbitrary user under certain circumstances...

CVE-2024-6678 Authentication Bypass by Spoofing in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, which allows an attacker to trigger a pipeline as an arbitrary user under certain circumstances...

Kibana < 7.17.22 / 8.0.x < 8.14 (ESA-2024-11)

The version of Kibana installed on the remote host is prior to 7.17.22 or 8.14. It is, therefore, affected by a vulnerability as referenced in the ESA-2024-11 advisory. - A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a...

BIT-GITLAB-2020-13355

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14. A path traversal is found in LFS Upload that allows attacker to overwrite certain specific paths on the server. Affected versions are: =8.14, =13.4, =13.5, 13.5.2...

Amazon Linux AMI : amanda (ALAS-2023-1808)

The version of amanda installed on the remote host is prior to 2.6.1p2-8.14. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1808 advisory. An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation...

Code injection

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use...

CVE-2023-3364 Inefficient Regular Expression Complexity in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use...

GitLab Resource Management Error Vulnerability

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A resource management error vulnerability exists in GitLab CE/EE, which stems...

Atlassian Jira 8.14.x < 8.20.0 Multiple Vulnerabilities

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.20.0. It is, therefore, affected by multiple vulnerabilities: - A Insecure Direct Object References IDOR vulnerability which may allow unauthenticated remote attackers to vi...

SUSE CVE-2019-15730

An issue was discovered in GitLab Community and Enterprise Edition 8.14 through 12.2.1. The Jira integration contains a SSRF vulnerability as a result of a bypass of the current protection mechanisms against this type of attack, which would allow sending requests to any resources accessible in th...

Atlassian Jira 8.14.x < 8.20.10 Server-Side Request Forgery

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is 8.0.x prior to 8.13.22, 8.14.x prior to 8.20.10 or 8.21.x prior to 8.21.4. It is, therefore, affected by a vulnerability allowing a remote, authenticated user including a user who join...

Atlassian Jira < 8.13.18 / 8.14.x < 8.20.6 / 8.21.x < 8.22.0 (JRASERVER-73594)

The version of Atlassian Jira installed on the remote host is prior to 8.13.18 / 8.14.x 8.20.6 / 8.21.x 8.22.0. It is, therefore, affected by a vulnerability as referenced in the JRASERVER-73594 advisory. - Affected versions of Atlassian Jira Server and Data Center allow attackers with...

Atlassian Jira 8.14.x < 8.16.1 Arbitrary File Read

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.14, 8.6.x 8.13.6 or 8.14.x 8.16.1. It is, therefore, affected by a path traversal vulnerability in the /WEB-INF/web.xml endpoint allowing remote attackers to read particul...

Atlassian Jira 8.14.x < 8.14.1 Server-Side Request Forgery

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.10, 8.6.x 8.13.2 or 8.14.x 8.14.1. It is, therefore, affected by a Server-Side Request Forgery SSRF vulnerability allowing unexpected DNS lookups and requests to malicious...