CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

421 matches found

OSV•added 2026/06/12 9:4 a.m.•8 views

BIT-GITLAB-2026-6277 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 13.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with Security Manager-role permissions to manage project security configuration even whe...

4.3CVSS5.4AI score0.00182EPSS

Exploits0References4

RedhatCVE•added 2026/06/05 7:45 p.m.•7 views

CVE-2026-4916

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with custom role permissions to demote or remove higher-privileged group members due to improper authorization...

2.7CVSS5.5AI score0.00348EPSS

Exploits0References1

RedhatCVE•added 2026/05/15 7:57 a.m.•8 views

CVE-2026-7377

GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary JavaScript in the context of other users' browsers d...

8.7CVSS6.1AI score0.00256EPSS

Exploits0References1

CNNVD•added 2026/04/08 12:0 a.m.•5 views

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. There is a security vulnerability in GitLab, which stems from improper...

2.7CVSS5.9AI score0.00348EPSS

Exploits0References3

RedhatCVE•added 2026/01/09 10:10 a.m.•6 views

CVE-2019-11547

An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has Improper Encoding or Escaping of Output. The branch name on new merge request notification emails isn't escaped, which could potentially lead to XSS issues...

6.1CVSS5.8AI score0.01139EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:53 a.m.•6 views

CVE-2020-10952

GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images...

6.5CVSS6.6AI score0.00748EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:50 a.m.•6 views

CVE-2020-10078

GitLab 12.1 through 12.8.1 allows XSS. The merge request submission form was determined to have a stored cross-site scripting vulnerability...

6.1CVSS5.8AI score0.00691EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:25 a.m.•5 views

CVE-2023-4895

An issue has been discovered in GitLab EE affecting all versions starting from 12.0 to 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. This vulnerability allows for bypassing the 'group ip restriction' settings to access environment details of...

4.3CVSS6.5AI score0.00376EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:19 a.m.•4 views

CVE-2021-22187

An issue has been discovered in GitLab affecting all versions of Gitlab EE/CE before 13.6.7. A potential resource exhaustion issue that allowed running or pending jobs to continue even after project was deleted...

4.3CVSS6.4AI score0.01038EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:19 a.m.•9 views

CVE-2021-22198

An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 and above allowing an authenticated user to delete incident metric images of public projects...

4.3CVSS6.3AI score0.01077EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:49 a.m.•15 views

CVE-2021-22203

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7.9 before 13.8.7, all versions starting from 13.9 before 13.9.5, and all versions starting from 13.10 before 13.10.1. A specially crafted Wiki page allowed attackers to read arbitrary files on the server...

9.8CVSS6.4AI score0.01388EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:54 a.m.•10 views

CVE-2025-1540

An issue has been discovered in GitLab CE/EE for Self-Managed and Dedicated instances affecting all versions from 17.5 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2. It was possible for a user added as an External to read and clone internal projects under certain circumstances."...

4.2CVSS6.4AI score0.0022EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:28 a.m.•6 views

CVE-2019-12433

An issue was discovered in GitLab Community and Enterprise Edition 11.7 through 11.11. It has Improper Input Validation. Restricted visibility settings allow creating internal projects in private groups, leading to multiple permission issues...

5.3CVSS6.5AI score0.00819EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:9 a.m.•11 views

CVE-2024-2878

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible for an attacker to cause a denial of service by crafting unusual search terms for branch names...

7.5CVSS6.3AI score0.17649EPSS

Exploits0References1

Cvelist•added 2025/12/11 4:4 a.m.•27 views

CVE-2025-11984 Authentication Bypass Using an Alternate Path or Channel in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to bypass WebAuthn two-factor authentication by manipulating the session state under certain conditions...

6.8CVSS0.00274EPSS

Exploits0References3