Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

421 matches found

OSV
OSVadded 2024/03/06 11:9 a.m.23 views

BIT-GITLAB-2023-2069

An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user with the role of developer could use the import project feature to leak CI/CD variables...

6.4CVSS5AI score0.00811EPSS
Exploits0References4
OSV
OSVadded 2024/03/06 11:1 a.m.18 views

BIT-GITLAB-2023-3979 Incorrect Authorization in GitLab

An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that upstream members to collaborate with you on your branch get permission to write to the...

4.3CVSS4.2AI score0.00399EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2024/02/21 11:30 p.m.19 views

CVE-2024-1451 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.1. A crafted payload added to the user profile page could lead to a stored XSS on the client side, allowing attackers to perform arbitrary actions on behalf of victims."...

8.7CVSS5.8AI score0.51467EPSS
Exploits0References2
Cvelist
Cvelistadded 2024/01/26 2:2 a.m.18 views

CVE-2023-6159 Inefficient Regular Expression Complexity in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 12.7 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 It was possible for an attacker to trigger a Regular Expression Denial of Service via a Cargo.toml containing maliciously crafted input...

6.5CVSS6.5AI score0.00987EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2024/01/26 1:2 a.m.5 views

CVE-2024-0402 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace...

9.9CVSS6.5AI score0.03302EPSS
Exploits0References2
CNNVD
CNNVDadded 2024/01/12 12:0 a.m.3 views

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab that stems from an incorrect...

8.8CVSS7.1AI score0.00829EPSS
Exploits0References4
CNNVD
CNNVDadded 2023/12/15 12:0 a.m.2 views

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. GitLab suffers from a security vulnerability that stems from the fact that...

3.5CVSS7AI score0.00395EPSS
Exploits0References3
CNNVD
CNNVDadded 2023/12/01 12:0 a.m.2 views

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab, which stems from the possibility of...

3.1CVSS6.9AI score0.00382EPSS
Exploits0References2
CNNVD
CNNVDadded 2023/11/01 12:0 a.m.2 views

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab that stems from allowing users to...

6.5CVSS7AI score0.00373EPSS
Exploits0References4
CVE
CVEadded 2023/08/30 7:1 a.m.334 views

CVE-2023-4522

CVE-2023-4522 affects GitLab versions before 16.2.0. The issue causes 500 errors when viewing commits that include directories containing a line feed (LF) character. The description in the connected sources confirms the vulnerable condition but does not provide a confirmed fix in the supplied doc...

5.3CVSS4.8AI score0.00935EPSS
Exploits1References3Affected Software1
CNNVD
CNNVDadded 2023/08/30 12:0 a.m.14 views

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab, which stems from the fact that...

5.3CVSS5.7AI score0.00935EPSS
Exploits1References3
Veracode
Veracodeadded 2023/08/06 9:2 p.m.23 views

Improper Authorization

gitlab is vulnerable to Improper Authorization. The vulnerability exists because of not verifying proper access rights to import members from a target project which allows an attacker to perform unauthorized actions...

4.3CVSS6.7AI score0.00949EPSS
Exploits0References4Affected Software1
CNNVD
CNNVDadded 2023/08/03 12:0 a.m.3 views

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab CE/EE, which stems from a...

9.8CVSS7AI score0.00605EPSS
Exploits0References2
Veracode
Veracodeadded 2023/07/23 12:36 p.m.13 views

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability exists due to the lack of permission checks in the library, which allows guest users to read a todo targeting an inaccessible note...

4.3CVSS6.5AI score0.00536EPSS
Exploits0References3Affected Software1
CNNVD
CNNVDadded 2023/06/28 12:0 a.m.4 views

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab that stems from allowing the...

6.4CVSS6AI score0.00605EPSS
Exploits1References4
CNNVD
CNNVDadded 2023/06/06 12:0 a.m.3 views

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab CE/EE that stems from a...

7.5CVSS7.2AI score0.01325EPSS
Exploits0References5
Prion
Prionadded 2023/05/03 10:15 p.m.19 views

Code injection

An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. File integrity may be compromised when source code or installation packages are pulled from a tag or from a...

3.5CVSS5.7AI score0.00894EPSS
Exploits0References3Affected Software1
CNNVD
CNNVDadded 2023/05/03 12:0 a.m.3 views

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. GitLab suffers from a security vulnerability that stems from the possibility...

8.1CVSS7.7AI score0.00829EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2023/04/15 12:0 a.m.7 views

CVE-2018-17455

An issue was discovered in GitLab Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers could obtain sensitive information about group names, avatars, LDAP settings, and descriptions via an insecure direct object reference to the "merge request approvals"...

6AI score0.00621EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2023/04/15 12:0 a.m.4 views

CVE-2019-14942

An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Cookies for GitLab Pages which have access control could be sent over cleartext HTTP...

5.5AI score0.00456EPSS
Exploits0References3
Rows per page
Query Builder