CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

GitLab CE/EE is affected by CVE-2025-7001: versions 15.0–before 18.0.5, 18.1–before 18.1.3, and 18.2–before 18.2.1 expose a vulnerability where privileged users can access certain resource_group information via the API that should be unavailable. Root cause: insufficient access control granularit...

4.3CVSS5.7AI score0.00383EPSS

Exploits0References2Affected Software1

Tenable Nessus•added 2025/07/10 12:0 a.m.•5 views

GitLab 18.0 < 18.0.4 / 18.1 < 18.1.2 (CVE-2025-4972)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated users with invitation privileges to bypass...

2.7CVSS5.6AI score0.00316EPSS

Exploits0References4

RedhatCVE•added 2025/05/23 9:52 a.m.•6 views

CVE-2024-3958

An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into...

6.5CVSS6.4AI score0.00301EPSS

Exploits0

RedhatCVE•added 2025/05/23 9:52 a.m.•6 views

CVE-2024-6329

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which causes the web interface to fail to render the diff correctly when the path is encoded...

7.5CVSS6.4AI score0.00371EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 7:59 a.m.•17 views

CVE-2024-6446

An issue has been discovered in GitLab affecting all versions starting from 17.1 to 17.1.7, 17.2 prior to 17.2.5 and 17.3 prior to 17.3.2. A crafted URL could be used to trick a victim to trust an attacker controlled application...

3.5CVSS6.3AI score0.00383EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 7:35 a.m.•5 views

CVE-2024-13041

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. When a user is created via the SAML provider, the external groups setting overrides the external provider configuration. A...

5.4CVSS4AI score0.00272EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 12:6 a.m.•10 views

CVE-2022-4289

An issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions of 15.8 before 15.8.4, and version 15.9 before 15.9.2. Google IAP details in Prometheus integration were not hidden, could be leaked from instance, group, or project settings to other users...

6.4CVSS6.4AI score0.0069EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 10:46 p.m.•14 views

CVE-2022-2459

An issue has been discovered in GitLab EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for email invited members to join a project even after the Group Owner has enabled the setting to preven...

2.7CVSS6.4AI score0.00669EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by