CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In all versions of GitLab CE/EE since version 8.12, an authenticated low-privileged malicious user may create a project with unlimited repository size by...

4.3CVSS5AI score0.00293EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 3:2 a.m.•1 views

CVE-2023-1825

An issue has been discovered in GitLab EE affecting all versions starting from 15.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. It was possible to disclose issue notes to an unauthorized user at project export...

4.3CVSS6.8AI score0.00303EPSS

Exploits0References1

Vulnrichment•added 2025/02/14 4:50 p.m.•8 views

CVE-2025-25295 Label Studio has a Path Traversal Vulnerability via image Field

Label Studio is an open source data labeling tool. A path traversal vulnerability in Label Studio SDK versions prior to 1.0.10 allows unauthorized file access outside the intended directory structure. The flaw exists in the VOC, COCO and YOLO export functionalities. These functions invoke a...

8.7CVSS5.9AI score0.00132EPSS

Exploits0References2

CVE•added 2024/07/24 10:7 p.m.•162 views

CVE-2024-7060

CVE-2024-7060 is an information disclosure vulnerability in GitLab CE/EE related to project/group exports. Affected versions include 15.4 up to 17.0.5, 17.1 up to 17.1.3, and 17.2 up to 17.2.1, where unauthorized users could view the resulting export. The issue is rooted in the export mechanism a...

6.5CVSS3.2AI score0.00063EPSS

Exploits0References1Affected Software1

OSV•added 2024/03/06 11:18 a.m.•15 views

BIT-GITLAB-2021-39868

In all versions of GitLab CE/EE since version 8.12, an authenticated low-privileged malicious user may create a project with unlimited repository size by modifying values in a project export...

4.3CVSS4.6AI score0.00293EPSS

Exploits0References4

OSV•added 2024/03/06 11:18 a.m.•14 views

BIT-GITLAB-2021-39898

In all versions of GitLab CE/EE since version 10.6, a project export leaks the external webhook token value which may allow access to the project which it was exported from...

5.3CVSS5.3AI score0.00301EPSS

Exploits0References4

OSV•added 2024/03/06 11:10 a.m.•13 views

BIT-GITLAB-2023-1825 Insertion of Sensitive Information Into Sent Data in GitLab

4.3CVSS4.2AI score0.00303EPSS

Exploits0References3

Tenable Nessus•added 2024/01/03 12:0 a.m.•17 views

GitLab 10.6 < 14.1.7 / 14.2 < 14.2.5 / 14.3 < 14.3.1 (CVE-2021-39898)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - In all versions of GitLab CE/EE since version 10.6, a project export leaks the external webhook token value which may allow access to the project which it was exported from. CVE-2021-39898 Note that...

5.3CVSS5.7AI score0.00301EPSS

Exploits0References4

Tenable Nessus•added 2024/01/03 12:0 a.m.•21 views

GitLab 8.0 < 14.1.7 / 14.2 < 14.2.5 / 14.3 < 14.3.1 (CVE-2021-39895)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - In all versions of GitLab CE/EE since version 8.0, an attacker can set the pipeline schedules to be active in a project export so when an unsuspecting owner imports that project, pipelines are active ...

6CVSS5.4AI score0.00281EPSS

Exploits0References4

Veracode•added 2023/10/08 4:39 a.m.•18 views

Information Disclosure

gitlab is vulnerable to Information Disclosure. A path traversal vulnerability in the importproject function allows a remote attacker to access and read unrelated files on the GitLab server by uploading a specially crafted project export file...

6.5CVSS6.4AI score0.00098EPSS

Exploits0References3Affected Software1

ATTACKERKB•added 2023/06/07 5:15 p.m.•3 views

CVE-2023-1825

4.3CVSS5.7AI score0.00303EPSS

Exploits0References3Affected Software1

NVD•added 2023/06/07 5:15 p.m.•19 views

CVE-2023-1825

4.3CVSS3.9AI score0.00303EPSS

Exploits0References2

Vulnrichment•added 2023/06/07 12:0 a.m.•6 views

CVE-2023-1825 Insertion of Sensitive Information Into Sent Data in GitLab

3.1CVSS6.3AI score0.00303EPSS

Exploits0References2

CVE•added 2023/06/07 12:0 a.m.•83 views

CVE-2023-1825

CVE-2023-1825 affects GitLab EE, with a vulnerability that allowed disclosure of issue notes to unauthorized users during project export in multiple release lines (15.7–15.10.7, 15.11.0–15.11.6, 16.0.0–16.0.1). The underlying issue is the exposure of issue notes when exporting a project, enabling...

4.3CVSS4.3AI score0.00303EPSS

Exploits0References2Affected Software1