Vulnerabilities in GitLab
1,068 resultsCVE-2024-1736MEDIUMUncontrolled Resource Consumption in GitLabEPSS 0.6%CVE-2025-13761HIGHImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLabEPSS 0.6%CVE-2025-8014HIGHAllocation of Resources Without Limits or Throttling in GitLabEPSS 0.6%CVE-2021-22239MEDIUMAn unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later.EPSS 0.6%CVE-2021-39927LOWServer side request forgery protections in GitLab CE/EE versions between 8.4 and 14.4.4, between 14.5.0 and 14.5.2, and between 14.6.0 and 1EPSS 0.6%CVE-2025-11702HIGHMissing Authorization in GitLabEPSS 0.6%CVE-2024-8177MEDIUMInefficient Algorithmic Complexity in GitLabEPSS 0.6%CVE-2023-0483MEDIUMAn issue has been discovered in GitLab affecting all versions starting from 12.1 before 15.7.8, all versions starting from 15.8 before 15.8.EPSS 0.6%CVE-2023-3915MEDIUMIncorrect Execution-Assigned Permissions in GitLabEPSS 0.6%CVE-2022-3030MEDIUMAn improper access control issue in GitLab CE/EE affecting all versions starting before 15.1.6, all versions from 15.2 before 15.2.4, all veEPSS 0.6%CVE-2023-1167MEDIUMImproper authorization in Gitlab EE affecting all versions from 12.3.0 before 15.8.5, all versions starting from 15.9 before 15.9.4, all verEPSS 0.6%CVE-2023-6840MEDIUMMissing Authorization in GitLabEPSS 0.6%CVE-2021-22211LOWAn issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7. GitLab Dependency Proxy, under certain circumstancesEPSS 0.6%CVE-2021-39882MEDIUMIn all versions of GitLab CE/EE, provided a user ID, anonymous users can use a few endpoints to retrieve information about any GitLab user.EPSS 0.6%CVE-2025-10858HIGHAllocation of Resources Without Limits or Throttling in GitLabEPSS 0.6%CVE-2023-6033HIGHImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLabEPSS 0.6%CVE-2023-5995MEDIUMIncorrect Authorization in GitLabEPSS 0.6%CVE-2022-1999LOWAn issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1EPSS 0.6%CVE-2024-8635HIGHServer-Side Request Forgery (SSRF) in GitLabEPSS 0.6%CVE-2021-22225MEDIUMInsufficient input sanitization in markdown in GitLab version 13.11 and up allows an attacker to exploit a stored cross-site scripting vulneEPSS 0.6%