Vulnerabilities in GitLab
1,068 resultsCVE-2023-1204MEDIUMAn issue has been discovered in GitLab CE/EE affecting all versions starting from 10.1 before 15.10.8, all versions starting from 15.11 befoEPSS 0.5%CVE-2020-13336MEDIUMAn issue has been discovered in GitLab affecting versions from 11.8 before 12.10.13. GitLab was vulnerable to a stored XSS by in the error tEPSS 0.5%CVE-2024-3092HIGHImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLabEPSS 0.5%CVE-2023-1210LOWGeneration of Error Message Containing Sensitive Information in GitLabEPSS 0.5%CVE-2023-4812HIGHIncorrect Authorization in GitLabEPSS 0.5%CVE-2023-1936LOWExposure of Private Personal Information to an Unauthorized Actor in GitLabEPSS 0.5%CVE-2022-3706LOWImproper authorization in GitLab CE/EE affecting all versions from 7.14 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 alloEPSS 0.5%CVE-2025-9642HIGHImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLabEPSS 0.5%CVE-2023-6502MEDIUMInefficient Regular Expression Complexity in GitLabEPSS 0.5%CVE-2022-3031LOWAn issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versioEPSS 0.5%CVE-2021-22243MEDIUMUnder specialized conditions, GitLab CE/EE versions starting 7.10 may allow existing GitLab users to use an invite URL meant for another emaEPSS 0.5%CVE-2024-11669MEDIUMIncorrect Authorization in GitLabEPSS 0.5%CVE-2024-4210MEDIUMUncontrolled Resource Consumption in GitLabEPSS 0.5%CVE-2023-4379HIGHIncorrect Authorization in GitLabEPSS 0.5%CVE-2022-3293LOWEmail addresses were leaked in WebHook logs in GitLab EE affecting all versions from 9.3 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 priEPSS 0.5%CVE-2025-12029HIGHImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLabEPSS 0.5%CVE-2023-3401MEDIUMImproper Control of Generation of Code ('Code Injection') in GitLabEPSS 0.5%CVE-2026-1868CRITICALImproper Neutralization of Special Elements Used in a Template Engine in GitLab AI GatewayEPSS 0.5%CVE-2023-3484HIGHIncorrect Authorization in GitLabEPSS 0.5%CVE-2025-1072MEDIUMAllocation of Resources Without Limits or Throttling in GitLabEPSS 0.5%