Vulnerabilities in GitLab

1,068 results

Vexday analysis

Com 1.068 CVEs catalogadas e 78 novas surgidas nos últimos 90 dias, o GitLab apresenta um volume de vulnerabilidades que exige monitoramento contínuo. A taxa de exploração ativa está abaixo da média geral do catálogo KEV, com 4 CVEs confirmadas em uso por agentes de ameaça, mas a presença de 83 vulnerabilidades com prova de conceito pública e 24 de severidade crítica amplia consideravelmente a superfície de risco. O destaque mais preocupante é CVE-2021-22205, atualmente a CVE mais perigosa em exploração ativa, com EPSS de 0,9973 — valor que indica probabilidade altíssima de exploração —, e cuja falha de tipo mais recorrente na plataforma, CWE-770 (alocação de recursos sem limites adequados), sugere atenção redobrada a controles de validação de entrada e gestão de recursos. Equipes de segurança devem priorizar a remediação das CVEs com PoC disponível e manter rastreamento próximo das novas emissões, dado o ritmo relevante de descobertas recentes.

CVE-2021-39899LOWIn all versions of GitLab CE/EE, an attacker with physical access to a user’s machine may brute force the user’s password via the change pasEPSS 0.2%CVE-2025-0362MEDIUMImproper Restriction of Rendered UI Layers or Frames in GitLabEPSS 0.2%CVE-2026-10087HIGHImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLabEPSS 0.2%CVE-2026-9204MEDIUMServer-Side Request Forgery (SSRF) in GitLabEPSS 0.2%CVE-2025-5195MEDIUMAuthorization Bypass Through User-Controlled Key in GitLabEPSS 0.2%CVE-2026-0602MEDIUMAuthentication Bypass Using an Alternate Path or Channel in GitLabEPSS 0.2%CVE-2025-12555MEDIUMIncorrect Authorization in GitLabEPSS 0.2%CVE-2026-2601MEDIUMMissing Authorization in GitLabEPSS 0.2%CVE-2025-7736LOWIncorrect Authorization in GitLabEPSS 0.2%CVE-2025-10868LOWBusiness Logic Errors in GitLabEPSS 0.2%CVE-2024-9773LOWImproper Neutralization of Special Elements used in a Command ('Command Injection') in GitLabEPSS 0.2%CVE-2025-1198MEDIUMInsufficient Session Expiration in GitLabEPSS 0.2%CVE-2026-3553LOWIncorrect Authorization in GitLabEPSS 0.2%CVE-2024-10307MEDIUMAllocation of Resources Without Limits or Throttling in GitLabEPSS 0.2%CVE-2025-4439HIGHImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLabEPSS 0.2%CVE-2025-6945LOWImproper Neutralization of Special Elements used in a Command ('Command Injection') in GitLabEPSS 0.2%CVE-2025-1754MEDIUMMissing Authentication for Critical Function in GitLabEPSS 0.2%CVE-2026-2238MEDIUMMissing Authorization in GitLabEPSS 0.2%CVE-2026-10086HIGHImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLabEPSS 0.2%CVE-2025-6171MEDIUMMissing Authorization in GitLabEPSS 0.2%

← previouspage 49 / 54next →