Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

GitLab — Vulnerabilities & Security Advisories 1012

Browse all 1012 CVE security advisories affecting GitLab. AI-powered Chinese analysis, POCs, and references for each vulnerability.

GitLab operates as a comprehensive DevOps platform, providing version control, continuous integration, and deployment capabilities primarily for software development teams. With over one thousand recorded CVEs, the software has historically been susceptible to critical vulnerability classes, including remote code execution, cross-site scripting, and privilege escalation attacks. These flaws often stem from complex integrations and API endpoints, allowing attackers to bypass authentication or execute arbitrary commands on affected servers. Notable incidents have included unauthorized access to private repositories and data exfiltration due to improper access controls. The high volume of vulnerabilities reflects the platform’s extensive feature set and frequent updates, necessitating rigorous patch management. Security assessments consistently highlight the importance of configuring secure defaults and monitoring for known exploit patterns to mitigate risks associated with its broad attack surface.

Top products by GitLab: GitLab GitLab CE/EE GitLab Community and Enterprise Editions GitLab EE GitLab Runner gitlab-vscode-extension DAST GitLab Community Edition and GitLab Enterprise Edition Gitaly GitLab Pages DAST API scanner GitLab DAST API scanner GitLab VSCode Fork GitLab Language Server GitLab AI Gateway
CVE IDTitleCVSSSeverityPublished
CVE-2024-2743 Incorrect Authorization in GitLab — GitLabCWE-863 5.3 Medium2024-09-12
CVE-2024-4612 URL Redirection to Untrusted Site ('Open Redirect') in GitLab — GitLabCWE-601 6.4 Medium2024-09-12
CVE-2024-4660 Missing Authorization in GitLab — GitLabCWE-862 6.5 Medium2024-09-12
CVE-2024-5435 Generation of Error Message Containing Sensitive Information in GitLab — GitLabCWE-209 4.5 Medium2024-09-12
CVE-2024-6446 Business Logic Errors in GitLab — GitLabCWE-840 3.5 Low2024-09-12
CVE-2024-6389 Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab — GitLabCWE-497 4.3 Medium2024-09-12
CVE-2024-8124 Inefficient Regular Expression Complexity in GitLab — GitLabCWE-1333 7.5 High2024-09-12
CVE-2024-8640 Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab — GitLabCWE-77 8.5 High2024-09-12
CVE-2024-3127 Improper Access Control in GitLab — GitLabCWE-284 4.3 Medium2024-08-22
CVE-2024-6502 Incorrect Provision of Specified Functionality in GitLab — GitLabCWE-684 5.7 Medium2024-08-22
CVE-2024-7110 Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab — GitLabCWE-77 6.4 Medium2024-08-22
CVE-2024-8041 Uncontrolled Resource Consumption in GitLab — GitLabCWE-400 6.5 Medium2024-08-22
CVE-2024-2800 Uncontrolled Resource Consumption in GitLab — GitLabCWE-1333 6.5 Medium2024-08-08
CVE-2024-3035 Authorization Bypass Through User-Controlled Key in GitLab — GitLabCWE-639 6.8 Medium2024-08-08
CVE-2024-3114 Uncontrolled Resource Consumption in GitLab — GitLabCWE-1333 4.3 Medium2024-08-08
CVE-2024-3958 Improper Control of Generation of Code ('Code Injection') in GitLab — GitLabCWE-94 5.3 Medium2024-08-08
CVE-2024-4207 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLabCWE-79 4.4 Medium2024-08-08
CVE-2024-5423 Uncontrolled Resource Consumption in GitLab — GitLabCWE-400 6.5 Medium2024-08-08
CVE-2024-7554 Exposure of Sensitive Information to an Unauthorized Actor in GitLab — GitLabCWE-200 4.9 Medium2024-08-08
CVE-2024-7610 Uncontrolled Resource Consumption in GitLab — GitLabCWE-400 4.3 Medium2024-08-08
CVE-2024-4210 Uncontrolled Resource Consumption in GitLab — GitLabCWE-400 6.5 Medium2024-08-08
CVE-2024-4784 Authentication Bypass by Primary Weakness in GitLab — GitLabCWE-305 4.2 Medium2024-08-08
CVE-2024-6329 Improper Encoding or Escaping of Output in GitLab — GitLabCWE-116 5.7 Medium2024-08-08
CVE-2024-7057 Improper Access Control in GitLab — GitLabCWE-284 4.3 Medium2024-07-25
CVE-2024-7047 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLabCWE-79 7.7 High2024-07-25
CVE-2024-0231 Improper Control of Resource Identifiers ('Resource Injection') in GitLab — GitLabCWE-99 2.7 Low2024-07-24
CVE-2024-5067 Exposure of Sensitive Information to an Unauthorized Actor in GitLab — GitLabCWE-200 4.4 Medium2024-07-24
CVE-2024-7060 Exposure of Sensitive Information to an Unauthorized Actor in GitLab — GitLabCWE-200 2.6 Low2024-07-24
CVE-2024-7091 Exposure of Sensitive Information to an Unauthorized Actor in GitLab — GitLabCWE-200 4.1 Medium2024-07-24
CVE-2024-6595 Uncontrolled Search Path Element in GitLab — GitLabCWE-451 3.0 Low2024-07-17

This page lists every published CVE security advisory associated with GitLab. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.