Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

GitLab — Vulnerabilities & Security Advisories 1012

Browse all 1012 CVE security advisories affecting GitLab. AI-powered Chinese analysis, POCs, and references for each vulnerability.

GitLab operates as a comprehensive DevOps platform, providing version control, continuous integration, and deployment capabilities primarily for software development teams. With over one thousand recorded CVEs, the software has historically been susceptible to critical vulnerability classes, including remote code execution, cross-site scripting, and privilege escalation attacks. These flaws often stem from complex integrations and API endpoints, allowing attackers to bypass authentication or execute arbitrary commands on affected servers. Notable incidents have included unauthorized access to private repositories and data exfiltration due to improper access controls. The high volume of vulnerabilities reflects the platform’s extensive feature set and frequent updates, necessitating rigorous patch management. Security assessments consistently highlight the importance of configuring secure defaults and monitoring for known exploit patterns to mitigate risks associated with its broad attack surface.

Top products by GitLab: GitLab GitLab CE/EE GitLab Community and Enterprise Editions GitLab EE GitLab Runner gitlab-vscode-extension DAST GitLab Community Edition and GitLab Enterprise Edition Gitaly GitLab Pages DAST API scanner GitLab DAST API scanner GitLab VSCode Fork GitLab Language Server GitLab AI Gateway
CVE IDTitleCVSSSeverityPublished
CVE-2024-2454 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 6.5 Medium2024-05-09
CVE-2024-2651 Inefficient Regular Expression Complexity in GitLab — GitLabCWE-1333 6.5 Medium2024-05-09
CVE-2024-4539 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 4.3 Medium2024-05-09
CVE-2024-4597 Cross-Site Request Forgery (CSRF) in GitLab — GitLabCWE-352 5.7 Medium2024-05-09
CVE-2024-4024 Authentication Bypass by Assumed-Immutable Data in GitLab — GitLabCWE-302 7.3 High2024-04-25
CVE-2024-4006 Incorrect Authorization in GitLab — GitLabCWE-863 4.3 Medium2024-04-25
CVE-2024-1347 Authentication Bypass by Spoofing in GitLab — GitLabCWE-290 4.3 Medium2024-04-25
CVE-2024-2434 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLab — GitLabCWE-22 8.5 High2024-04-25
CVE-2024-2829 Inefficient Regular Expression Complexity in GitLab — GitLabCWE-1333 7.5 High2024-04-25
CVE-2023-6489 Inefficient Regular Expression Complexity in GitLab — GitLabCWE-1333 4.3 Medium2024-04-12
CVE-2023-6678 Inefficient Regular Expression Complexity in GitLab — GitLabCWE-1333 4.3 Medium2024-04-12
CVE-2024-2279 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLabCWE-79 8.7 High2024-04-12
CVE-2024-3092 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLabCWE-79 8.7 High2024-04-12
CVE-2023-6371 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLabCWE-79 8.7 High2024-03-28
CVE-2024-2818 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 4.3 Medium2024-03-28
CVE-2024-0199 Incorrect Authorization in GitLab — GitLabCWE-863 7.7 High2024-03-07
CVE-2024-1299 Privilege Chaining in GitLab — GitLabCWE-268 6.5 Medium2024-03-07
CVE-2023-4895 Missing Authorization in GitLab — GitLabCWE-862 4.3 Medium2024-02-22
CVE-2023-6477 Incorrect Privilege Assignment in GitLab — GitLabCWE-266 6.7 Medium2024-02-21
CVE-2024-0410 Improper Enforcement of Behavioral Workflow in GitLab — GitLabCWE-841 7.7 High2024-02-21
CVE-2024-1451 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLabCWE-79 8.7 High2024-02-21
CVE-2024-1525 Authentication Bypass Using an Alternate Path or Channel in GitLab — GitLabCWE-288 5.3 Medium2024-02-21
CVE-2024-0861 Direct Request ('Forced Browsing') in GitLab — GitLabCWE-425 4.3 Medium2024-02-21
CVE-2023-3509 Incorrect Authorization in GitLab — GitLabCWE-863 3.7 Low2024-02-21
CVE-2024-1250 Privilege Chaining in GitLab — GitLabCWE-268 6.5 Medium2024-02-12
CVE-2023-6564 Incorrect Authorization in GitLab — GitLabCWE-863 6.5 Medium2024-02-08
CVE-2023-6736 Inefficient Regular Expression Complexity in GitLab — GitLabCWE-1333 6.5 Medium2024-02-07
CVE-2023-6840 Missing Authorization in GitLab — GitLabCWE-862 6.7 Medium2024-02-07
CVE-2024-1066 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 6.5 Medium2024-02-07
CVE-2023-5612 Missing Authorization in GitLab — GitLabCWE-862 5.3 Medium2024-01-26

This page lists every published CVE security advisory associated with GitLab. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.