Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

GitLab — Vulnerabilities & Security Advisories 1012

Browse all 1012 CVE security advisories affecting GitLab. AI-powered Chinese analysis, POCs, and references for each vulnerability.

GitLab operates as a comprehensive DevOps platform, providing version control, continuous integration, and deployment capabilities primarily for software development teams. With over one thousand recorded CVEs, the software has historically been susceptible to critical vulnerability classes, including remote code execution, cross-site scripting, and privilege escalation attacks. These flaws often stem from complex integrations and API endpoints, allowing attackers to bypass authentication or execute arbitrary commands on affected servers. Notable incidents have included unauthorized access to private repositories and data exfiltration due to improper access controls. The high volume of vulnerabilities reflects the platform’s extensive feature set and frequent updates, necessitating rigorous patch management. Security assessments consistently highlight the importance of configuring secure defaults and monitoring for known exploit patterns to mitigate risks associated with its broad attack surface.

Top products by GitLab: GitLab GitLab CE/EE GitLab Community and Enterprise Editions GitLab EE GitLab Runner gitlab-vscode-extension DAST GitLab Community Edition and GitLab Enterprise Edition Gitaly GitLab Pages DAST API scanner GitLab DAST API scanner GitLab VSCode Fork GitLab Language Server GitLab AI Gateway
CVE IDTitleCVSSSeverityPublished
CVE-2024-5528 Incomplete Comparison with Missing Factors in GitLab — GitLabCWE-1023 3.5 Low2025-02-05
CVE-2024-9631 Inefficient Algorithmic Complexity in GitLab — GitLabCWE-407 7.5 High2025-02-05
CVE-2024-6356 Incorrect User Management in GitLab — GitLabCWE-286 4.4 Medium2025-02-05
CVE-2024-1539 Missing Authorization in GitLab — GitLabCWE-862 4.3 Medium2025-02-05
CVE-2023-6386 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 6.5 Medium2025-02-05
CVE-2023-6195 Server-Side Request Forgery (SSRF) in GitLab — GitLabCWE-918 2.6 Low2025-01-30
CVE-2024-1211 Cross-Site Request Forgery (CSRF) in GitLab — GitLabCWE-352 6.4 Medium2025-01-30
CVE-2025-0290 Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab — GitLabCWE-835 4.3 Medium2025-01-28
CVE-2024-11931 Insufficient Granularity of Access Control in GitLab — GitLabCWE-1220 6.4 Medium2025-01-24
CVE-2025-0314 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLabCWE-79 8.7 High2025-01-24
CVE-2024-13041 Incorrect User Management in GitLab — GitLabCWE-286 4.2 Medium2025-01-09
CVE-2024-6324 Inefficient Algorithmic Complexity in GitLab — GitLabCWE-407 4.3 Medium2025-01-09
CVE-2024-12431 Missing Authorization in GitLab — GitLabCWE-862 4.3 Medium2025-01-08
CVE-2025-0194 Insertion of Sensitive Information into Externally-Accessible File or Directory in GitLab — GitLabCWE-538 6.5 Medium2025-01-08
CVE-2023-5117 Exposure of Sensitive Information Due to Incompatible Policies in GitLab — GitLabCWE-213 3.7 Low2024-12-25
CVE-2024-8116 Incorrect Authorization in GitLab — GitLabCWE-863 5.3 Medium2024-12-16
CVE-2024-8650 Incorrect Authorization in GitLab — GitLabCWE-863 5.3 Medium2024-12-16
CVE-2024-8179 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLabCWE-79 5.4 Medium2024-12-12
CVE-2024-8233 Inefficient Algorithmic Complexity in GitLab — GitLabCWE-407 7.5 High2024-12-12
CVE-2024-8647 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLab — GitLabCWE-22 5.4 Medium2024-12-12
CVE-2024-9367 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 4.3 Medium2024-12-12
CVE-2024-9387 URL Redirection to Untrusted Site ('Open Redirect') in GitLab — GitLabCWE-601 6.4 Medium2024-12-12
CVE-2024-10043 Incorrect Authorization in GitLab — GitLabCWE-863 3.1 Low2024-12-12
CVE-2024-11274 URL Redirection to Untrusted Site ('Open Redirect') in GitLab — GitLabCWE-601 8.7 High2024-12-12
CVE-2024-12570 Privilege Context Switching Error in GitLab — GitLabCWE-270 6.7 Medium2024-12-12
CVE-2024-12292 Insertion of Sensitive Information into Log File in GitLab — GitLabCWE-532 4.0 Medium2024-12-12
CVE-2024-10240 Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab — GitLabCWE-497 5.3 Medium2024-11-26
CVE-2024-11828 Inefficient Algorithmic Complexity in GitLab — GitLabCWE-407 4.3 Medium2024-11-26
CVE-2024-11669 Incorrect Authorization in GitLab — GitLabCWE-863 6.5 Medium2024-11-26
CVE-2024-8114 Missing Authorization in GitLab — GitLabCWE-862 8.2 High2024-11-26

This page lists every published CVE security advisory associated with GitLab. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.