Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

GitLab — Vulnerabilities & Security Advisories 1012

Browse all 1012 CVE security advisories affecting GitLab. AI-powered Chinese analysis, POCs, and references for each vulnerability.

GitLab operates as a comprehensive DevOps platform, providing version control, continuous integration, and deployment capabilities primarily for software development teams. With over one thousand recorded CVEs, the software has historically been susceptible to critical vulnerability classes, including remote code execution, cross-site scripting, and privilege escalation attacks. These flaws often stem from complex integrations and API endpoints, allowing attackers to bypass authentication or execute arbitrary commands on affected servers. Notable incidents have included unauthorized access to private repositories and data exfiltration due to improper access controls. The high volume of vulnerabilities reflects the platform’s extensive feature set and frequent updates, necessitating rigorous patch management. Security assessments consistently highlight the importance of configuring secure defaults and monitoring for known exploit patterns to mitigate risks associated with its broad attack surface.

Found 949 results / 1012Clear Filters
Top products by GitLab: GitLab GitLab CE/EE GitLab Community and Enterprise Editions GitLab EE GitLab Runner gitlab-vscode-extension DAST GitLab Community Edition and GitLab Enterprise Edition Gitaly GitLab Pages DAST API scanner GitLab DAST API scanner GitLab VSCode Fork GitLab Language Server GitLab AI Gateway
CVE IDTitleCVSSSeverityPublished
CVE-2024-9633 Incorrect Ownership Assignment in GitLab — GitLabCWE-708 3.1 Low2024-11-14
CVE-2024-7404 Improper Restriction of Rendered UI Layers or Frames in GitLab — GitLabCWE-1021 6.8 Medium2024-11-14
CVE-2024-8648 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLabCWE-79 6.1 Medium2024-11-14
CVE-2024-8180 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLabCWE-79 5.4 Medium2024-11-14
CVE-2024-9693 Incorrect Authorization in GitLab — GitLabCWE-863 8.5 High2024-11-14
CVE-2024-6826 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 6.5 Medium2024-10-24
CVE-2024-8312 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLabCWE-79 8.7 High2024-10-24
CVE-2024-8970 Incorrect Authorization in GitLab — GitLabCWE-863 8.2 High2024-10-11
CVE-2024-5005 Incorrect Provision of Specified Functionality in GitLab — GitLabCWE-684 4.3 Medium2024-10-11
CVE-2024-9164 Missing Authentication for Critical Function in GitLab — GitLabCWE-306 9.6 Critical2024-10-11
CVE-2024-6530 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLabCWE-79 7.3 High2024-10-10
CVE-2024-8977 Server-Side Request Forgery (SSRF) in GitLab — GitLabCWE-918 8.2 High2024-10-10
CVE-2024-9596 Inclusion of Sensitive Information in Source Code in GitLab — GitLabCWE-540 3.7 Low2024-10-10
CVE-2024-9623 Incorrect Authorization in GitLab — GitLabCWE-863 4.9 Medium2024-10-10
CVE-2023-3441 Exposure of Sensitive Information Due to Incompatible Policies in GitLab — GitLabCWE-213 6.6 Medium2024-10-01
CVE-2024-4099 Improper Encoding or Escaping of Output in GitLab — GitLabCWE-116 3.1 Low2024-09-26
CVE-2024-8974 Incorrect Provision of Specified Functionality in GitLab — GitLabCWE-684 2.6 Low2024-09-26
CVE-2024-4278 Incorrect Synchronization in GitLab — GitLabCWE-821 5.5 Medium2024-09-26
CVE-2024-4283 URL Redirection to Untrusted Site ('Open Redirect') in GitLab — GitLabCWE-601 6.4 Medium2024-09-16
CVE-2024-6685 Authorization Bypass Through User-Controlled Key in GitLab — GitLabCWE-639 3.1 Low2024-09-16
CVE-2024-8311 Improper Protection of Alternate Path in GitLab — GitLabCWE-424 6.5 Medium2024-09-12
CVE-2024-4472 Insertion of Sensitive Information into Log File in GitLab — GitLabCWE-532 4.0 Medium2024-09-12
CVE-2024-6678 Authentication Bypass by Spoofing in GitLab — GitLabCWE-290 9.9 Critical2024-09-12
CVE-2024-8641 Privilege Context Switching Error in GitLab — GitLabCWE-270 6.7 Medium2024-09-12
CVE-2024-8631 Privilege Defined With Unsafe Actions in GitLab — GitLabCWE-267 5.5 Medium2024-09-12
CVE-2024-8754 External Control of Critical State Data in GitLab — GitLabCWE-642 6.4 Medium2024-09-12
CVE-2024-8635 Server-Side Request Forgery (SSRF) in GitLab — GitLabCWE-918 7.7 High2024-09-12
CVE-2024-2743 Incorrect Authorization in GitLab — GitLabCWE-863 5.3 Medium2024-09-12
CVE-2024-4612 URL Redirection to Untrusted Site ('Open Redirect') in GitLab — GitLabCWE-601 6.4 Medium2024-09-12
CVE-2024-4660 Missing Authorization in GitLab — GitLabCWE-862 6.5 Medium2024-09-12

This page lists every published CVE security advisory associated with GitLab. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.