Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

GitLab — Vulnerabilities & Security Advisories 1012

Browse all 1012 CVE security advisories affecting GitLab. AI-powered Chinese analysis, POCs, and references for each vulnerability.

GitLab operates as a comprehensive DevOps platform, providing version control, continuous integration, and deployment capabilities primarily for software development teams. With over one thousand recorded CVEs, the software has historically been susceptible to critical vulnerability classes, including remote code execution, cross-site scripting, and privilege escalation attacks. These flaws often stem from complex integrations and API endpoints, allowing attackers to bypass authentication or execute arbitrary commands on affected servers. Notable incidents have included unauthorized access to private repositories and data exfiltration due to improper access controls. The high volume of vulnerabilities reflects the platform’s extensive feature set and frequent updates, necessitating rigorous patch management. Security assessments consistently highlight the importance of configuring secure defaults and monitoring for known exploit patterns to mitigate risks associated with its broad attack surface.

Found 949 results / 1012Clear Filters
Top products by GitLab: GitLab GitLab CE/EE GitLab Community and Enterprise Editions GitLab EE GitLab Runner gitlab-vscode-extension DAST GitLab Community Edition and GitLab Enterprise Edition Gitaly GitLab Pages DAST API scanner GitLab DAST API scanner GitLab VSCode Fork GitLab Language Server GitLab AI Gateway
CVE IDTitleCVSSSeverityPublished
CVE-2024-6385 Improper Access Control in GitLab — GitLabCWE-284 9.6 Critical2024-07-11
CVE-2024-2177 Improper Restriction of Rendered UI Layers or Frames in GitLab — GitLabCWE-1021 6.8 Medium2024-07-09
CVE-2024-1493 Uncontrolled Resource Consumption in GitLab — GitLabCWE-1333 6.5 Medium2024-06-26
CVE-2024-1816 Uncontrolled Resource Consumption in GitLab — GitLabCWE-400 5.3 Medium2024-06-26
CVE-2024-2191 Improper Access Control in GitLab — GitLabCWE-284 5.3 Medium2024-06-26
CVE-2024-3115 Exposure of Sensitive Information to an Unauthorized Actor in GitLab — GitLabCWE-862 4.3 Medium2024-06-26
CVE-2024-3959 Improper Authorization in GitLab — GitLabCWE-285 6.5 Medium2024-06-26
CVE-2024-4011 Improper Access Control in GitLab — GitLabCWE-863 3.1 Low2024-06-26
CVE-2024-4557 Uncontrolled Resource Consumption in GitLab — GitLabCWE-400 6.5 Medium2024-06-26
CVE-2024-4901 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLabCWE-79 8.7 High2024-06-26
CVE-2024-5655 Improper Access Control in GitLab — GitLabCWE-284 9.6 Critical2024-06-26
CVE-2024-5430 Improper Access Control in GitLab — GitLabCWE-284 6.8 Medium2024-06-26
CVE-2024-6323 Improper Isolation or Compartmentalization in GitLab — GitLabCWE-863 7.5 High2024-06-26
CVE-2024-5469 Uncontrolled Resource Consumption in GitLab — GitLabCWE-754 3.1 Low2024-06-14
CVE-2024-1736 Uncontrolled Resource Consumption in GitLab — GitLabCWE-1333 6.5 Medium2024-06-12
CVE-2024-1495 Uncontrolled Resource Consumption in GitLab — GitLabCWE-1333 6.5 Medium2024-06-12
CVE-2024-1963 Uncontrolled Resource Consumption in GitLab — GitLabCWE-1333 6.5 Medium2024-06-12
CVE-2024-4201 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLabCWE-79 4.4 Medium2024-06-12
CVE-2024-5318 Missing Authorization in GitLab — GitLabCWE-862 4.0 Medium2024-05-24
CVE-2023-6502 Inefficient Regular Expression Complexity in GitLab — GitLabCWE-1333 4.3 Medium2024-05-23
CVE-2023-7045 Cross-Site Request Forgery (CSRF) in GitLab — GitLabCWE-352 5.4 Medium2024-05-23
CVE-2024-1947 Improper Handling of Highly Compressed Data (Data Amplification) in GitLab — GitLabCWE-409 4.3 Medium2024-05-23
CVE-2024-5258 Authorization Bypass Through User-Controlled Key in GitLab — GitLabCWE-639 4.4 Medium2024-05-23
CVE-2024-2874 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 6.5 Medium2024-05-23
CVE-2024-4835 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLabCWE-79 8.0 High2024-05-23
CVE-2023-6682 Inefficient Regular Expression Complexity in GitLab — GitLabCWE-1333 6.5 Medium2024-05-09
CVE-2023-6688 Inefficient Regular Expression Complexity in GitLab — GitLabCWE-1333 6.5 Medium2024-05-09
CVE-2024-2454 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 6.5 Medium2024-05-09
CVE-2024-2651 Inefficient Regular Expression Complexity in GitLab — GitLabCWE-1333 6.5 Medium2024-05-09
CVE-2024-4539 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 4.3 Medium2024-05-09

This page lists every published CVE security advisory associated with GitLab. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.