Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

GitLab — Vulnerabilities & Security Advisories 1012

Browse all 1012 CVE security advisories affecting GitLab. AI-powered Chinese analysis, POCs, and references for each vulnerability.

GitLab operates as a comprehensive DevOps platform, providing version control, continuous integration, and deployment capabilities primarily for software development teams. With over one thousand recorded CVEs, the software has historically been susceptible to critical vulnerability classes, including remote code execution, cross-site scripting, and privilege escalation attacks. These flaws often stem from complex integrations and API endpoints, allowing attackers to bypass authentication or execute arbitrary commands on affected servers. Notable incidents have included unauthorized access to private repositories and data exfiltration due to improper access controls. The high volume of vulnerabilities reflects the platform’s extensive feature set and frequent updates, necessitating rigorous patch management. Security assessments consistently highlight the importance of configuring secure defaults and monitoring for known exploit patterns to mitigate risks associated with its broad attack surface.

Top products by GitLab: GitLab GitLab CE/EE GitLab Community and Enterprise Editions GitLab EE GitLab Runner gitlab-vscode-extension DAST GitLab Community Edition and GitLab Enterprise Edition Gitaly GitLab Pages DAST API scanner GitLab DAST API scanner GitLab VSCode Fork GitLab Language Server GitLab AI Gateway
CVE IDTitleCVSSSeverityPublished
CVE-2023-3909 Inefficient Regular Expression Complexity in GitLab — GitLabCWE-1333 4.3 Medium2023-11-06
CVE-2023-3246 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 4.3 Medium2023-11-06
CVE-2023-5825 Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab — GitLabCWE-835 6.5 Medium2023-11-06
CVE-2023-5831 Insertion of Sensitive Information Into Sent Data in GitLab — GitLabCWE-201 3.7 Low2023-11-06
CVE-2023-5106 Incorrect Authorization in GitLab — GitLabCWE-863 8.2 High2023-10-02
CVE-2023-5207 Execution with Unnecessary Privileges in GitLab — GitLabCWE-250 8.2 High2023-09-30
CVE-2023-3413 Insertion of Sensitive Information Into Sent Data in GitLab — GitLabCWE-201 6.5 Medium2023-09-29
CVE-2023-3922 URL Redirection to Untrusted Site ('Open Redirect') in GitLab — GitLabCWE-601 3.0 Low2023-09-29
CVE-2023-5198 Incorrect Authorization in GitLab — GitLabCWE-863 4.3 Medium2023-09-29
CVE-2023-0989 Improper Ownership Management in GitLab — GitLabCWE-282 4.3 Medium2023-09-29
CVE-2023-2233 Missing Authorization in GitLab — GitLabCWE-862 3.1 Low2023-09-29
CVE-2023-3115 Incorrect User Management in GitLab — GitLabCWE-286 5.4 Medium2023-09-29
CVE-2023-3920 Incorrect Authorization in GitLab — GitLabCWE-863 4.3 Medium2023-09-29
CVE-2023-3917 Improper Validation of Specified Type of Input in GitLab — GitLabCWE-1287 4.3 Medium2023-09-29
CVE-2023-3914 Incorrect User Management in GitLab — GitLabCWE-286 5.4 Medium2023-09-29
CVE-2023-3906 Improper Validation of Specified Type of Input in GitLab — GitLabCWE-1287 3.5 Low2023-09-29
CVE-2023-3979 Incorrect Authorization in GitLab — GitLabCWE-863 3.1 Low2023-09-29
CVE-2023-4532 Incorrect Authorization in GitLab — GitLabCWE-863 4.3 Medium2023-09-29
CVE-2023-5009 Incorrect Authorization in GitLab — GitLabCWE-863 9.6 High2023-09-19
CVE-2023-4630 Missing Authorization in GitLab — GitLabCWE-862 5.0 Medium2023-09-11
CVE-2023-3210 Inefficient Regular Expression Complexity in GitLab — GitLabCWE-1333 6.5 Medium2023-09-01
CVE-2023-3950 Cleartext Storage of Sensitive Information in GitLab — GitLabCWE-312 5.5 Medium2023-09-01
CVE-2023-4018 Direct Request ('Forced Browsing') in GitLab — GitLabCWE-425 4.3 Medium2023-09-01
CVE-2023-4378 Insertion of Sensitive Information Into Sent Data in GitLab — GitLabCWE-201 5.5 Medium2023-09-01
CVE-2023-4647 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 5.3 Medium2023-09-01
CVE-2022-4343 Exposure of Sensitive Information to an Unauthorized Actor in GitLab — GitLabCWE-200 5.0 Medium2023-09-01
CVE-2023-0120 Incorrect Authorization in GitLab — GitLabCWE-863 3.5 Low2023-09-01
CVE-2023-1279 URL Redirection to Untrusted Site in GitLab — GitLabCWE-601 2.6 Low2023-09-01
CVE-2023-1555 Missing Authorization in GitLab — GitLabCWE-262 2.7 Low2023-09-01
CVE-2023-3205 Inefficient Regular Expression Complexity in GitLab — GitLabCWE-1333 6.5 Medium2023-09-01

This page lists every published CVE security advisory associated with GitLab. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.