Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

GitLab — Vulnerabilities & Security Advisories 1012

Browse all 1012 CVE security advisories affecting GitLab. AI-powered Chinese analysis, POCs, and references for each vulnerability.

GitLab operates as a comprehensive DevOps platform, providing version control, continuous integration, and deployment capabilities primarily for software development teams. With over one thousand recorded CVEs, the software has historically been susceptible to critical vulnerability classes, including remote code execution, cross-site scripting, and privilege escalation attacks. These flaws often stem from complex integrations and API endpoints, allowing attackers to bypass authentication or execute arbitrary commands on affected servers. Notable incidents have included unauthorized access to private repositories and data exfiltration due to improper access controls. The high volume of vulnerabilities reflects the platform’s extensive feature set and frequent updates, necessitating rigorous patch management. Security assessments consistently highlight the importance of configuring secure defaults and monitoring for known exploit patterns to mitigate risks associated with its broad attack surface.

Found 1 results / 1012Clear Filters
Top products by GitLab: GitLab GitLab CE/EE GitLab Community and Enterprise Editions GitLab EE GitLab Runner gitlab-vscode-extension DAST GitLab Community Edition and GitLab Enterprise Edition Gitaly GitLab Pages DAST API scanner GitLab DAST API scanner GitLab VSCode Fork GitLab Language Server GitLab AI Gateway
High2026-04-23
GitLab Patch Release: 18.11.1, 18.10.4, 18.9.6 | GitLab Docs
High2026-04-09
GitLab Patch Release: 18.10.3, 18.9.5, 18.8.9 | GitLab
HighCVE-2021-222052026-04-04
fix(flows, executions): SQL injection vulnerabilities in label search · kestra-io/kestra@3926762 · GitHub
HighCVE-2024-63852026-04-04
Merge branch 'sec_chapter_export' into development · BookStackApp/BookStack@8a59895 · GitHub
Unknown2026-04-04
Fix bash automation command injection by melohagan · Pull Request #18238 · Budibase/budibase · GitHub
Critical2026-04-04
Unauthenticated Remote Code Execution via Webhook Trigger and Bash Automation Step · Advisory · Budibase/budibase · GitH
High2026-04-04
fix: ensure users uploading tools need admin permission on the model · juju/juju@22cdcf6 · GitHub
CriticalCVE-2024-399342026-04-03
mcp: add automatic DNS rebinding protection for localhost servers (#760) · modelcontextprotocol/go-sdk@67bd3f2 · GitHub
Critical2026-04-03
Unauthenticated Workflow Execution via ManualAPI · Advisory · OneUptime/oneuptime · GitHub
HighCVE-2023-383252026-04-03
[Frontend] Remove librosa from audio dependency by Isotr0py · Pull Request #37058 · vllm-project/vllm · GitHub
HighCVE-2024-93852026-04-03
fix(infra): align env key normalization in approval binding path by pgondhi987 · Pull Request #59182 · openclaw/openclaw
HighCVE-2023-70232026-04-02
Merge commit from fork · Admidio/admidio@707171c · GitHub
CriticalCVE-2024-399342026-04-02
fix(security): parameterize Postgres query parser to prevent SQL inje… · alerta/alerta@fdd52cd · GitHub
HighCVE-2024-93802026-04-02
[PR #12302/2dc02ee0 backport][3.13] Skip duplicate singleton header c… · aio-libs/aiohttp@53e2e6f · GitHub
Critical2026-04-02
[PR #12240/345d2537 backport][3.13] Reject duplicate singleton header… · aio-libs/aiohttp@e00ca3c · GitHub
Unknown2026-04-02
SECURITY: Validate sso_destination_url cookie to prevent open redirect · discourse/discourse@080408b · GitHub
HighCVE-2024-382382026-04-02
SECURITY: Stored XSS via unescaped assignee name · discourse/discourse@46edb17 · GitHub
HighCVE-2021-222052026-04-02
fix: Validate sort_by parameter against allowlist in repositories (#1… · HiEventsDev/Hi.Events@01e1aee · GitHub
CriticalCVE-2024-382382026-04-02
fix(webhook/downloadFrom): better default security and DX for allow /… · gotenberg/gotenberg@8625a4e · GitHub
High2026-02-26
GitLab Patch Release: 18.9.1, 18.8.5, 18.7.5 | GitLab

Showing up to 20 recent security advisories. View all →

This page lists every published CVE security advisory associated with GitLab. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.