Gitlab — веб-платформа для управления проектами и репозиториями программного кода, работа которой основана на популярной системе контроля версий Git.
Релизный цикл, информация об уязвимостях
График релизов
Количество 5 336
CVE-2023-5600
An issue has been discovered in GitLab EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. Arbitrary access to the titles of an private specific references could be leaked through the service-desk custom email template.
CVE-2023-5600
An issue has been discovered in GitLab EE affecting all versions start ...
CVE-2024-4994
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1.0 before 16.11.5, all versions starting from 17.0 before 17.0.3, all versions starting from 17.1.0 before 17.1.1 which allowed for a CSRF attack on GitLab's GraphQL API leading to the execution of arbitrary GraphQL mutations.
CVE-2024-4994
An issue has been discovered in GitLab CE/EE affecting all versions fr ...
CVE-2024-4025
A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions from 7.10 prior before 16.11.5, version 17.0 before 17.0.3, and 17.1 before 17.1.1. It is possible for an attacker to cause a denial of service using a crafted markdown page.
CVE-2024-4025
A Denial of Service (DoS) condition has been discovered in GitLab CE/E ...
CVE-2024-4025
A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions from 7.10 prior before 16.11.5, version 17.0 before 17.0.3, and 17.1 before 17.1.1. It is possible for an attacker to cause a denial of service using a crafted markdown page.
CVE-2024-4994
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1.0 before 16.11.5, all versions starting from 17.0 before 17.0.3, all versions starting from 17.1.0 before 17.1.1 which allowed for a CSRF attack on GitLab's GraphQL API leading to the execution of arbitrary GraphQL mutations.
CVE-2025-5121
An issue has been discovered in GitLab CE/EE affecting all versions fr ...
CVE-2025-5121
An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have allowed compliance frameworks to be applied to projects outside the compliance framework's group.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2023-5600 An issue has been discovered in GitLab EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. Arbitrary access to the titles of an private specific references could be leaked through the service-desk custom email template. | CVSS3: 3.1 | 0% Низкий | 8 месяцев назад |
| CVE-2023-5600 An issue has been discovered in GitLab EE affecting all versions start ... | CVSS3: 3.1 | 0% Низкий | 8 месяцев назад |
| CVE-2024-4994 An issue has been discovered in GitLab CE/EE affecting all versions from 16.1.0 before 16.11.5, all versions starting from 17.0 before 17.0.3, all versions starting from 17.1.0 before 17.1.1 which allowed for a CSRF attack on GitLab's GraphQL API leading to the execution of arbitrary GraphQL mutations. | CVSS3: 8.1 | 0% Низкий | 8 месяцев назад |
| CVE-2024-4994 An issue has been discovered in GitLab CE/EE affecting all versions fr ... | CVSS3: 8.1 | 0% Низкий | 8 месяцев назад |
| CVE-2024-4025 A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions from 7.10 prior before 16.11.5, version 17.0 before 17.0.3, and 17.1 before 17.1.1. It is possible for an attacker to cause a denial of service using a crafted markdown page. | CVSS3: 6.5 | 0% Низкий | 8 месяцев назад |
| CVE-2024-4025 A Denial of Service (DoS) condition has been discovered in GitLab CE/E ... | CVSS3: 6.5 | 0% Низкий | 8 месяцев назад |
 | CVE-2024-4025 A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions from 7.10 prior before 16.11.5, version 17.0 before 17.0.3, and 17.1 before 17.1.1. It is possible for an attacker to cause a denial of service using a crafted markdown page. | CVSS3: 6.5 | 0% Низкий | 8 месяцев назад |
| CVE-2024-4994 An issue has been discovered in GitLab CE/EE affecting all versions from 16.1.0 before 16.11.5, all versions starting from 17.0 before 17.0.3, all versions starting from 17.1.0 before 17.1.1 which allowed for a CSRF attack on GitLab's GraphQL API leading to the execution of arbitrary GraphQL mutations. | CVSS3: 8.1 | 0% Низкий | 8 месяцев назад |
| CVE-2025-5121 An issue has been discovered in GitLab CE/EE affecting all versions fr ... | CVSS3: 8.5 | 0% Низкий | 8 месяцев назад |
| CVE-2025-5121 An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have allowed compliance frameworks to be applied to projects outside the compliance framework's group. | CVSS3: 8.5 | 0% Низкий | 8 месяцев назад |
Уязвимостей на страницу