Gitlab — веб-платформа для управления проектами и репозиториями программного кода, работа которой основана на популярной системе контроля версий Git.

Релизный цикл, информация об уязвимостях

Продукт: Gitlab

Вендор: gitlab

График релизов

Недавние уязвимости Gitlab

Количество 5 336

CVE-2023-6195

около 1 года назад

An issue has been discovered in GitLab CE/EE affecting all versions st ...

CVSS3: 2.6

EPSS: Низкий

CVE-2024-1211

около 1 года назад

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 in which cross-site request forgery may have been possible on GitLab instances configured to use JWT as an OmniAuth provider.

CVSS3: 6.4

EPSS: Низкий

CVE-2023-6195

около 1 года назад

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.5 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. GitLab was vulnerable to Server Side Request Forgery when an attacker uses a malicious URL in the markdown image value when importing a GitHub repository.

CVSS3: 2.6

EPSS: Низкий

GHSA-j6mm-pjh3-2fh5

около 1 года назад

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 prior to 17.5.5, from 17.6 prior to 17.6.3, and from 17.7 prior to 17.7.1. Under certain conditions, processing of CI artifacts metadata could cause background jobs to become unresponsive.

CVSS3: 4.3

EPSS: Низкий

CVE-2025-0290

около 1 года назад

CVSS3: 4.3

EPSS: Низкий

CVE-2025-0290

около 1 года назад

An issue has been discovered in GitLab CE/EE affecting all versions st ...

CVSS3: 4.3

EPSS: Низкий

CVE-2025-0290

около 1 года назад

CVSS3: 4.3

EPSS: Низкий

GHSA-rww2-m274-8f9v

около 1 года назад

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.6.4, 17.7 before 17.7.3, and 17.8 before 17.8.1. Improper rendering of certain file types lead to cross-site scripting.

CVSS3: 8.7

EPSS: Низкий

GHSA-rppq-5vq8-crrp

около 1 года назад

An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.6.4, from 17.7 prior to 17.7.3, and from 17.8 prior to 17.8.1. Under certain conditions, it may have been possible for users with developer role to exfiltrate protected CI variables via CI lint.

CVSS3: 6.4

EPSS: Низкий

CVE-2025-0314

около 1 года назад

CVSS3: 8.7

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2023-6195 An issue has been discovered in GitLab CE/EE affecting all versions st ...	CVSS3: 2.6	0% Низкий	около 1 года назад
CVE-2024-1211 An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 in which cross-site request forgery may have been possible on GitLab instances configured to use JWT as an OmniAuth provider.	CVSS3: 6.4	0% Низкий	около 1 года назад
CVE-2023-6195 An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.5 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. GitLab was vulnerable to Server Side Request Forgery when an attacker uses a malicious URL in the markdown image value when importing a GitHub repository.	CVSS3: 2.6	0% Низкий	около 1 года назад
GHSA-j6mm-pjh3-2fh5 An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 prior to 17.5.5, from 17.6 prior to 17.6.3, and from 17.7 prior to 17.7.1. Under certain conditions, processing of CI artifacts metadata could cause background jobs to become unresponsive.	CVSS3: 4.3	0% Низкий	около 1 года назад
CVE-2025-0290 An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 prior to 17.5.5, from 17.6 prior to 17.6.3, and from 17.7 prior to 17.7.1. Under certain conditions, processing of CI artifacts metadata could cause background jobs to become unresponsive.	CVSS3: 4.3	0% Низкий	около 1 года назад
CVE-2025-0290 An issue has been discovered in GitLab CE/EE affecting all versions st ...	CVSS3: 4.3	0% Низкий	около 1 года назад
CVE-2025-0290 An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 prior to 17.5.5, from 17.6 prior to 17.6.3, and from 17.7 prior to 17.7.1. Under certain conditions, processing of CI artifacts metadata could cause background jobs to become unresponsive.	CVSS3: 4.3	0% Низкий	около 1 года назад
GHSA-rww2-m274-8f9v An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.6.4, 17.7 before 17.7.3, and 17.8 before 17.8.1. Improper rendering of certain file types lead to cross-site scripting.	CVSS3: 8.7	2% Низкий	около 1 года назад
GHSA-rppq-5vq8-crrp An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.6.4, from 17.7 prior to 17.7.3, and from 17.8 prior to 17.8.1. Under certain conditions, it may have been possible for users with developer role to exfiltrate protected CI variables via CI lint.	CVSS3: 6.4	0% Низкий	около 1 года назад
CVE-2025-0314 An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.6.4, 17.7 before 17.7.3, and 17.8 before 17.8.1. Improper rendering of certain file types lead to cross-site scripting.	CVSS3: 8.7	2% Низкий	около 1 года назад

Уязвимостей на страницу