Total
33665 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-6477 | 1 Gitlab | 1 Gitlab | 2025-11-20 | 6.7 Medium |
| An issue has been discovered in GitLab EE affecting all versions starting from 16.5 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. When a user is assigned a custom role with admin_group_member permission, they may be able to make a group, other members or themselves Owners of that group, which may lead to privilege escalation. | ||||
| CVE-2023-5995 | 1 Gitlab | 1 Gitlab | 2025-11-20 | 4.4 Medium |
| An issue has been discovered in GitLab EE affecting all versions starting from 16.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the policy bot to gain access to internal projects. | ||||
| CVE-2023-5612 | 1 Gitlab | 1 Gitlab | 2025-11-20 | 5.3 Medium |
| An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled. | ||||
| CVE-2023-5226 | 1 Gitlab | 1 Gitlab | 2025-11-20 | 4.8 Medium |
| An issue has been discovered in GitLab affecting all versions before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. Under certain circumstances, a malicious actor bypass prohibited branch checks using a specially crafted branch name to manipulate repository content in the UI. | ||||
| CVE-2023-5207 | 1 Gitlab | 1 Gitlab | 2025-11-20 | 8.2 High |
| A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user. | ||||
| CVE-2023-4912 | 1 Gitlab | 1 Gitlab | 2025-11-20 | 2.6 Low |
| An issue has been discovered in GitLab EE affecting all versions starting from 10.5 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to cause a client-side denial of service using malicious crafted mermaid diagram input. | ||||
| CVE-2023-4812 | 1 Gitlab | 1 Gitlab | 2025-11-20 | 7.6 High |
| An issue has been discovered in GitLab EE affecting all versions starting from 15.3 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2. The required CODEOWNERS approval could be bypassed by adding changes to a previously approved merge request. | ||||
| CVE-2023-4658 | 1 Gitlab | 1 Gitlab | 2025-11-20 | 3.1 Low |
| An issue has been discovered in GitLab EE affecting all versions starting from 8.13 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the `Allowed to merge` permission as a guest user, when granted the permission through a group. | ||||
| CVE-2023-4532 | 1 Gitlab | 1 Gitlab | 2025-11-20 | 4.3 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. Users were capable of linking CI/CD jobs of private projects which they are not a member of. | ||||
| CVE-2023-4522 | 1 Gitlab | 1 Gitlab | 2025-11-20 | 4.3 Medium |
| An issue has been discovered in GitLab affecting all versions before 16.2.0. Committing directories containing LF character results in 500 errors when viewing the commit. | ||||
| CVE-2023-4317 | 1 Gitlab | 1 Gitlab | 2025-11-20 | 4.3 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 9.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a user with the Developer role to update a pipeline schedule from an unprotected branch to a protected branch. | ||||
| CVE-2023-3979 | 1 Gitlab | 1 Gitlab | 2025-11-20 | 3.1 Low |
| An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that upstream members to collaborate with you on your branch get permission to write to the merge request’s source branch. | ||||
| CVE-2023-3964 | 1 Gitlab | 1 Gitlab | 2025-11-20 | 4.3 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 13.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for users to access composer packages on public projects that have package registry disabled in the project settings. | ||||
| CVE-2023-3949 | 1 Gitlab | 1 Gitlab | 2025-11-20 | 5.3 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 11.3 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for unauthorized users to view a public projects' release descriptions via an atom endpoint when release access on the public was set to only project members. | ||||
| CVE-2023-3932 | 1 Gitlab | 1 Gitlab | 2025-11-20 | 5.3 Medium |
| An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. | ||||
| CVE-2023-3917 | 1 Gitlab | 1 Gitlab | 2025-11-20 | 4.3 Medium |
| Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows attacker to cause pipelines to fail. | ||||
| CVE-2023-3900 | 1 Gitlab | 1 Gitlab | 2025-11-20 | 4.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. An invalid 'start_sha' value on merge requests page may lead to Denial of Service as Changes tab would not load. | ||||
| CVE-2023-3484 | 1 Gitlab | 1 Gitlab | 2025-11-20 | 8 High |
| An issue has been discovered in GitLab EE affecting all versions starting from 12.8 before 15.11.11, all versions starting from 16.0 before 16.0.7, all versions starting from 16.1 before 16.1.2. An attacker could change the name or path of a public top-level group in certain situations. | ||||
| CVE-2023-3443 | 1 Gitlab | 1 Gitlab | 2025-11-20 | 3.1 Low |
| An issue has been discovered in GitLab affecting all versions starting from 12.1 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a Guest user to add an emoji on confidential work items. | ||||
| CVE-2023-3413 | 1 Gitlab | 1 Gitlab | 2025-11-20 | 6.5 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to read the source code of a project through a fork created before changing visibility to only project members. | ||||