Vulnerabilities > Gitlab
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-06 | CVE-2021-22226 | Unspecified vulnerability in Gitlab Under certain conditions, some users were able to push to protected branches that were restricted to deploy keys in GitLab CE/EE since version 13.9 | 6.5 |
| 2021-07-06 | CVE-2021-22229 | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.8. | 7.5 |
| 2021-07-06 | CVE-2021-22232 | Injection vulnerability in Gitlab HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE | 5.4 |
| 2021-06-24 | CVE-2021-32823 | In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. | 3.7 |
| 2021-06-11 | CVE-2021-22175 | Server-Side Request Forgery (SSRF) vulnerability in Gitlab When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled | 9.8 |
| 2021-06-11 | CVE-2021-22181 | Resource Exhaustion vulnerability in Gitlab A denial of service vulnerability in GitLab CE/EE affecting all versions since 11.8 allows an attacker to create a recursive pipeline relationship and exhaust resources. | 6.5 |
| 2021-06-08 | CVE-2021-22216 | Resource Exhaustion vulnerability in Gitlab A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a very long issue or merge request description | 6.5 |
| 2021-06-08 | CVE-2021-22220 | Cross-site Scripting vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting with 13.10. | 5.4 |
| 2021-06-08 | CVE-2021-22213 | Unspecified vulnerability in Gitlab A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari | 6.5 |
| 2021-06-08 | CVE-2021-22217 | Unspecified vulnerability in Gitlab A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a specially crafted issue or merge request | 6.5 |