High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-06-08	CVE-2021-22214	Server-Side Request Forgery (SSRF) vulnerability in Gitlab When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited network low complexity gitlab CWE-918	8.6
2021-05-06	CVE-2021-22209	Incorrect Authorization vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. network low complexity gitlab CWE-863	7.5
2021-04-02	CVE-2021-22200	Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. network low complexity gitlab	7.5
2021-04-01	CVE-2021-22195	Uncontrolled Search Path Element vulnerability in Gitlab Gitlab-Vscode-Extension Client side code execution in gitlab-vscode-extension v3.15.0 and earlier allows attacker to execute code on user system local low complexity gitlab CWE-427	7.8
2021-03-24	CVE-2021-22192	Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server. network low complexity gitlab	8.8
2021-03-04	CVE-2021-22189	Improper Certificate Validation vulnerability in Gitlab Starting with version 13.7 the Gitlab CE/EE editions were affected by a security issue related to the validation of the certificates for the Fortinet OTP that could result in authentication issues. network low complexity gitlab CWE-295	7.2
2021-01-15	CVE-2021-22167	Unspecified vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting from 12.1. network low complexity gitlab	7.5
2021-01-15	CVE-2021-22166	Resource Exhaustion vulnerability in Gitlab 13.7.0/13.7.1 An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method network low complexity gitlab CWE-400	7.5
2020-11-19	CVE-2020-13359	Unspecified vulnerability in Gitlab The Terraform API in GitLab CE/EE 12.10+ exposed the object storage signed URL on the delete operation allowing a malicious project maintainer to overwrite the Terraform state, bypassing audit and other business controls. network low complexity gitlab	7.6
2020-11-19	CVE-2020-13356	Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.8.9. network low complexity gitlab	8.2