Vulnerabilities > Gitlab > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-05 | CVE-2021-39867 | Server-Side Request Forgery (SSRF) vulnerability in Gitlab In all versions of GitLab CE/EE since version 8.15, a DNS rebinding vulnerability in Gitea Importer may be exploited by an attacker to trigger Server Side Request Forgery (SSRF) attacks. | 8.1 |
| 2021-10-05 | CVE-2021-39893 | Missing Authorization vulnerability in Gitlab A potential DOS vulnerability was discovered in GitLab starting with version 9.1 that allowed parsing files without authorisation. | 7.5 |
| 2021-08-25 | CVE-2021-22236 | Incorrect Authorization vulnerability in Gitlab 14.1.0/14.1.1 Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. | 8.8 |
| 2021-07-07 | CVE-2021-22230 | Unspecified vulnerability in Gitlab Improper code rendering while rendering merge requests could be exploited to submit malicious code. | 7.2 |
| 2021-07-06 | CVE-2021-22229 | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.8. | 7.5 |
| 2021-06-08 | CVE-2021-22214 | Server-Side Request Forgery (SSRF) vulnerability in Gitlab When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited | 8.6 |
| 2021-05-06 | CVE-2021-22209 | Incorrect Authorization vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. | 7.5 |
| 2021-04-02 | CVE-2021-22200 | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. | 7.5 |
| 2021-04-01 | CVE-2021-22195 | Uncontrolled Search Path Element vulnerability in Gitlab Gitlab-Vscode-Extension Client side code execution in gitlab-vscode-extension v3.15.0 and earlier allows attacker to execute code on user system | 7.8 |
| 2021-03-24 | CVE-2021-22192 | Unspecified vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server. | 8.8 |