Vulnerabilities > Gitlab > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-19 | CVE-2020-13274 | Unspecified vulnerability in Gitlab A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.1 | 7.5 |
| 2020-06-19 | CVE-2020-13273 | Unspecified vulnerability in Gitlab A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.1 | 7.5 |
| 2020-06-19 | CVE-2020-13272 | Insufficient Verification of Data Authenticity vulnerability in Gitlab OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow | 8.8 |
| 2020-06-10 | CVE-2020-13270 | Missing Authorization vulnerability in Gitlab Missing permission check on fork relation creation in GitLab CE/EE 11.3 and later through 13.0.1 allows guest users to create a fork relation on restricted public projects via API | 8.8 |
| 2020-04-22 | CVE-2020-11506 | HTTP Request Smuggling vulnerability in Gitlab An issue was discovered in GitLab 10.7.0 and later through 12.9.2. | 7.5 |
| 2020-04-22 | CVE-2020-11505 | HTTP Request Smuggling vulnerability in Gitlab An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 12.7.9, 12.8.x before 12.8.9, and 12.9.x before 12.9.3. | 7.5 |
| 2020-04-08 | CVE-2020-10976 | Information Exposure vulnerability in Gitlab GitLab EE/CE 8.17 to 12.9 is vulnerable to information leakage when querying a merge request widget. | 7.5 |
| 2020-03-27 | CVE-2020-10954 | Resource Exhaustion vulnerability in Gitlab GitLab through 12.9 is affected by a potential DoS in repository archive download. | 7.5 |
| 2020-03-27 | CVE-2020-10953 | Path Traversal vulnerability in Gitlab In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue. | 7.5 |
| 2020-03-13 | CVE-2020-10073 | Unspecified vulnerability in Gitlab GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. | 7.5 |