Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-12635 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to make requests to internal network resources through mirror synchronization due to improper URL validation. | 0.0 | 0.17% | 2026-06-25 | 2026-06-25 |
| CVE-2021-39911 | An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 exposes private email address of Issue and Merge Requests assignee to Webhook data consumers | 1.7 | 0.67% | 2021-11-04 | 2026-06-17 |
| CVE-2025-13611 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.5.5 and 18.6 before 18.6.3 that could have allowed an authenticated user with access to certain logs to obtain sensitive tokens under specific conditions. | 2.0 | 0.21% | 2025-11-26 | 2026-06-17 |
| CVE-2023-3511 | An issue has been discovered in GitLab EE affecting all versions starting from 8.17 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible for auditor users to fork and submit merge requests to private projects they're not a member of. | 2.0 | 0.40% | 2023-12-15 | 2026-06-17 |
| CVE-2022-1426 | An issue has been discovered in GitLab affecting all versions starting from 12.6 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly authenticating a user that had some certain amount of information which allowed an user to authenticate without a personal access token. | 2.0 | 0.85% | 2022-05-11 | 2026-06-17 |
| CVE-2021-39900 | Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary availability via Rails logs. | 2.0 | 0.61% | 2021-10-04 | 2026-06-17 |
| CVE-2025-12697 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.5 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user with maintainer-role permissions to reveal Datadog API credentials under certain conditions. | 2.2 | 0.29% | 2026-03-11 | 2026-06-17 |
| CVE-2023-4875 | Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12 | 2.2 | 0.51% | 2023-09-09 | 2026-06-17 |
| CVE-2022-2534 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was returning contributor emails due to improper data handling in the Datadog integration. | 2.2 | 0.55% | 2022-08-05 | 2026-06-17 |
| CVE-2021-39879 | Missing authentication in all versions of GitLab CE/EE since version 7.11.0 allows an attacker with access to a victim's session to disable two-factor authentication | 2.2 | 0.40% | 2021-10-04 | 2026-06-17 |
| CVE-2022-1111 | A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 under certain conditions caused imported projects to show an incorrect user in the 'Access Granted' column in the project membership pages | 2.4 | 0.59% | 2022-04-04 | 2026-06-17 |
| CVE-2021-22202 | An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API. | 2.4 | 0.48% | 2021-04-02 | 2026-06-16 |
| CVE-2020-13353 | When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above. | 2.5 | 0.27% | 2020-11-16 | 2026-06-16 |
| CVE-2026-9694 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions, could have allowed an unauthenticated user to impersonate the GitLab Support Bot and inject arbitrary content via a specially crafted Service Desk email reply due to improper neutralization in email template processing. | 2.6 | 0.21% | 2026-06-11 | 2026-06-17 |
| CVE-2026-6883 | GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to bypass merge request approval requirements due to improper cleanup of orphaned policy records. | 2.6 | 0.15% | 2026-05-14 | 2026-06-17 |
| CVE-2024-8974 | Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific conditions it was possible to disclose to an unauthorised user the path of a private project." | 2.6 | 0.27% | 2024-09-26 | 2026-06-17 |
| CVE-2024-7060 | An information disclosure vulnerability in GitLab CE/EE in project/group exports affecting all versions from 15.4 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows unauthorized users to view the resultant export. | 2.6 | 0.29% | 2024-07-24 | 2026-06-17 |
| CVE-2023-6195 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.5 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. GitLab was vulnerable to Server Side Request Forgery when an attacker uses a malicious URL in the markdown image value when importing a GitHub repository. | 2.6 | 0.29% | 2025-01-30 | 2026-06-17 |
| CVE-2023-4912 | An issue has been discovered in GitLab EE affecting all versions starting from 10.5 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to cause a client-side denial of service using malicious crafted mermaid diagram input. | 2.6 | 0.57% | 2023-12-01 | 2026-06-17 |
| CVE-2023-2013 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 1.2 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning non-trusted code. | 2.6 | 0.69% | 2023-06-07 | 2026-06-17 |