libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-06-15
A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through 13.0.1
CVSS Score
6.1
EPSS Score
0.003
Published
2020-06-10
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 12.7.9, 12.8.x before 12.8.9, and 12.9.x before 12.9.3. A Workhorse bypass could lead to NuGet package and file disclosure (Exposure of Sensitive Information) via request smuggling.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-04-22
GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a public project and then moved to a private project through Web-UI and GraphQL API.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-04-08
GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogBugz integration.
CVSS Score
9.8
EPSS Score
0.002
Published
2020-04-08
GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects.
CVSS Score
5.5
EPSS Score
0.074
Published
2020-04-08
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.
CVSS Score
6.5
EPSS Score
0.001
Published
2020-03-27
GitLab through 12.9 is affected by a potential DoS in repository archive download.
CVSS Score
7.5
EPSS Score
0.001
Published
2020-03-27
GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature.
CVSS Score
9.8
EPSS Score
0.001
Published
2020-03-27
GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation revealed that a particular deprecated service was creating a server side request forgery risk.
CVSS Score
9.8
EPSS Score
0.001
Published
2020-03-13