Approved changes feed: RSS · Atom
cpe:2.3:a:gitlab:gitlab:-:*:*:*:-:*:*:*
part: a version: - update: *
| Vendor | Gitlab (57573e99-56e6-5fad-895e-0ce7fffc5b90) |
|---|---|
| Product | Gitlab (5414fcda-a172-5f72-b6e4-b415a19d21eb) |
| Edition | * |
| Language | * |
| Software edition | - |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:gitlab/gitlab-org/gitlab |
purl2cpe | 2026-06-01 10:14:46.108459 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-2279 |
vulnerable | 2026-06-03 14:55:28.866523 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
HIGH (8.7)
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 to 16.8.6 all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. Using the autocomplete for issues references feature a crafted payload may lead to a stored XSS, allowing attackers to perform arbitrary actions on behalf of victims.
Published: 2024-04-12T00:53:21.240Z
Updated: 2026-05-02T04:05:37.944Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-5612 |
vulnerable | 2026-06-03 14:53:49.087665 |
Missing Authorization in GitLab
MEDIUM (5.3)
An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled.
Published: 2024-01-26T02:02:39.783Z
Updated: 2025-11-20T04:10:48.267Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.