| CVE-2021-22171 |
High |
Yes |
Authentication bypass |
Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ would allow stealing a user's API access token. The issue is mitigated... |
| CVE-2021-22168 |
Medium |
Yes |
Denial of service |
A regular expression denial of service issue has been discovered in the NuGet API affecting all versions of GitLab starting from version 12.8. The issue is... |
| CVE-2021-22167 |
Medium |
Yes |
Information disclosure |
An issue has been discovered in GitLab affecting all versions starting from 12.1. Incorrect headers within a specific project page allow attackers to have... |
| CVE-2021-22166 |
Medium |
Yes |
Denial of service |
An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method. The issue is mitigated in GitLab... |
| CVE-2020-26414 |
Medium |
Yes |
Denial of service |
An issue has been discovered in GitLab affecting all versions starting from 12.4. The regex used for package names is written in a way that makes execution... |