2020

CVE-2020-7968 (v3: 7.5) 5 Feb 2020
GitLab EE 8.0 through 12.7.2 has Incorrect Access Control.

2019

CVE-2019-15585 (v3: 9.8) 28 Jan 2020
Improper authentication exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) in the GitLab SAML integration had a validation issue that permitted an attacker to takeover another user's account.
CVE-2019-5486 (v3: 8.8) 18 Dec 2019
A authentication bypass vulnerability exists in GitLab CE/EE
CVE-2019-15737 (v3: 6.5) 16 Sep 2019
An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Certain account actions needed improved authentication and session management.
CVE-2019-5473 (v3: 7.2) 9 Sep 2019
An authentication issue was discovered in GitLab that allowed a bypass of email verification. This was addressed in GitLab 12.1.2 and 12.0.4.

2018

CVE-2018-20489 (v3: 5.3) 30 Dec 2019
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control.

2017

2016

2015

2014

2013

CVE-2013-4580 (v2: 6.8) 12 May 2014
GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1, when using a MySQL backend, allows remote attackers to impersonate arbitrary users and bypass authentication via unspecified API calls.

2012

2011