gitlab vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the gitlab package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
L Incorrect Authorization	*
L Incorrect Ownership Assignment	*
L Cross-site Scripting (XSS)	*
L Allocation of Resources Without Limits or Throttling	*
L Cross-site Scripting (XSS)	*
L CVE-2024-8970	*
L CVE-2024-5005	*
M Cross-site Scripting (XSS)	*
M Incorrect Authorization	*
L CVE-2023-3441	<16.4.4+ds2-1
M Incorrect Authorization	*
M CVE-2024-6685	*
H Inefficient Regular Expression Complexity	*
M Information Exposure	*
H Authentication Bypass	*
M Information Exposure Through Log Files	*
L CVE-2024-6446	*
M CVE-2024-6389	*
H CVE-2024-8754	*
H CVE-2024-8641	*
M CVE-2024-8041	*
M CVE-2024-6502	*
M CVE-2024-7554	*
M CVE-2024-7610	*
H Improper Encoding or Escaping of Output	*
M Improper Authentication	*
M Inefficient Regular Expression Complexity	*
H Inefficient Regular Expression Complexity	*
M CVE-2024-5423	*
M Cross-site Scripting (XSS)	*
M CVE-2024-4210	*
H Authorization Bypass Through User-Controlled Key	*
M Arbitrary Code Injection	*
L Arbitrary Code Injection	*
M Cross-site Scripting (XSS)	*
M CVE-2024-7057	*
M CVE-2024-7060	*
M CVE-2024-7091	*
L CVE-2024-2177	*
L CVE-2024-5528	*
L CVE-2024-2880	*
C CVE-2024-6385	*
M Unrestricted Upload of File with Dangerous Type	*
M Cross-site Scripting (XSS)	*
H CVE-2024-5655	*
M Inefficient Regular Expression Complexity	*
M CVE-2024-2191	*
M Resource Exhaustion	*
M Incorrect Authorization	*
M CVE-2024-5430	*
M CVE-2024-3959	*
M CVE-2024-1816	*
M Inefficient Regular Expression Complexity	*
M Improper Check for Unusual or Exceptional Conditions	*
M Cross-site Scripting (XSS)	*
M Inefficient Regular Expression Complexity	*
M Inefficient Regular Expression Complexity	*
L CVE-2024-5258	*
L CVE-2024-4835	*
L CVE-2023-7045	*
L CVE-2024-1947	*
L CVE-2024-2874	*
L CVE-2023-6502	*
L CVE-2023-6688	*
L CVE-2023-6682	*
L CVE-2024-4539	*
L CVE-2024-2454	*
L CVE-2024-2651	*
L CVE-2024-2829	*
L CVE-2024-1347	*
L CVE-2024-2434	*
L CVE-2024-4006	*
L CVE-2024-4024	*
L CVE-2024-3092	*
L CVE-2023-6678	*
L CVE-2024-2279	*
L CVE-2023-6489	*
L CVE-2024-2818	*
L CVE-2023-6371	*
L CVE-2024-0199	<16.8.4-1
L CVE-2024-1299	<16.8.4-1
H CVE-2024-0410	<16.8.3-1
M CVE-2024-1525	*
M CVE-2023-3509	<16.8.3-1
L CVE-2023-6386	<16.6.7-1
M CVE-2023-6840	<16.6.7-1
M Allocation of Resources Without Limits or Throttling	<16.6.7-1
M Cross-site Scripting (XSS)	<16.6.6-1
M Inefficient Regular Expression Complexity	<16.6.6-1
M CVE-2023-5612	<16.6.6-1
C Directory Traversal	<16.6.6-1
M CVE-2024-0456	<16.6.6-1
H Incorrect Authorization	<16.6.5-3
M Improper Verification of Cryptographic Signature	<16.6.5-3
C Weak Password Recovery Mechanism for Forgotten Password	<16.4.5+ds2-1
M Missing Authorization	<16.6.5-3
M CVE-2023-4812	<16.6.5-3
M CVE-2023-5061	<16.4.4+ds2-2
M Arbitrary Code Injection	<16.4.4+ds2-2
M Arbitrary Code Injection	<16.4.4+ds2-2
H CVE-2023-5226	<16.4.4+ds2-2
M CVE-2023-3964	<16.4.4+ds2-2
M CVE-2023-3443	<16.4.4+ds2-2
M CVE-2023-4317	<16.4.4+ds2-2
M Cross-site Scripting (XSS)	<16.4.4+ds2-2
M CVE-2023-3949	<16.4.4+ds2-2
M Allocation of Resources Without Limits or Throttling	<16.4.4+ds2-2
M Inefficient Regular Expression Complexity	<16.4.4+ds2-2
M Loop with Unreachable Exit Condition ('Infinite Loop')	<16.4.4+ds2-2
M CVE-2023-5831	<16.4.4+ds2-2
H CVE-2023-3399	<16.4.4+ds2-2
M CVE-2023-0989	<16.4.4+ds2-2
M CVE-2023-2233	<16.4.4+ds2-2
M CVE-2023-3979	<16.4.4+ds2-2
M CVE-2023-4532	<16.4.4+ds2-2
H CVE-2023-3413	<16.4.4+ds2-2
H Open Redirect	<16.4.4+ds2-2
M Incorrect Authorization	<16.4.4+ds2-2
M CVE-2023-5198	<16.4.4+ds2-2
H CVE-2023-5207	<16.4.4+ds2-2
H CVE-2023-3917	<16.4.4+ds2-2
L CVE-2023-4998	<16.4.4+ds2-2
M Inefficient Regular Expression Complexity	<16.4.4+ds2-2
M CVE-2023-4630	<16.4.4+ds2-2
M CVE-2023-4522	<16.4.4+ds2-2
M Open Redirect	<16.4.4+ds2-2
M CVE-2023-0120	<16.4.4+ds2-2
M Inefficient Regular Expression Complexity	<16.4.4+ds2-2
M CVE-2023-1555	<16.4.4+ds2-2
M CVE-2023-4378	<16.4.4+ds2-2
M CVE-2023-4018	<16.4.4+ds2-2
L CVE-2023-4638	<16.4.4+ds2-2
H Allocation of Resources Without Limits or Throttling	<16.4.4+ds2-2
M CVE-2023-2022	<16.0.8+ds1-1
M Arbitrary Code Injection	<16.0.8+ds1-1
M Cross-site Scripting (XSS)	<16.0.8+ds1-1
H CVE-2023-3900	<16.4.4+ds2-2
M CVE-2023-1210	<16.4.4+ds2-2
H Inefficient Regular Expression Complexity	<16.0.8+ds1-1
M Cross-site Scripting (XSS)	<16.0.8+ds1-1
C CVE-2023-4008	<16.0.8+ds1-1
H Inefficient Regular Expression Complexity	<16.4.4+ds2-2
M Directory Traversal	<16.0.8+ds1-1
H Inefficient Regular Expression Complexity	<16.0.8+ds1-1
L CVE-2023-2620	<15.11.11+ds1-1
M Authorization Bypass Through User-Controlled Key	<15.11.11+ds1-1
M Information Exposure	<16.0.7+ds1-2
L Information Exposure Through Log Files	<15.11.11+ds1-1
M CVE-2023-1936	<15.11.11+ds1-1
M CVE-2023-2576	<15.11.11+ds1-1
M Incorrect Authorization	<15.11.11+ds1-1
M Cross-site Scripting (XSS)	<15.11.11+ds1-1
H Inefficient Regular Expression Complexity	<15.11.11+ds1-1
M Time-of-check Time-of-use (TOCTOU)	<15.10.8+ds1-2
M Inefficient Regular Expression Complexity	<16.4.4+ds2-2
H Inefficient Regular Expression Complexity	<15.10.8+ds1-2
M CVE-2022-4462	<15.10.8+ds1-2
M Allocation of Resources Without Limits or Throttling	<15.10.8+ds1-2
M Incorrect Authorization	<15.10.8+ds1-2
M Cross-site Scripting (XSS)	<15.10.8+ds1-2
H Inefficient Regular Expression Complexity	<15.10.8+ds1-2
C Arbitrary Command Injection	<15.10.8+ds1-2
M Cross-site Scripting (XSS)	<15.10.8+ds1-2
H CVE-2023-0756	<15.10.8+ds1-2
M CVE-2023-1710	<15.10.8+ds1-2
H CVE-2023-1733	<15.10.8+ds1-2
M CVE-2023-1204	<15.10.8+ds1-2
M CVE-2023-0223	<15.10.8+ds1-2
M CVE-2023-2013	<15.10.8+ds1-2
M Arbitrary Code Injection	<15.10.8+ds1-2
M CVE-2022-4376	<15.10.8+ds1-2
M CVE-2023-2485	<15.10.8+ds1-2
M CVE-2023-1787	<15.10.8+ds1-2
M Open Redirect	<15.10.8+ds1-2
M CVE-2023-2001	<15.10.8+ds1-2
H Allocation of Resources Without Limits or Throttling	<15.10.8+ds1-2
M Exposure of Resource to Wrong Sphere	<15.10.8+ds1-2
M Cross-site Scripting (XSS)	<15.10.8+ds1-2
L CVE-2023-0483	<15.10.8+ds1-2
M Cross-site Scripting (XSS)	<15.10.8+ds1-2
M CVE-2023-1098	<15.10.8+ds1-2
M Incorrect Default Permissions	<15.10.8+ds1-2
M Open Redirect	<15.10.8+ds1-2
M Cross-site Scripting (XSS)	<15.10.8+ds1-2
M Incorrect Permission Assignment for Critical Resource	<15.10.8+ds1-2
M Cross-site Scripting (XSS)	<15.10.8+ds1-2
L CVE-2023-0838	<15.10.8+ds1-2
M CVE-2023-0508	<15.10.8+ds1-2
M Exposure of Resource to Wrong Sphere	<15.10.8+ds1-2
H Inefficient Regular Expression Complexity	<15.10.8+ds1-2
M CVE-2023-0450	<15.10.8+ds1-2
L CVE-2022-3375	<15.10.8+ds1-2
M Incorrect Authorization	<15.10.8+ds1-2
M Incorrect Authorization	<15.10.8+ds1-2
M Cross-site Scripting (XSS)	<15.10.8+ds1-2
M CVE-2023-2181	<15.10.8+ds1-2
M CVE-2022-4289	<15.10.8+ds1-2
L CVE-2023-1084	<15.10.8+ds1-2
M Session Fixation	<15.10.8+ds1-2
M Resource Exhaustion	<15.10.8+ds1-2
M Improper Validation of Specified Quantity in Input	<15.10.8+ds1-2
H CVE-2023-0518	<15.10.8+ds1-2
H CVE-2022-3759	<15.10.8+ds1-2
H Cross-site Request Forgery (CSRF)	<15.10.8+ds1-2
M Inefficient Regular Expression Complexity	<15.10.8+ds1-2
M Cross-site Scripting (XSS)	<15.10.8+ds1-2
H Race Condition	<15.10.8+ds1-2
H CVE-2022-3613	<15.10.8+ds1-2
M CVE-2022-3870	<15.10.8+ds1-2
M Inefficient Regular Expression Complexity	<15.10.8+ds1-2
M Open Redirect	<15.10.8+ds1-2
M CVE-2022-4365	<15.10.8+ds1-2
L CVE-2022-4342	<15.10.8+ds1-2
M Server-Side Request Forgery (SSRF)	<15.10.8+ds1-2
M CVE-2022-4054	<15.10.8+ds1-2
M Cross-site Scripting (XSS)	<15.10.8+ds1-2
M Unrestricted Upload of File with Dangerous Type	<15.10.8+ds1-2
M CVE-2022-4206	<15.10.8+ds1-2
M CVE-2022-3820	<15.10.8+ds1-2
H Access of Resource Using Incompatible Type ('Type Confusion')	<15.10.8+ds1-2
M CVE-2022-3902	<15.10.8+ds1-2
M CVE-2022-3740	<15.10.8+ds1-2
M Missing Authorization	<15.10.8+ds1-2
C CVE-2022-2826	<15.10.8+ds1-2
M CVE-2022-3030	<15.10.8+ds1-2
M CVE-2022-3767	<15.10.8+ds1-2
C CVE-2022-3726	<15.10.8+ds1-2
M CVE-2022-2761	<15.10.8+ds1-2
H OS Command Injection	<15.10.8+ds1-2
M Open Redirect	<15.10.8+ds1-2
M Incorrect Authorization	<15.10.8+ds1-2
M Cross-site Scripting (XSS)	<15.10.8+ds1-2
M Resource Exhaustion	<15.10.8+ds1-2
M Open Redirect	<15.10.8+ds1-2
M CVE-2022-3793	<15.10.8+ds1-2
M CVE-2022-3483	<15.10.8+ds1-2
M CVE-2022-3706	<15.10.8+ds1-2
M Authorization Bypass Through User-Controlled Key	<15.10.8+ds1-2
H Resource Exhaustion	<15.10.8+ds1-2
M Information Exposure Through Log Files	<15.10.8+ds1-2
H CVE-2022-3285	<15.10.8+ds1-2
H Resource Exhaustion	<15.10.8+ds1-2
M CVE-2022-3330	<15.10.8+ds1-2
M CVE-2022-3288	<15.10.8+ds1-2
M Cross-site Scripting (XSS)	<15.10.8+ds1-2
M CVE-2022-3325	<15.10.8+ds1-2
H Directory Traversal	<15.10.8+ds1-2
M CVE-2022-3066	<15.10.8+ds1-2
M Exposure of Resource to Wrong Sphere	<15.10.8+ds1-2
M Improper Handling of Exceptional Conditions	<15.10.8+ds1-2
M CVE-2022-3067	<15.10.8+ds1-2
H Improper Authentication	<15.10.8+ds1-2
H Resource Exhaustion	<15.10.8+ds1-2
C Arbitrary Code Injection	<15.10.8+ds1-2
M Cross-site Scripting (XSS)	<15.10.8+ds1-2
H CVE-2022-3031	<15.10.8+ds1-2
M Inefficient Regular Expression Complexity	<15.10.8+ds1-2
M CVE-2022-2907	<15.10.8+ds1-2
M Resource Exhaustion	<15.10.8+ds1-2
M CVE-2022-2630	<15.10.8+ds1-2
M Improper Validation of Specified Quantity in Input	<15.10.8+ds1-2
H Cross-site Scripting (XSS)	<15.10.8+ds1-2
H Cross-site Scripting (XSS)	<15.10.8+ds1-2
C OS Command Injection	<15.10.8+ds1-2
M Improper Input Validation	<15.10.8+ds1-2
H Incorrect Authorization	<15.10.8+ds1-2
M CVE-2022-2539	<15.10.8+ds1-2
M Incorrect Authorization	<15.10.8+ds1-2
M Improper Authentication	<15.10.8+ds1-2
L Incomplete Cleanup	<15.10.8+ds1-2
L CVE-2022-2456	<15.10.8+ds1-2
M CVE-2022-2534	<15.10.8+ds1-2
M CVE-2022-2512	<15.10.8+ds1-2
H Improper Privilege Management	<15.10.8+ds1-2
M Cross-site Scripting (XSS)	<15.10.8+ds1-2
M CVE-2022-2497	<15.10.8+ds1-2
H Cross-site Request Forgery (CSRF)	<15.10.8+ds1-2
M CVE-2022-1999	<15.10.8+ds1-2
M Cross-site Scripting (XSS)	<15.10.8+ds1-2
M Incorrect Default Permissions	<15.10.8+ds1-2
M Open Redirect	<15.10.8+ds1-2
M Incorrect Permission Assignment for Critical Resource	<15.10.8+ds1-2
H OS Command Injection	<15.10.8+ds1-2
H CVE-2022-2229	<15.10.8+ds1-2
M Inefficient Regular Expression Complexity	<15.10.8+ds1-2
M CVE-2022-1963	<15.10.8+ds1-2
M Authorization Bypass Through User-Controlled Key	<15.10.8+ds1-2
M CVE-2022-2244	<15.10.8+ds1-2
M Cross-site Scripting (XSS)	<15.10.8+ds1-2
M CVE-2022-1545	<15.10.8+ds1-2
M Incorrect Authorization	<15.10.8+ds1-2
H Missing Authorization	<15.10.8+ds1-2
M Improper Input Validation	<15.10.8+ds1-2
L Improper Authentication	<15.10.8+ds1-2
M Cross-site Scripting (XSS)	<15.10.8+ds1-2
H Insufficiently Protected Credentials	<15.10.8+ds1-2
M Authorization Bypass Through User-Controlled Key	<15.10.8+ds1-2
M Improper Input Validation	<15.10.8+ds1-2
H Inefficient Regular Expression Complexity	<15.10.8+ds1-2
M Cross-site Scripting (XSS)	<15.10.8+ds1-2
M Incorrect Authorization	<15.10.8+ds1-2
M Incorrect Authorization	<15.10.8+ds1-2
M CVE-2022-1821	<15.10.8+ds1-2
M Incorrect Authorization	<15.10.8+ds1-2
M Incorrect Authorization	<15.10.8+ds1-2
H CVE-2022-1680	<15.10.8+ds1-2
H Incorrect Authorization	<15.10.8+ds1-2
M CVE-2022-0477	<15.10.8+ds1-2
M Incorrect Authorization	<15.10.8+ds1-2
H Arbitrary Code Injection	<15.10.8+ds1-2
M CVE-2022-0373	<15.10.8+ds1-2
H Server-Side Request Forgery (SSRF)	<15.10.8+ds1-2
M Improper Certificate Validation	<15.10.8+ds1-2
L Information Exposure Through Log Files	<15.10.8+ds1-2
C Server-Side Request Forgery (SSRF)	<15.10.8+ds1-2
M Incorrect Authorization	<15.10.8+ds1-2
C Use of Hard-coded Credentials	<15.10.8+ds1-2
M Missing Authorization	<15.10.8+ds1-2
M Missing Release of Resource after Effective Lifetime	<15.10.8+ds1-2
M Resource Exhaustion	<15.10.8+ds1-2
M Incorrect Authorization	<15.10.8+ds1-2
M CVE-2022-1105	<15.10.8+ds1-2
L CVE-2022-1111	<15.10.8+ds1-2
M CVE-2022-1189	<15.10.8+ds1-2
M Server-Side Request Forgery (SSRF)	<15.10.8+ds1-2
M Out-of-bounds Write	<15.10.8+ds1-2
M Cross-site Scripting (XSS)	<15.10.8+ds1-2
M Cross-site Scripting (XSS)	<15.10.8+ds1-2
M Allocation of Resources Without Limits or Throttling	<15.10.8+ds1-2
H Improper Validation of Specified Quantity in Input	<15.10.8+ds1-2
M Reliance on Cookies without Validation and Integrity Checking	<15.10.8+ds1-2
M Information Exposure	<15.10.8+ds1-2
M CVE-2022-0344	<15.10.8+ds1-2
M Open Redirect	<15.10.8+ds1-2
M Resource Exhaustion	<15.10.8+ds1-2
M CVE-2022-0371	<15.10.8+ds1-2
H CVE-2022-0751	<15.10.8+ds1-2
M CVE-2021-4191	<15.10.8+ds1-2
H Improper Encoding or Escaping of Output	<15.10.8+ds1-2
C CVE-2022-0735	<15.10.8+ds1-2
M Resource Exhaustion	<15.10.8+ds1-2
M CVE-2022-0549	<15.10.8+ds1-2
M Incorrect Authorization	<15.10.8+ds1-2
M CVE-2021-39892	<15.10.8+ds1-2
H Files or Directories Accessible to External Parties	<15.10.8+ds1-2
M Improper Encoding or Escaping of Output	<15.10.8+ds1-2
M CVE-2022-0093	<15.10.8+ds1-2
M Cross-site Scripting (XSS)	<15.10.8+ds1-2
M Improper Privilege Management	<15.10.8+ds1-2
M Resource Exhaustion	<15.10.8+ds1-2
H Cross-site Request Forgery (CSRF)	<15.10.8+ds1-2
M Server-Side Request Forgery (SSRF)	<15.10.8+ds1-2
M Missing Authorization	<15.10.8+ds1-2
M CVE-2022-0151	<15.10.8+ds1-2
M Missing Authorization	<15.10.8+ds1-2
M CVE-2022-0172	<15.10.8+ds1-2
C Improper Authentication	<15.10.8+ds1-2
H Inadequate Encryption Strength	<15.10.8+ds1-2
M Inefficient Regular Expression Complexity	<15.10.8+ds1-2
M Cross-site Scripting (XSS)	<15.10.8+ds1-2
M Improper Input Validation	<15.10.8+ds1-2
M Insufficient Comparison	<15.10.8+ds1-2
M Authorization Bypass Through User-Controlled Key	<15.10.8+ds1-2
M CVE-2021-39931	<15.10.8+ds1-2
M Incorrect Authorization	<15.10.8+ds1-2
H Server-Side Request Forgery (SSRF)	<15.10.8+ds1-2
M Information Exposure	<15.10.8+ds1-2
M Authorization Bypass Through User-Controlled Key	<15.10.8+ds1-2
H Improper Privilege Management	<15.10.8+ds1-2
L Incorrect Authorization	<15.10.8+ds1-2
M Inefficient Regular Expression Complexity	<15.10.8+ds1-2
M Resource Exhaustion	<15.10.8+ds1-2
M Incorrect Authorization	<15.10.8+ds1-2
M Weak Password Recovery Mechanism for Forgotten Password	<15.10.8+ds1-2
H Improper Privilege Management	<15.10.8+ds1-2
M Exposure of Resource to Wrong Sphere	<15.10.8+ds1-2
M Incorrect Authorization	<15.10.8+ds1-2
M Cross-site Scripting (XSS)	<15.10.8+ds1-2
M Cross-site Scripting (XSS)	<15.10.8+ds1-2
M CVE-2021-39905	<15.10.8+ds1-2
M CVE-2021-39895	<15.10.8+ds1-2
M Allocation of Resources Without Limits or Throttling	<15.10.8+ds1-2
M Improper Privilege Management	<15.10.8+ds1-2
M Exposure of Resource to Wrong Sphere	<15.10.8+ds1-2
M Improper Preservation of Permissions	<15.10.8+ds1-2
M Incorrect Authorization	<15.10.8+ds1-2
M Allocation of Resources Without Limits or Throttling	<15.10.8+ds1-2
M Incorrect Authorization	<15.10.8+ds1-2
M Allocation of Resources Without Limits or Throttling	<15.10.8+ds1-2
M Incorrect Authorization	<15.10.8+ds1-2
L CVE-2021-39901	<15.10.8+ds1-2
M Incorrect Authorization	<15.10.8+ds1-2
M Cross-site Scripting (XSS)	<15.10.8+ds1-2
M Incorrect Authorization	<15.10.8+ds1-2
M Improper Privilege Management	<15.10.8+ds1-2
M CVE-2021-22264	<15.10.8+ds1-2
M CVE-2021-22258	<15.10.8+ds1-2
M CVE-2021-22257	<15.10.8+ds1-2
M Cross-site Scripting (XSS)	<15.10.8+ds1-2
M CVE-2021-39880	<15.10.8+ds1-2
M CVE-2021-39870	<15.10.8+ds1-2
H Server-Side Request Forgery (SSRF)	<15.10.8+ds1-2
M Exposure of Resource to Wrong Sphere	<15.10.8+ds1-2
M Incorrect Default Permissions	<15.10.8+ds1-2
M Server-Side Request Forgery (SSRF)	<15.10.8+ds1-2
M Information Exposure	<15.10.8+ds1-2
H Missing Authorization	<15.10.8+ds1-2
L CVE-2021-39881	<15.10.8+ds1-2
M Cross-site Scripting (XSS)	<15.10.8+ds1-2
M Cleartext Transmission of Sensitive Information	<15.10.8+ds1-2
M Information Exposure	<15.10.8+ds1-2
M Improper Authentication	<15.10.8+ds1-2
M Incorrect Authorization	<15.10.8+ds1-2
M Weak Password Recovery Mechanism for Forgotten Password	<15.10.8+ds1-2
L Exposure of Resource to Wrong Sphere	<15.10.8+ds1-2
M Resource Exhaustion	<15.10.8+ds1-2
M CVE-2021-39874	<15.10.8+ds1-2
M Incorrect Permission Assignment for Critical Resource	<15.10.8+ds1-2
L CVE-2021-39896	<15.10.8+ds1-2
L Missing Authentication for Critical Function	<15.10.8+ds1-2
M CVE-2021-39871	<15.10.8+ds1-2
M CVE-2021-39873	<15.10.8+ds1-2
M Cross-site Scripting (XSS)	<15.10.8+ds1-2
L Improper Input Validation	<15.10.8+ds1-2
M Incorrect Authorization	<15.10.8+ds1-2
M Incorrect Authorization	<15.10.8+ds1-2
M Incorrect Authorization	<15.10.8+ds1-2
M Incorrect Authorization	<15.10.8+ds1-2
M Improper Encoding or Escaping of Output	<15.10.8+ds1-2
M Cross-site Scripting (XSS)	<15.10.8+ds1-2
M Allocation of Resources Without Limits or Throttling	<15.10.8+ds1-2
M Cross-site Scripting (XSS)	<15.10.8+ds1-2
M CVE-2021-22234	<15.10.8+ds1-2
M Session Fixation	<15.10.8+ds1-2
H Incorrect Authorization	<15.10.8+ds1-2
M Incorrect Authorization	<15.10.8+ds1-2
M Cross-site Scripting (XSS)	<15.10.8+ds1-2
H CVE-2021-22230	<15.10.8+ds1-2
M CVE-2021-22231	<15.10.8+ds1-2
M Cross-site Scripting (XSS)	<15.10.8+ds1-2
M Cross-site Request Forgery (CSRF)	<15.10.8+ds1-2
M Improper Authentication	<15.10.8+ds1-2
H CVE-2021-22229	<15.10.8+ds1-2
M CVE-2021-22226	<15.10.8+ds1-2
M Cross-site Scripting (XSS)	<15.10.8+ds1-2
M Arbitrary Code Injection	<15.10.8+ds1-2
C Server-Side Request Forgery (SSRF)	<15.10.8+ds1-2
H Server-Side Request Forgery (SSRF)	<15.10.8+ds1-2
M Resource Exhaustion	<15.10.8+ds1-2
M Resource Exhaustion	<15.10.8+ds1-2
M Insufficient Session Expiration	<15.10.8+ds1-2
M Information Exposure	<15.10.8+ds1-2
M Cross-site Scripting (XSS)	<15.10.8+ds1-2
M Information Exposure Through Log Files	<15.10.8+ds1-2
L Improper Certificate Validation	<15.10.8+ds1-2
M Resource Exhaustion	<15.10.8+ds1-2
M Missing Authorization	<15.10.8+ds1-2
H Incorrect Authorization	<15.10.8+ds1-2
M Cleartext Storage of Sensitive Information	<15.10.8+ds1-2
M Allocation of Resources Without Limits or Throttling	<15.10.8+ds1-2
M Incorrect Authorization	<15.10.8+ds1-2
C Improper Input Validation	<15.10.8+ds1-2
M Cross-site Scripting (XSS)	<15.10.8+ds1-2
M Directory Traversal	<15.10.8+ds1-2
M Cross-site Scripting (XSS)	<15.10.8+ds1-2
M Cross-site Request Forgery (CSRF)	<15.10.8+ds1-2
M Resource Exhaustion	<15.10.8+ds1-2
C CVE-2021-22203	<15.10.8+ds1-2
M CVE-2021-22201	<15.10.8+ds1-2
H CVE-2021-22200	<15.10.8+ds1-2
M Loop with Unreachable Exit Condition ('Infinite Loop')	<15.10.8+ds1-2
M CVE-2021-22198	<15.10.8+ds1-2
M Information Exposure	<15.10.8+ds1-2
M Cleartext Storage of Sensitive Information	<15.10.8+ds1-2
M Incorrect Authorization	<15.10.8+ds1-2
M Incorrect Authorization	<15.10.8+ds1-2
M Server-Side Request Forgery (SSRF)	<15.10.8+ds1-2
L Information Exposure	<15.10.8+ds1-2
M Server-Side Request Forgery (SSRF)	<15.10.8+ds1-2
H CVE-2021-22192	<15.10.8+ds1-2
M Resource Exhaustion	<13.2.3-2
H Improper Certificate Validation	<15.10.8+ds1-2
M CVE-2021-22188	<15.10.8+ds1-2
M Incorrect Authorization	<15.10.8+ds1-2
M Cross-site Scripting (XSS)	<15.10.8+ds1-2
M Incorrect Authorization	<15.10.8+ds1-2
M Improper Authentication	<15.10.8+ds1-2
M Resource Exhaustion	<15.10.8+ds1-2
H CVE-2021-22167	<15.10.8+ds1-2
M CVE-2020-26414	<15.10.8+ds1-2
M Information Exposure	<13.4.7-1
M Information Exposure	<13.4.7-1
M Information Exposure	<13.4.7-1
M Authorization Bypass Through User-Controlled Key	<13.4.7-1
M Information Exposure	<13.4.7-1
M Cross-site Scripting (XSS)	<13.4.7-1
M Improper Resource Shutdown or Release	<13.4.7-1
M Improper Input Validation	<13.4.7-1
H Directory Traversal	<13.3.9-1
H Directory Traversal	<13.3.9-1
M Resource Exhaustion	<13.3.9-1
M Cross-site Request Forgery (CSRF)	<13.3.9-1
H Information Exposure	<13.3.9-1
M Incorrect Authorization	<13.3.9-1
H CVE-2020-13356	<13.3.9-1
M CVE-2020-13352	<13.3.9-1
M Incorrect Default Permissions	<13.3.9-1
M Incorrect Permission Assignment for Critical Resource	<13.2.10-1
M Information Exposure	<13.2.10-1
H Cross-site Scripting (XSS)	<13.3.9-1
M Cross-site Scripting (XSS)	<13.2.10-1
M Information Exposure	<13.2.10-1
H Exposure of Resource to Wrong Sphere	<13.2.10-1
L Resource Exhaustion	<13.2.10-1
M Cross-site Scripting (XSS)	<13.2.10-1
M Cross-site Scripting (XSS)	<13.2.3-2
M Cross-site Scripting (XSS)	<13.2.3-2
M CVE-2020-13326	<13.2.3-2
H CVE-2020-13325	<13.2.3-2
M Improper Authentication	<13.2.10-1
M Resource Exhaustion	<13.2.10-1
M Cross-site Scripting (XSS)	<13.2.3-2
M Cross-site Scripting (XSS)	<13.2.3-2
H Incorrect Authorization	<13.2.10-1
M Cross-site Scripting (XSS)	<13.2.3-2
M Incorrect Authorization	<13.2.3-2
H Incorrect Authorization	<13.2.3-2
M CVE-2020-13324	<13.2.3-2
H Incorrect Authorization	<13.2.3-2
M Missing Authorization	<13.2.3-2
H CVE-2020-13321	<13.2.3-2
H Missing Authorization	<13.2.6-1
C Insufficiently Protected Credentials	<13.2.8-1
M Incorrect Authorization	<13.2.8-1
M Improper Input Validation	<13.2.8-1
H Incorrect Authorization	<13.2.8-1
H CVE-2020-13315	<13.2.8-1
M Missing Authorization	<13.2.8-1
M CVE-2020-13314	<13.2.8-1
M Arbitrary Code Injection	<13.2.8-1
H Insufficient Session Expiration	<13.2.8-1
H Allocation of Resources Without Limits or Throttling	<13.2.8-1
M Cross-site Scripting (XSS)	<13.2.8-1
M Insufficient Session Expiration	<13.2.8-1
L Improper Preservation of Permissions	<13.2.8-1
M CVE-2020-13310	<13.2.8-1
H Improper Authentication	<13.2.8-1
M Insufficient Session Expiration	<13.2.8-1
H Server-Side Request Forgery (SSRF)	<13.2.8-1
M Incorrect Authorization	<13.2.8-1
C Incorrect Authorization	<13.2.8-1
M Improper Input Validation	<13.2.8-1
M Missing Authentication for Critical Function	<13.2.8-1
M Improper Authentication	<13.2.8-1
H Insufficient Session Expiration	<13.2.8-1
M Incorrect Authorization	<13.2.8-1
M CVE-2020-13287	<13.2.8-1
H Incorrect Type Conversion or Cast	<13.2.3-2
M Resource Exhaustion	<13.2.3-2
C Improper Authentication	<13.2.3-2
M Improper Input Validation	<13.2.3-2
M CVE-2020-13294	<13.2.3-2
M Cross-site Scripting (XSS)	<13.2.3-2
L Improper Preservation of Permissions	<13.2.3-2
H CVE-2020-13290	<13.2.3-2
H Resource Exhaustion	<13.2.3-2
M Information Exposure	<13.2.3-2
M Incorrect Authorization	<13.2.3-2
M Incorrect Authorization	<13.2.3-2
H Incorrect Default Permissions	<13.2.3-2
M Cross-site Scripting (XSS)	<13.2.3-2
M Incorrect Default Permissions	<13.2.3-2
M Improper Privilege Management	<13.2.3-2
M Cross-site Scripting (XSS)	<13.2.3-2
M Missing Authentication for Critical Function	<13.2.3-2
H Information Exposure	<13.2.3-2
M Directory Traversal	<13.2.3-2
M Information Exposure	<13.2.3-2
M Improper Input Validation	<13.2.3-2
M Information Exposure	<13.2.3-2
M Information Exposure	<13.2.3-2
H Information Exposure	<13.2.3-2
C Server-Side Request Forgery (SSRF)	<13.2.3-2
H Resource Exhaustion	<13.2.3-2
M Incorrect Authorization	<13.2.3-2
C Server-Side Request Forgery (SSRF)	<13.2.3-2
M Information Exposure	<13.2.3-2
M Directory Traversal	<12.6.8-3
H Information Exposure	<12.6.8-3
M Information Exposure	<12.6.8-3
M Missing Authentication for Critical Function	<12.6.8-3
H Uncontrolled Recursion	<12.6.8-3
C CVE-2020-10074	<12.6.8-3
M Cross-site Scripting (XSS)	<12.6.8-3
M Incorrect Authorization	<12.6.8-3
M Information Exposure	<12.6.8-3
C Improper Privilege Management	<12.6.8-3
M CVE-2019-15592	<12.6.8-3
H Improper Authentication	<12.6.8-3
M Cross-site Scripting (XSS)	<12.6.8-3
M Authorization Bypass Through User-Controlled Key	<12.6.8-3
M Information Exposure	<12.6.8-3
H Information Exposure	<12.6.8-3
M Information Exposure	<12.6.8-3
C Improper Authentication	<12.6.8-3
M Information Exposure	<12.6.8-3
M Information Exposure	<12.6.8-3
M Information Exposure	<12.6.8-3
M Resource Exhaustion	<12.6.8-3
M CVE-2019-20144	<12.6.8-3
M CVE-2019-20145	<12.6.8-3
M Incorrect Authorization	<12.6.8-3
H Improper Authentication	<12.6.8-3
M Resource Exhaustion	<12.6.8-3
H Improper Access Control	<12.6.8-3
H Arbitrary Command Injection	<12.6.8-3
M Information Exposure	<12.6.8-3
M Improper Access Control	<12.6.8-3
H Information Exposure	<12.6.8-3
M CVE-2019-19260	<12.6.8-3
M Information Exposure	<12.6.8-3
M Information Exposure	<12.6.8-3
M Allocation of Resources Without Limits or Throttling	<12.6.8-3
M Incorrect Permission Assignment for Critical Resource	<12.6.8-3
M Incorrect Permission Assignment for Critical Resource	<12.6.8-3
H Information Exposure	<12.6.8-3
M Improper Privilege Management	<12.6.8-3
M Incorrect Permission Assignment for Critical Resource	<12.6.8-3
M Incorrect Permission Assignment for Critical Resource	<12.6.8-3
H Improper Preservation of Permissions	<12.6.8-3
M Incorrect Permission Assignment for Critical Resource	<12.6.8-3
H Loop with Unreachable Exit Condition ('Infinite Loop')	<12.6.8-3
M Open Redirect	<12.6.8-3
M Information Exposure	<12.6.8-3
M Information Exposure	<12.6.8-3
M Incorrect Permission Assignment for Critical Resource	<12.6.8-3
M Incorrect Permission Assignment for Critical Resource	<12.6.8-3
M Incorrect Permission Assignment for Critical Resource	<12.6.8-3
M Cross-site Scripting (XSS)	<12.6.8-3
L Improper Preservation of Permissions	<12.6.8-3
H CVE-2019-16170	<12.6.8-3
H Information Exposure	<11.8.10+dfsg-1
M Information Exposure	<12.6.8-3
M Information Exposure	<12.6.8-3
H Allocation of Resources Without Limits or Throttling	<12.6.8-3
M CVE-2019-15737	<12.6.8-3
H Allocation of Resources Without Limits or Throttling	<12.6.8-3
M Information Exposure	<12.6.8-3
H Server-Side Request Forgery (SSRF)	<12.6.8-3
H Information Exposure	<12.6.8-3
M Information Exposure	<12.6.8-3
M Cross-site Scripting (XSS)	<12.6.8-3
M Information Exposure	<12.6.8-3
M Incorrect Permission Assignment for Critical Resource	<12.6.8-3
H Server-Side Request Forgery (SSRF)	<12.6.8-3
M Arbitrary Command Injection	<12.6.8-3
M Cleartext Transmission of Sensitive Information	<12.6.8-3
M Missing Authorization	<12.6.8-3
H Insufficient Session Expiration	<12.6.8-3
H Missing Authorization	<12.6.8-3
H Improper Privilege Management	<12.6.8-3
C Server-Side Request Forgery (SSRF)	<12.6.8-3
M Authorization Bypass Through User-Controlled Key	<12.6.8-3
L Improper Input Validation	<12.6.8-3
M Information Exposure	<12.6.8-3
M Authorization Bypass Through User-Controlled Key	<12.6.8-3
M Information Exposure	<12.6.8-3
M Resource Exhaustion	<12.6.8-3
H Resource Exhaustion	<12.6.8-3
H Server-Side Request Forgery (SSRF)	<12.6.8-3
M CVE-2019-13010	<12.6.8-3
M Resource Exhaustion	<12.6.8-3
M Information Exposure	<12.6.8-3
M Cross-site Scripting (XSS)	<12.6.8-3
M Improper Input Validation	<12.6.8-3
M Cross-site Scripting (XSS)	<12.6.8-3
C Server-Side Request Forgery (SSRF)	<12.6.8-3
H Information Exposure	<12.6.8-3
M CVE-2019-12431	<12.6.8-3
C CVE-2019-12428	<12.6.8-3
M Use of Insufficiently Random Values	<12.6.8-3
M Cross-site Scripting (XSS)	<12.6.8-3
H Incorrect Permission Assignment for Critical Resource	<12.6.8-3
C CVE-2019-9732	<11.8.2-2
M CVE-2019-7549	<11.5.10+dfsg-1
C CVE-2019-9218	<11.8.2-2
C CVE-2019-5883	<11.3.11+dfsg-1
M Cross-site Scripting (XSS)	<11.8.9+dfsg-1
M Information Exposure Through Log Files	<11.8.9+dfsg-1
M CVE-2019-11544	<11.8.9+dfsg-1
M Cross-site Scripting (XSS)	<11.8.9+dfsg-1
M Race Condition	<11.8.9+dfsg-1
C CVE-2019-9890	<11.8.2-2
C Authorization Bypass Through User-Controlled Key	<11.8.2-2
M Incorrect Permission Assignment for Critical Resource	<11.8.6+dfsg-1
H Resource Exhaustion	<11.8.6+dfsg-1
M Cross-site Scripting (XSS)	<11.8.6+dfsg-1
M Information Exposure	<11.8.6+dfsg-1
M Incorrect Permission Assignment for Critical Resource	<11.8.6+dfsg-1
H Arbitrary Command Injection	<11.8.6+dfsg-1
M Incorrect Permission Assignment for Critical Resource	<11.8.6+dfsg-1
H Directory Traversal	<11.5.4+dfsg-1
M Information Exposure	<11.8.3-1
C CVE-2019-9217	<11.8.2-2
L Information Exposure	<11.8.2-2
M Information Exposure	<11.8.2-2
L Authorization Bypass Through User-Controlled Key	<11.8.2-2
M Authorization Bypass Through User-Controlled Key	<11.8.2-2
C Server-Side Request Forgery (SSRF)	<11.8.2-2
H Resource Exhaustion	<11.8.2-2
M Improper Input Validation	<11.8.2-2
M Information Exposure	<11.8.2-2
H Directory Traversal	<11.8.2-2
H Information Exposure	<11.8.2-2
M Cross-site Request Forgery (CSRF)	<11.8.2-2
L Information Exposure	<11.8.2-2
C CVE-2019-9485	<11.8.2-2
M Information Exposure	<11.8.2-2
M Information Exposure	<11.8.2-2
M Missing Authorization	<11.8.2-2
H CVE-2019-6788	<11.5.10+dfsg-1
M Improper Privilege Management	<11.5.10+dfsg-1
M Improper Privilege Management	<11.5.10+dfsg-1
M Cross-site Scripting (XSS)	<11.5.10+dfsg-1
M Improper Preservation of Permissions	<11.5.10+dfsg-1
M Missing Authorization	<11.5.10+dfsg-1
M Cross-site Scripting (XSS)	<11.5.10+dfsg-1
M Improper Privilege Management	<11.5.10+dfsg-1
M CVE-2019-6786	<11.5.10+dfsg-1
M Information Exposure	<11.5.10+dfsg-1
H Open Redirect	<11.5.10+dfsg-1
H CVE-2019-6782	<11.5.10+dfsg-1
M Improper Preservation of Permissions	<11.5.10+dfsg-1
C CVE-2019-6960	<11.5.10+dfsg-1
M CVE-2019-6787	<11.5.10+dfsg-1
H Directory Traversal	<11.5.10+dfsg-1
M CVE-2019-6785	<11.5.10+dfsg-1
M Improper Privilege Management	<11.5.10+dfsg-1
L CVE-2019-7176	<11.5.10+dfsg-1
M CVE-2019-6795	<11.5.10+dfsg-1
H Directory Traversal	<11.5.7+dfsg-1
M Cross-site Scripting (XSS)	<11.5.6+dfsg-1
H Incorrect Permission Assignment for Critical Resource	<11.5.6+dfsg-1
H Incorrect Authorization	<11.5.6+dfsg-1
M Incorrect Authorization	<11.5.6+dfsg-1
M Incorrect Authorization	<11.5.6+dfsg-1
M Incorrect Authorization	<11.5.6+dfsg-1
M Missing Authentication for Critical Function	<11.5.6+dfsg-1
M Cross-site Scripting (XSS)	<11.5.6+dfsg-1
M Information Exposure	<11.5.6+dfsg-1
M Improper Authentication	<11.5.6+dfsg-1
M Server-Side Request Forgery (SSRF)	<11.5.6+dfsg-1
M Missing Authorization	<11.5.6+dfsg-1
M Cross-site Scripting (XSS)	<11.5.6+dfsg-1
M Information Exposure	<11.5.6+dfsg-1
H Server-Side Request Forgery (SSRF)	<11.5.6+dfsg-1
H Directory Traversal	<11.5.5+dfsg-1
H Directory Traversal	<11.5.4+dfsg-1
M Information Exposure	<11.1.8+dfsg-2
M Information Exposure	<11.1.8+dfsg-2
H Information Exposure	<11.1.8+dfsg-2
M Race Condition	<11.3.11+dfsg-1
H CRLF Injection	<11.3.11+dfsg-1
M Cross-site Scripting (XSS)	<11.3.11+dfsg-1
M Cross-site Scripting (XSS)	<11.3.11+dfsg-1
M Improper Access Control	<11.3.11+dfsg-1
M Improper Input Validation	<11.3.11+dfsg-1
M Improper Access Control	<11.3.11+dfsg-1
M Cross-site Scripting (XSS)	<11.3.11+dfsg-1
H Improper Access Control	<11.3.11+dfsg-1
M Authorization Bypass Through User-Controlled Key	<11.3.11+dfsg-1
M Cross-site Scripting (XSS)	<11.3.11+dfsg-1
M Server-Side Request Forgery (SSRF)	<11.3.11+dfsg-1
H Improper Authorization	<11.3.11+dfsg-1
H Server-Side Request Forgery (SSRF)	<11.3.11+dfsg-1
M Improper Access Control	<11.3.11+dfsg-1
M Information Exposure Through Log Files	<11.3.11+dfsg-1
H CVE-2018-19359	<11.3.10+dfsg-2
C Cleartext Storage of Sensitive Information	<11.2.8+dfsg-2
H Server-Side Request Forgery (SSRF)	<11.2.8+dfsg-2
M Information Exposure	<11.2.8+dfsg-2
M Information Exposure	<11.2.8+dfsg-2
M Cross-site Scripting (XSS)	<11.1.8+dfsg-2
H Cross-site Request Forgery (CSRF)	<11.1.8+dfsg-2
M CVE-2018-17453	<11.1.8+dfsg-2
M Cross-site Scripting (XSS)	<11.1.8+dfsg-2
M Cross-site Scripting (XSS)	<11.1.8+dfsg-2
H Authorization Bypass Through User-Controlled Key	<11.1.8+dfsg-2
C Server-Side Request Forgery (SSRF)	<11.1.8+dfsg-2
M Server-Side Request Forgery (SSRF)	<11.1.8+dfsg-2
H Authorization Bypass Through User-Controlled Key	<11.1.8+dfsg-2
H CVE-2018-15472	<11.1.8+dfsg-2
M Information Exposure	<11.1.8+dfsg-2
M Cross-site Scripting (XSS)	<11.1.8+dfsg-2
C Information Exposure Through Log Files	<11.1.8+dfsg-2
H Cross-site Request Forgery (CSRF)	<10.8.7+dfsg-1
M Cross-site Scripting (XSS)	<10.8.7+dfsg-1
H Information Exposure	<10.8.7+dfsg-1
M Cross-site Scripting (XSS)	<10.8.7+dfsg-1
M Cross-site Scripting (XSS)	<10.8.7+dfsg-1
C Directory Traversal	<10.7.7+dfsg-2
M Cross-site Scripting (XSS)	<10.7.7+dfsg-2
M Cross-site Scripting (XSS)	<10.7.7+dfsg-2
H Missing Authentication for Critical Function	<10.5.5+dfsg-1
H Weak Password Recovery Mechanism for Forgotten Password	<10.7.7+dfsg-2
M Cross-site Scripting (XSS)	<10.7.7+dfsg-2
H Arbitrary Code Injection	<11.8.6+dfsg-1
M Cross-site Scripting (XSS)	<10.6.5+dfsg-1
M Server-Side Request Forgery (SSRF)	<10.5.6+dfsg-1
M Cross-site Scripting (XSS)	<10.6.3+dfsg-1
M Cross-site Scripting (XSS)	<10.6.3+dfsg-1
C Improper Input Validation	<10.5.6+dfsg-1
M Incorrect Authorization	<10.5.5+dfsg-1
M Cross-site Scripting (XSS)	<10.5.5+dfsg-1
H Incorrect Authorization	<10.5.5+dfsg-1
M Cross-site Scripting (XSS)	<10.5.5+dfsg-1
C Improper Input Validation	<10.5.5+dfsg-1
H Incorrect Authorization	<10.5.5+dfsg-1
M Cross-site Scripting (XSS)	<10.5.5+dfsg-1
H Directory Traversal	<10.5.5+dfsg-1
C Improper Input Validation	<10.5.5+dfsg-1
H Directory Traversal	<10.5.5+dfsg-1
H SQL Injection	<10.5.5+dfsg-1
H Cleartext Transmission of Sensitive Information	<10.5.5+dfsg-1
M Incorrect Authorization	<10.5.5+dfsg-1
L Improper Input Validation	<9.5.4+dfsg-7
H Access Restriction Bypass	<8.13.6+dfsg2-2
M Information Exposure	<8.13.11+dfsg-7
H Access Restriction Bypass	<8.8.2+dfsg-1
M Information Exposure	<8.13.3+dfsg1-2