VulnerableCode Package Details - pkg:deb/debian/gitlab@11.8.6%2Bdfsg-1?distro=sid

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2m26-5f7y-s3fe	An Insecure Permissions issue (issue 2 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The GitLab Releases feature could allow guest users access to private information like release details and code information.	CVE-2019-10115
VCID-4v6j-cn1c-s7dd	An Information Exposure issue (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. EXIF geolocation data were not removed from images when uploaded to GitLab. As a result, anyone with access to the uploaded image could obtain its geolocation, device, and software version data (if present).	CVE-2019-10109
VCID-53ve-2zag-8yhr	An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Making concurrent GET /api/v4/projects/<id>/languages requests may allow Uncontrolled Resource Consumption.	CVE-2019-10113
VCID-6ar9-uaqa-xyfq	An Insecure Permissions issue (issue 3 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Guests of a project were allowed to see Related Branches created for an issue.	CVE-2019-10116
VCID-6tvy-72tc-jbdr	An Insecure Permissions issue (issue 1 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The "move issue" feature may allow a user to create projects under any namespace on any GitLab instance on which they hold credentials.	CVE-2019-10110
VCID-c5wm-ghe3-aqab	An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allows persistent XSS in the merge request "resolve conflicts" page.	CVE-2019-10111
VCID-gsxs-21aw-cygp	An issue was discovered in GitLab Community and Enterprise Edition before 11.7.10, 11.8.x before 11.8.6, and 11.9.x before 11.9.4. A regex input validation issue for the .gitlab-ci.yml refs value allows Uncontrolled Resource Consumption.	CVE-2019-10640
VCID-mfwc-dm4n-vbey	Code injection The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker.	CVE-2018-5158 GHSA-7jg2-jgv3-fmr4

Vulnerability

Summary

Aliases

VCID-2m26-5f7y-s3fe

An Insecure Permissions issue (issue 2 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The GitLab Releases feature could allow guest users access to private information like release details and code information.

CVE-2019-10115

VCID-4v6j-cn1c-s7dd

An Information Exposure issue (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. EXIF geolocation data were not removed from images when uploaded to GitLab. As a result, anyone with access to the uploaded image could obtain its geolocation, device, and software version data (if present).

CVE-2019-10109

VCID-53ve-2zag-8yhr

An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Making concurrent GET /api/v4/projects/<id>/languages requests may allow Uncontrolled Resource Consumption.

CVE-2019-10113

VCID-6ar9-uaqa-xyfq

An Insecure Permissions issue (issue 3 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Guests of a project were allowed to see Related Branches created for an issue.

CVE-2019-10116

VCID-6tvy-72tc-jbdr

An Insecure Permissions issue (issue 1 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The "move issue" feature may allow a user to create projects under any namespace on any GitLab instance on which they hold credentials.

CVE-2019-10110

VCID-c5wm-ghe3-aqab

An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allows persistent XSS in the merge request "resolve conflicts" page.

CVE-2019-10111

VCID-gsxs-21aw-cygp

An issue was discovered in GitLab Community and Enterprise Edition before 11.7.10, 11.8.x before 11.8.6, and 11.9.x before 11.9.4. A regex input validation issue for the .gitlab-ci.yml refs value allows Uncontrolled Resource Consumption.

CVE-2019-10640

VCID-mfwc-dm4n-vbey

Code injection The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker.

CVE-2018-5158
GHSA-7jg2-jgv3-fmr4

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:14:33.073955+00:00	Debian Importer	Fixing	VCID-c5wm-ghe3-aqab	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T13:03:24.708196+00:00	Debian Importer	Fixing	VCID-4v6j-cn1c-s7dd	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:34:13.805220+00:00	Debian Importer	Fixing	VCID-mfwc-dm4n-vbey	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:17:51.862739+00:00	Debian Importer	Fixing	VCID-6ar9-uaqa-xyfq	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:03:15.367892+00:00	Debian Importer	Fixing	VCID-2m26-5f7y-s3fe	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:09:08.733551+00:00	Debian Importer	Fixing	VCID-gsxs-21aw-cygp	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:48:24.912163+00:00	Debian Importer	Fixing	VCID-53ve-2zag-8yhr	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:27:16.731758+00:00	Debian Importer	Fixing	VCID-6tvy-72tc-jbdr	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T09:07:05.422741+00:00	Debian Importer	Fixing	VCID-c5wm-ghe3-aqab	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:58:34.697572+00:00	Debian Importer	Fixing	VCID-4v6j-cn1c-s7dd	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:36:33.324130+00:00	Debian Importer	Fixing	VCID-mfwc-dm4n-vbey	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:24:37.862252+00:00	Debian Importer	Fixing	VCID-6ar9-uaqa-xyfq	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:14:09.464248+00:00	Debian Importer	Fixing	VCID-2m26-5f7y-s3fe	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:34:40.037064+00:00	Debian Importer	Fixing	VCID-gsxs-21aw-cygp	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:18:50.358744+00:00	Debian Importer	Fixing	VCID-53ve-2zag-8yhr	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:18:26.303945+00:00	Debian Importer	Fixing	VCID-6tvy-72tc-jbdr	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:24:49.473250+00:00	Debian Importer	Fixing	VCID-gsxs-21aw-cygp	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:24:49.428349+00:00	Debian Importer	Fixing	VCID-6ar9-uaqa-xyfq	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:24:49.404539+00:00	Debian Importer	Fixing	VCID-2m26-5f7y-s3fe	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:24:49.360352+00:00	Debian Importer	Fixing	VCID-53ve-2zag-8yhr	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:24:49.316709+00:00	Debian Importer	Fixing	VCID-c5wm-ghe3-aqab	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:24:49.293159+00:00	Debian Importer	Fixing	VCID-6tvy-72tc-jbdr	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:24:49.269767+00:00	Debian Importer	Fixing	VCID-4v6j-cn1c-s7dd	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:24:49.123991+00:00	Debian Importer	Fixing	VCID-mfwc-dm4n-vbey	https://security-tracker.debian.org/tracker/data/json	38.1.0