Gitlab runner
This hub aggregates every CVE we track for Gitlab runner, a product in the devtools ci space. Use it to gauge the current risk picture and drill into individual advisories.
6
CVEs tracked
1
Critical
0
High
0
In CISA KEV
Severity distribution
MEDIUM5CRITICAL1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 6 most recently published vulnerabilities affecting Gitlab runner.
- CVE-2022-2251Improper sanitization of branch names in GitLab Runner affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user who creates a branch with a specially cra...4.8
- CVE-2021-39947In specific circumstances, trace file buffers in GitLab Runner versions up to 14.3.4, 14.4 to 14.4.2, and 14.5 to 14.5.2 would re-use the file descriptor 0 for multiple traces and mix the output of...5.3
- CVE-2021-39939An uncontrolled resource consumption vulnerability in GitLab Runner affecting all versions starting from 13.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting fro...6.5
- CVE-2020-13327An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13...6.0
- CVE-2020-13347A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows...9.1
- CVE-2020-13295For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd with a malicious server, the Shared Runner is susceptible to SSRF.5.4
Product normalization is registry-driven with AI assist and human review. How it works