GitLab Gitaly
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in GitLab Gitaly.
By the Year
In 2026 there have been 1 vulnerability in GitLab Gitaly with an average score of 4.6 out of ten. Gitaly did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2026 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 4.60 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 3.20 |
It may take a day or so for new Gitaly vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent GitLab Gitaly Security Vulnerabilities
GitLab CE/EE <18.8.4: Authenticated Devs Hide File Changes via WebUI
CVE-2026-1094
4.6 - Medium
- February 11, 2026
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI.
Improper Validation of Unsafe Equivalence in Input
When importing repos
CVE-2020-13353
3.2 - Low
- November 17, 2020
When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above.
Insufficient Session Expiration
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for GitLab Gitaly or by GitLab? Click the Watch button to subscribe.
