- Explore the database
- Open Source Edition
- Contributing to the vulnerability database
The GitLab Advisory Database serves as a repository for security advisories related to software dependencies.
A free and open-source version of the GitLab Advisory Database is also available as GitLab Advisory Database (Open Source Edition). However, there is a 30-day delay in updates.
In our advisories, we adopt standardized practices to effectively communicate vulnerabilities and their impact.
To view the database content, go to the GitLab Advisory Database home page. On the home page you can:
- Search the database, by identifier, package name, and description.
- View advisories that were added recently.
- View statistical information, including coverage and update frequency.
Each advisory has a page with the following details:
Identifiers: Public identifiers. For example, CVE ID, GHSA ID, or the GitLab internal ID (
- Package Slug: Package type and package name separated by a slash.
- Vulnerability: A short description of the security flaw.
- Description: A detailed description of the security flaw and potential risks.
- Affected Versions: The affected versions.
- Solution: How to remediate the vulnerability.
- Last Modified: The date when the advisory was last modified.
The home page also offers a statistic section that provides valuable insights into advisory distribution, the origins of vulnerabilities, dependency scanning coverage, and timelines for vulnerability resolution.
GitLab provides a free and open-source version of the database, the GitLab Advisory Database (Open Source Edition).
The open-source version is a time-delayed clone of the GitLab Advisory Database, MIT-licensed and contains all advisories from the GitLab Advisory Database that are older than 30 days or with the
As an example, we highlight the use of the database as a source for an Advisory Ingestion process as part of Continuous Vulnerability Scans.
The Vulnerability Research team is responsible for the maintenance and regular updates of the GitLab Advisory Database and the GitLab Advisory Database (Open Source Edition).
Community contributions are accessible in advisories-community via the
If you know about a vulnerability that is not listed, you can contribute to the GitLab Advisory Database by either opening an issue or submit the vulnerability.
For more information, see Contribution Guidelines.
The GitLab Advisory Database is freely accessible in accordance with the GitLab Advisory Database Terms.