CVE Daily
← All tags

Tag: GitLab

All CVEs associated with "GitLab". Page 2/13 • 1444 CVEs.

Subscribe CVEs: RSS for “GitLab”  ·  RSS (High+Critical only)

About “GitLab”

A curated feed of “GitLab”-related CVEs appears below. We currently track 1444 CVEs for this tag (all time). In the last 365 days, 232 were published. Average CVSS is 5.8 (all time; 5.9 over 365d), and 25% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-770 - Allocation of Resources Without Limits or Throttling, CWE-862 - Missing Authorization, CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').

In our taxonomy this topic maps to a MODERATE impact class. Developer and CI or CD tooling touches supply chains and secrets. Patch controllers and agents, enforce SSO or MFA, rotate tokens, isolate runners, and audit plugins. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2026-01-09
High

CVE-2025-9222

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2.2 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to achieve st…

CVSS: 8.7 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Low

CVE-2025-3950

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed a user to leak certain information by…

CVSS: 3.5 CWE: CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor View on NVD
Medium

CVE-2025-13781

GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to modify instance…

CVSS: 6.5 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-13772

GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to access and util…

CVSS: 7.1 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-13761

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an unauthenticated user to execute arbitrary code in the…

CVSS: 8.0 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-11246

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user with specific p…

CVSS: 5.4 CWE: CWE-1220 - Insufficient Granularity of Access Control View on NVD
Medium

CVE-2025-10569

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to create a deni…

CVSS: 6.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2026-01-05
High

CVE-2025-61916

Spinnaker is an open source, multi-cloud continuous delivery platform. Versions prior to 2025.1.6, 2025.2.3, and 2025.3.0 are vulnerable to server-side request forgery. The primary impact is allowing…

CVSS: 7.9 CWE: CWE-20 - Improper Input Validation View on NVD
2025-12-11
Low

CVE-2025-12734

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to, under certa…

CVSS: 3.5 CWE: CWE-116 - Improper Encoding or Escaping of Output View on NVD
High

CVE-2025-12029

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have, under certain circumstances, allowed an una…

CVSS: 8.0 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2025-8405

GitLab has remediated a security issue in GitLab CE/EE affecting all versions from 17.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to perf…

CVSS: 7.7 CWE: CWE-116 - Improper Encoding or Escaping of Output View on NVD
Medium

CVE-2025-4097

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to cause a den…

CVSS: 6.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2025-11984

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to bypass WebAu…

CVSS: 6.8 CWE: CWE-288 - Authentication Bypass Using an Alternate Path or Channel View on NVD
Medium

CVE-2025-11247

GitLab has remediated an issue in GitLab EE affecting all versions from 13.2 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to disclose sensit…

CVSS: 4.3 CWE: CWE-639 - Authorization Bypass Through User-Controlled Key View on NVD
Medium

CVE-2025-14157

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 6.3 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to cause a Denia…

CVSS: 6.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2025-13978

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.5 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to discover the…

CVSS: 4.3 CWE: CWE-209 - Generation of Error Message Containing Sensitive Information View on NVD
High

CVE-2025-12716

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that, under certain conditions could have allowed an authenti…

CVSS: 8.7 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2025-12562

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an unauthenticated user to create a…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2025-12-05
Low

CVE-2025-66629

HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.4, some of HedgeDoc's OAuth2 endpoints for social login providers such as Google, GitHub, GitLab, Faceb…

CVSS: 3.7 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-9183

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 prior to 18.4.5, 18.5 prior to 18.5.3, and 18.6 prior to 18.6.1 that could have allowed an authenticated user to obtain…

CVSS: 7.7 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
2025-11-26
Medium

CVE-2025-7449

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user with specific pe…

CVSS: 6.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2025-6195

GitLab has remediated an issue in GitLab EE affecting all versions from 13.7 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user to view informatio…

CVSS: 4.3 CWE: CWE-425 - Direct Request ('Forced Browsing') View on NVD
Low

CVE-2025-13611

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.5.5 and 18.6 before 18.6.3 that could have allowed an authenticated user with access to certain logs to obtai…

CVSS: 2.0 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
Medium

CVE-2025-12653

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that under specific conditions could have allowed an unauthen…

CVSS: 6.5 CWE: CWE-290 - Authentication Bypass by Spoofing View on NVD
High

CVE-2025-12571

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an unauthenticated user to cause a D…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2025-11-21
Medium

CVE-2025-9825

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 to 18.2.8, 18.3 before 18.3.4, and 18.4 before 18.4.2 that could have allowed authenticated users without project membe…

CVSS: 5.0 CWE: CWE-862 - Missing Authorization View on NVD
2025-11-15
Low

CVE-2025-12983

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to cause a…

CVSS: 3.5 CWE: CWE-789 - Memory Allocation with Excessive Size Value View on NVD
Low

CVE-2025-7736

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to bypass a…

CVSS: 3.1 CWE: CWE-863 - Incorrect Authorization View on NVD
Medium

CVE-2025-7000

An issue has been discovered in GitLab CE/EE affecting all versions from 17.6 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that, under specific conditions, could have allowed unauthor…

CVSS: 4.3 CWE: CWE-201 - Insertion of Sensitive Information Into Sent Data View on NVD
Low

CVE-2025-6945

GitLab has remediated an issue in GitLab EE affecting all versions from 17.8 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to leak sensit…

CVSS: 3.5 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
Medium

CVE-2025-6171

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker with report…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-2615

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that could have allowed a blocked user to access sensitive…

CVSS: 4.3 CWE: CWE-201 - Insertion of Sensitive Information Into Sent Data View on NVD
Low

CVE-2025-11990

GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to gain CSRF tokens by exploiting impr…

CVSS: 3.1 CWE: CWE-177 - Improper Handling of URL Encoding (Hex Encoding) View on NVD
Medium

CVE-2025-11865

An issue has been discovered in GitLab EE affecting all versions from 18.1 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that, under certain circumstances, could have allowed an attacker…

CVSS: 4.3 CWE: CWE-863 - Incorrect Authorization View on NVD
2025-10-29
High

CVE-2025-11702

GitLab has remediated an issue in EE affecting all versions from 17.1 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker with specific permiss…

CVSS: 8.5 CWE: CWE-862 - Missing Authorization View on NVD
2025-10-27
Low

CVE-2025-6601

GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.3, and 18.5 before 18.5.1 that under certain conditions could have allowed authenticated users to gain unautho…

CVSS: 2.7 CWE: CWE-840 View on NVD
Low

CVE-2025-11989

GitLab has remediated an issue in GitLab EE affecting all versions from 17.6.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker to execute u…

CVSS: 3.7 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-11974

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.7 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to create…

CVSS: 6.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2025-11971

GitLab has remediated an issue in GitLab EE affecting all versions from 10.6 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker to trigger una…

CVSS: 6.5 CWE: CWE-863 - Incorrect Authorization View on NVD
High

CVE-2025-11447

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2025-10497

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2025-10-09
Medium

CVE-2025-10282

BBOT's gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL.

CVSS: 4.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2025-2934

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 5.2 prior to 18.2.8, 18.3 prior to 18.3.4, and 18.4 prior to 18.4.2 that could have allowed an authenticated attacker to cre…

CVSS: 4.3 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2025-11340

GitLab has remediated an issue in GitLab EE affecting all versions from 18.3 to 18.3.4, 18.4 to 18.4.2 that, under certain conditions, could have allowed authenticated users with read-only API tokens…

CVSS: 7.7 CWE: CWE-863 - Incorrect Authorization View on NVD
High

CVE-2025-10004

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.12 to 18.2.8, 18.3 to 18.3.4, and 18.4 to 18.4.2 that could make the GitLab instance unresponsive or severely degraded by…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2025-10-07
Medium

CVE-2023-53678

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix system suspend without fbdev being initialized If fbdev is not initialized for some reason - in practice on platfor…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2025-10-01
High

CVE-2021-4460

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix UBSAN shift-out-of-bounds warning If get_num_sdma_queues or get_num_xgmi_sdma_queues is 0, we end up doing a shif…

CVSS: 7.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
2025-09-27
High

CVE-2025-8014

Denial of Service issue in GraphQL endpoints in Gitlab EE/CE affecting all versions from 11.10 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 allows unauthenticated users to potentia…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2025-09-26
Low

CVE-2025-5069

An issue has been discovered in GitLab CE/EE affecting all versions from 17.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could have allowed an authenticated user to gain unauthor…

CVSS: 3.5 CWE: CWE-708 - Incorrect Ownership Assignment View on NVD
Medium

CVE-2025-11042

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.2 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1, that allows an attacker to cause uncontrolled CPU consumpt…

CVSS: 4.3 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Low

CVE-2025-10868

An issue has been discovered in GitLab CE/EE affecting all versions from 17.4 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 where certain string conversion methods exhibit performance deg…

CVSS: 3.5 CWE: CWE-840 View on NVD
High

CVE-2025-9958

An issue has been discovered in GitLab CE/EE affecting all versions from 14.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1, that could have allowed Guest users to access sensitive infor…

CVSS: 7.7 CWE: CWE-201 - Insertion of Sensitive Information Into Sent Data View on NVD
High

CVE-2025-9642

An issue has been discovered in GitLab CE/EE affecting all versions from 14.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could allow an attacker to inject malicious content that…

CVSS: 8.7 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-7691

A privilege escalation issue has been discovered in GitLab EE affecting all versions from 16.6 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 that could have allowed a developer with…

CVSS: 6.5 CWE: CWE-267 - Privilege Defined With Unsafe Actions View on NVD
Low

CVE-2025-10871

An issue has been discovered in GitLab EE affecting all versions from 16.6 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1. Project Maintainers can exploit a vulnerability where they can as…

CVSS: 3.8 CWE: CWE-862 - Missing Authorization View on NVD
Low

CVE-2025-10867

An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could have allowed an authenticated user to create a denia…

CVSS: 3.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2025-10858

An issue was discovered in GitLab CE/EE affecting all versions before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that allows unauthenticated users to cause a Denial of Service (DoS) condition…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2025-09-15
Medium

CVE-2023-53228

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: drop redundant sched job cleanup when cs is aborted Once command submission failed due to userptr invalidation in amd…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2025-09-12
Medium

CVE-2025-7337

An issue has been discovered in GitLab CE/EE affecting all versions from 7.8 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user with Developer-lev…

CVSS: 6.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2025-6769

An issue has been discovered in GitLab CE/EE affecting all versions from 15.1 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to view administrat…

CVSS: 4.3 CWE: CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere View on NVD
High

CVE-2025-6454

An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to make unintended…

CVSS: 8.5 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
High

CVE-2025-2256

An issue has been discovered in GitLab CE/EE affecting all versions from 7.12 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed unauthorized users to render the GitLab…

CVSS: 7.5 CWE: CWE-1284 - Improper Validation of Specified Quantity in Input View on NVD
Medium

CVE-2025-1250

An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user to stall backgrou…

CVSS: 6.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2025-10094

An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to disrupt access t…

CVSS: 6.5 CWE: CWE-1284 - Improper Validation of Specified Quantity in Input View on NVD
2025-08-29
Medium

CVE-2025-55750

Gitpod is a developer platform for cloud development environments. In versions before main-gha.33628 for both Gitpod Classic and Gitpod Classic Enterprise, OAuth integration with Bitbucket in certain…

CVSS: 6.5 CWE: CWE-201 - Insertion of Sensitive Information Into Sent Data View on NVD
2025-08-27
Medium

CVE-2025-5101

An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that under certain conditions could have allowed an authenticated attacke…

CVSS: 5.0 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Medium

CVE-2025-4225

An issue has been discovered in GitLab CE/EE affecting all versions from 14.1 before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that that under certain conditions could have allowed an unauth…

CVSS: 5.3 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2025-3601

An issue has been discovered in GitLab CE/EE affecting all versions from 8.15 before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have could have allowed an authenticated user to cau…

CVSS: 6.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2025-2246

An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have allowed unauthenticated users to access sensitive manual…

CVSS: 5.8 CWE: CWE-862 - Missing Authorization View on NVD
2025-08-13
Medium

CVE-2025-8770

An issue has been discovered in GitLab EE affecting all versions from 18.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that could have allowed authenticated users with specific ac…

CVSS: 6.5 CWE: CWE-639 - Authorization Bypass Through User-Controlled Key View on NVD
High

CVE-2025-7739

An issue has been discovered in GitLab CE/EE affecting all versions from 18.2 before 18.2.2 that, under certain conditions, could have allowed authenticated users to achieve stored cross-site scripti…

CVSS: 8.7 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2025-7734

An issue has been discovered in GitLab CE/EE affecting all versions from 14.2 before 18.0.6, 18.1 before 18.1.4 and 18.2 before 18.2.2 that, under certain conditions, could have allowed a successful…

CVSS: 8.7 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2025-6186

An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to achieve account takeover by injectin…

CVSS: 8.7 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-5819

An issue has been discovered in GitLab CE/EE affecting all versions from 15.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users with developer acce…

CVSS: 5.0 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
Medium

CVE-2025-2937

An issue has been discovered in GitLab CE/EE affecting all versions from 13.2 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to create a denial…

CVSS: 6.5 CWE: CWE-1333 - Inefficient Regular Expression Complexity View on NVD
Medium

CVE-2025-2614

An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an authenticated user to cause a denial…

CVSS: 6.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Low

CVE-2025-2498

An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that under certain conditions could have allowed users to view…

CVSS: 3.1 CWE: CWE-1220 - Insufficient Granularity of Access Control View on NVD
Medium

CVE-2025-1477

An issue has been discovered in GitLab CE/EE affecting all versions from 8.14 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an unauthenticated user to create a den…

CVSS: 6.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2024-12303

An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated…

CVSS: 6.7 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
Medium

CVE-2024-10219

An issue has been discovered in GitLab CE/EE affecting all versions from 15.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated…

CVSS: 6.5 CWE: CWE-863 - Incorrect Authorization View on NVD
2025-07-28
High

CVE-2025-8279

Insufficient input validation within GitLab Language Server 7.6.0 and later before 7.30.0 allows arbitrary GraphQL query execution

CVSS: 8.7 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
2025-07-24
Medium

CVE-2025-7001

An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed priviledged users to access certain res…

CVSS: 4.3 CWE: CWE-1220 - Insufficient Granularity of Access Control View on NVD
Medium

CVE-2025-4976

An issue has been discovered in GitLab EE affecting all versions from 17.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under certain circumstances, could have allowed an attacker…

CVSS: 4.3 CWE: CWE-213 - Exposure of Sensitive Information Due to Incompatible Policies View on NVD
Medium

CVE-2025-1299

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 18.0.5, all versions starting from 18.1 before 18.1.3, all versions starting from 18.2 before 18.2.1 that…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-0765

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed an unauthorized user to access custom s…

CVSS: 4.3 CWE: CWE-863 - Incorrect Authorization View on NVD
2025-07-23
High

CVE-2025-4700

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under specific circumstances, could have potentially all…

CVSS: 8.7 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2025-4439

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed an authenticated user to perform cross…

CVSS: 7.7 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2025-07-10
High

CVE-2025-6948

An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that, under certain conditions, could have allowed a successf…

CVSS: 8.7 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Low

CVE-2025-6168

An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated maintainers to bypass group-level user invitation…

CVSS: 2.7 CWE: CWE-863 - Incorrect Authorization View on NVD
Low

CVE-2025-4972

An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated users with invitation privileges to bypass group-…

CVSS: 2.7 CWE: CWE-863 - Incorrect Authorization View on NVD
Medium

CVE-2025-3396

An issue has been discovered in GitLab EE affecting all versions from 13.3 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that could have allowed authenticated project owners to bypass gr…

CVSS: 4.3 CWE: CWE-863 - Incorrect Authorization View on NVD
2025-06-26
Low

CVE-2025-5846

An issue has been discovered in GitLab EE affecting all versions from 16.10 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to assign unrelated…

CVSS: 2.7 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-5315

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users with Guest role pe…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-3279

An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated attackers to create a Do…

CVSS: 6.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Low

CVE-2025-2938

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to gain elevated p…

CVSS: 3.1 CWE: CWE-840 View on NVD
Medium

CVE-2025-1754

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed unauthenticated attackers to upload ar…

CVSS: 5.3 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
2025-06-20
Low

CVE-2023-5600

An issue has been discovered in GitLab EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. Arbitr…

CVSS: 3.1 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2024-4994

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1.0 before 16.11.5, all versions starting from 17.0 before 17.0.3, all versions starting from 17.1.0 before 17.1.1 which al…

CVSS: 8.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2024-4025

A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions from 7.10 prior before 16.11.5, version 17.0 before 17.0.3, and 17.1 before 17.1.1. It is possible for a…

CVSS: 6.5 CWE: CWE-1333 - Inefficient Regular Expression Complexity View on NVD
High

CVE-2025-5121

An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have allowed compliance frameworks to be applie…

CVSS: 8.5 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-2443

An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.…

CVSS: 8.7 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-7586

An issue was discovered in GitLab EE affecting all versions starting from 17.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, where webhook deletion audi…

CVSS: 4.1 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
2025-06-18
High

CVE-2022-50084

In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raid_status There is this warning when using a kernel with the address sanitizer and ru…

CVSS: 7.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
2025-06-12
Low

CVE-2025-5982

An issue has been discovered in GitLab EE affecting all versions from 12.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Under certain conditions users could bypass IP access restrict…

CVSS: 3.7 CWE: CWE-1220 - Insufficient Granularity of Access Control View on NVD
Medium

CVE-2024-9512

An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in c…

CVSS: 5.3 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
Medium

CVE-2025-5195

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. It was possible for authenticated users to access arbitrary…

CVSS: 4.3 CWE: CWE-639 - Authorization Bypass Through User-Controlled Key View on NVD
High

CVE-2025-0673

An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2, allow an attacker to trigger an infinite redirect loop, pot…

CVSS: 7.5 CWE: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop') View on NVD
Medium

CVE-2025-5996

An issue has been discovered in GitLab CE/EE affecting all versions from 2.1.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. A lack of input validation in HTTP responses could allow a…

CVSS: 6.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2025-4278

An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html injection in new search page could lead to account takeover.

CVSS: 8.7 CWE: CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) View on NVD
High

CVE-2025-2254

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper output encoding in the snipper viewer functionalit…

CVSS: 8.7 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2025-1516

An issue has been discovered in GitLab CE/EE affecting all versions from 8.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper input validation in Tokens Names could be used to t…

CVSS: 6.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2025-1478

An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in Board Names could be used to…

CVSS: 6.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2025-05-30
High

CVE-2025-1763

An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.…

CVSS: 8.7 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2025-05-23
Low

CVE-2024-9163

A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion…

CVSS: 3.5 CWE: CWE-451 - User Interface (UI) Misrepresentation of Critical Information View on NVD
Medium

CVE-2024-7803

An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A Discord webhook integration may cause DoS.

CVSS: 6.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2025-05-22
High

CVE-2025-0993

An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. This could allow an authenticated attacker to cause a denial of servi…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2025-0679

An issue has been discovered in GitLab CE/EE affecting all versions from 17.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Under certain conditions un-authorised users can view full…

CVSS: 4.3 CWE: CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor View on NVD
Medium

CVE-2025-0605

An issue has been discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Group access controls could allow certain users to bypass t…

CVSS: 4.6 CWE: CWE-1390 - Weak Authentication View on NVD
Medium

CVE-2024-12093

An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Improper XPath validation allows modified SAML response to…

CVSS: 6.8 CWE: CWE-1288 - Improper Validation of Consistency within Input View on NVD
Medium

CVE-2025-4979

An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. An attacker may be able to reveal masked or hidden CI variables (that…

CVSS: 4.9 CWE: CWE-1220 - Insufficient Granularity of Access Control View on NVD