Skip to main content

Gitlab

1245 CVEs vendor

Monthly

CVE-2025-12571 HIGH This Week

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an unauthenticated user to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-9825 MEDIUM POC This Month

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 to 18.2.8, 18.3 before 18.3.4, and 18.4 before 18.4.2 that could have allowed authenticated users without project. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-12983 LOW Monitor

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to cause a. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-7736 LOW Monitor

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to bypass. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-7000 MEDIUM Monitor

An issue has been discovered in GitLab CE/EE affecting all versions from 17.6 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that, under specific conditions, could have allowed. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-6945 LOW Monitor

GitLab has remediated an issue in GitLab EE affecting all versions from 17.8 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to leak. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Gitlab
NVD
CVSS 3.1
3.5
EPSS
0.1%
CVE-2025-6171 MEDIUM This Month

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker with. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-2615 MEDIUM Monitor

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that could have allowed a blocked user to access sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-11990 LOW Monitor

GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to gain CSRF tokens by exploiting. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Gitlab CSRF
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-11865 MEDIUM Monitor

An issue has been discovered in GitLab EE affecting all versions from 18.1 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that, under certain circumstances, could have allowed an attacker. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%

Rejected reason: This CVE was assigned for a libxml2 issue#1012 but later deemed not valid. No vendor patch available.

Information Disclosure Gitlab
NVD
CVE-2021-4460 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix UBSAN shift-out-of-bounds warning If get_num_sdma_queues or get_num_xgmi_sdma_queues is 0, we end up doing a shift operation where the number of bits shifted equals number of bits in the operand. This behaviour is undefined. Set num_sdma_queues or num_xgmi_sdma_queues to ULLONG_MAX, if the count is >= number of bits in the operand. Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/1472

Linux Gitlab Information Disclosure Buffer Overflow Ubuntu +4
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-8014 HIGH This Month

Denial of Service issue in GraphQL endpoints in Gitlab EE/CE affecting all versions from 11.10 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 allows unauthenticated users to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-5069 LOW Monitor

An issue has been discovered in GitLab CE/EE affecting all versions from 17.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could have allowed an authenticated user to gain. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-11042 MEDIUM Monitor

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.2 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1, that allows an attacker to cause uncontrolled CPU. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-10868 LOW Monitor

An issue has been discovered in GitLab CE/EE affecting all versions from 17.4 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 where certain string conversion methods exhibit performance. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-9958 HIGH This Week

An issue has been discovered in GitLab CE/EE affecting all versions from 14.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1, that could have allowed Guest users to access sensitive. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
7.7
EPSS
0.0%
CVE-2025-9642 HIGH This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 14.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could allow an attacker to inject malicious content that. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
8.7
EPSS
0.0%
CVE-2025-7691 MEDIUM This Month

A privilege escalation issue has been discovered in GitLab EE affecting all versions from 16.6 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 that could have allowed a developer with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab Privilege Escalation
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-10871 LOW Monitor

An issue has been discovered in GitLab EE affecting all versions from 16.6 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
3.8
EPSS
0.0%
CVE-2025-10867 LOW Monitor

An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could have allowed an authenticated user to create a. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-10858 HIGH This Month

An issue was discovered in GitLab CE/EE affecting all versions before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that allows unauthenticated users to cause a Denial of Service (DoS) condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-53228 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: drop redundant sched job cleanup when cs is aborted Once command submission failed due to userptr invalidation in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Amd Linux Denial Of Service Gitlab Null Pointer Dereference +3
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-7337 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 7.8 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-6769 MEDIUM Monitor

An issue has been discovered in GitLab CE/EE affecting all versions from 15.1 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to view. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-6454 HIGH This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to make unintended. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Gitlab SSRF
NVD
CVSS 3.1
8.5
EPSS
0.0%
CVE-2025-2256 HIGH This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 7.12 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed unauthorized users to render the GitLab. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-1250 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user to stall. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-10094 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to disrupt access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-55750 MEDIUM This Month

Gitpod is a developer platform for cloud development environments. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-5101 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that under certain conditions could have allowed an authenticated. Rated medium severity (CVSS 5.0). No vendor patch available.

RCE Gitlab Code Injection
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-4225 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 14.1 before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that that under certain conditions could have allowed an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-3601 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 8.15 before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have could have allowed an authenticated user to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-2246 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have allowed unauthenticated users to access sensitive manual. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
5.8
EPSS
0.0%
CVE-2025-8770 MEDIUM This Month

An issue has been discovered in GitLab EE affecting all versions from 18.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that could have allowed authenticated users with specific. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-7739 HIGH This Week

An issue has been discovered in GitLab CE/EE affecting all versions from 18.2 before 18.2.2 that, under certain conditions, could have allowed authenticated users to achieve stored cross-site. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
8.7
EPSS
0.0%
CVE-2025-7734 HIGH This Week

An issue has been discovered in GitLab CE/EE affecting all versions from 14.2 before 18.0.6, 18.1 before 18.1.4 and 18.2 before 18.2.2 that, under certain conditions, could have allowed a successful. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
8.7
EPSS
0.0%
CVE-2025-6186 HIGH This Week

An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to achieve account takeover by. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
8.7
EPSS
0.0%
CVE-2025-5819 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 15.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users with developer. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-2937 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 13.2 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to create a denial. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-2614 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an authenticated user to cause a denial. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-2498 LOW Monitor

An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that under certain conditions could have allowed users to view. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-1477 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 8.14 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an unauthenticated user to create a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-12303 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2024-10219 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 15.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-7370 HIGH PATCH This Week

Rejected reason: Upon investigtion upstream maintainers discovered this was not a real issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure Ubuntu Suse
NVD
CVSS 3.1
7.5
EPSS
6.0%
CVE-2025-6948 HIGH PATCH This Week

CVE-2025-6948 is a Stored Cross-Site Scripting (XSS) vulnerability in GitLab CE/EE that allows authenticated attackers to execute actions on behalf of other users through malicious content injection. Affected versions include 17.11 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2. An attacker with valid credentials can manipulate the UI context (via user interaction) to perform unauthorized actions with high confidentiality and integrity impact across the GitLab instance.

Gitlab Code Injection
NVD
CVSS 3.1
8.7
EPSS
0.0%
CVE-2025-6168 LOW PATCH Monitor

An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated maintainers to bypass group-level user invitation restrictions by sending crafted API requests.

Gitlab Authentication Bypass Debian
NVD
CVSS 3.1
2.7
EPSS
0.0%
CVE-2025-4972 LOW PATCH Monitor

An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated users with invitation privileges to bypass group-level user invitation restrictions by manipulating group invitation functionality.

Gitlab Authentication Bypass Debian
NVD
CVSS 3.1
2.7
EPSS
0.0%
CVE-2025-3396 MEDIUM PATCH This Month

An issue has been discovered in GitLab EE affecting all versions from 13.3 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that could have allowed authenticated project owners to bypass group-level forking restrictions by manipulating API requests.

Gitlab Authentication Bypass Debian
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-5846 LOW PATCH Monitor

An issue has been discovered in GitLab EE affecting all versions from 16.10 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to assign unrelated compliance frameworks to projects by sending crafted GraphQL mutations that bypassed framework-specific permission checks.

Gitlab Authentication Bypass Ubuntu Debian
NVD
CVSS 3.1
2.7
EPSS
0.0%
CVE-2025-5315 MEDIUM PATCH This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users with Guest role permissions to add child items to incident work items by sending crafted API requests that bypassed UI-enforced role restrictions.

Gitlab Authentication Bypass Ubuntu Debian
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-3279 MEDIUM PATCH This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated attackers to create a DoS condition by sending crafted GraphQL requests.

Gitlab Denial Of Service Ubuntu Debian
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-2938 LOW PATCH Monitor

A privilege escalation vulnerability in GitLab CE/EE affecting all (CVSS 3.1). Remediation should follow standard vulnerability management procedures.

Gitlab Information Disclosure Ubuntu Debian
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-1754 MEDIUM PATCH This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed unauthenticated attackers to upload arbitrary files to public projects by sending crafted API requests, potentially leading to resource abuse and unauthorized content storage.

Gitlab Authentication Bypass Ubuntu Debian
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-5600 LOW POC PATCH Monitor

An issue has been discovered in GitLab EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. Arbitrary access to the titles of an private specific references could be leaked through the service-desk custom email template.

Gitlab Authentication Bypass Debian
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2024-4994 HIGH POC PATCH This Week

CVE-2024-4994 is a Cross-Site Request Forgery (CSRF) vulnerability in GitLab's GraphQL API that allows unauthenticated attackers to execute arbitrary GraphQL mutations through a malicious website visited by authenticated GitLab users. This affects GitLab CE/EE versions 16.1.0-16.11.4, 17.0.0-17.0.2, and 17.1.0, with a CVSS score of 8.1 indicating high severity. The vulnerability requires user interaction (clicking a malicious link) but can result in unauthorized data manipulation or system compromise depending on the mutations executed.

CSRF Gitlab RCE
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2024-4025 MEDIUM PATCH This Month

A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions from 7.10 prior before 16.11.5, version 17.0 before 17.0.3, and 17.1 before 17.1.1. It is possible for an attacker to cause a denial of service using a crafted markdown page.

Gitlab Denial Of Service Ubuntu Debian
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-5121 HIGH PATCH CERT-EU This Week

GitLab CE/EE contains a missing authorization check (CWE-862) in its compliance frameworks feature that allows authenticated users with limited privileges to apply compliance frameworks to projects outside the intended scope of the framework's group, potentially affecting confidentiality, integrity, and availability. This vulnerability affects GitLab versions 17.11 before 17.11.4 and 18.0 before 18.0.2. The CVSS 8.5 score reflects high severity due to the scope change and multiple impact categories, though exploitation requires low-level user authentication and higher-than-typical attack complexity.

Gitlab Privilege Escalation
NVD
CVSS 3.1
8.5
EPSS
0.0%
CVE-2025-2443 HIGH PATCH This Week

A security vulnerability in all (CVSS 8.7) that allows for cross-site-scripting attack and content security policy bypass. High severity vulnerability requiring prompt remediation.

Gitlab Authentication Bypass
NVD
CVSS 3.1
8.7
EPSS
0.1%
CVE-2024-7586 MEDIUM PATCH This Month

An issue was discovered in GitLab EE affecting all versions starting from 17.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, where webhook deletion audit log preserved auth credentials.

Gitlab Information Disclosure Ubuntu Debian
NVD
CVSS 3.1
4.1
EPSS
0.0%
CVE-2025-5982 LOW PATCH Monitor

An issue has been discovered in GitLab EE affecting all versions from 12.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Under certain conditions users could bypass IP access restrictions and view sensitive information.

Gitlab Information Disclosure Debian
NVD
CVSS 3.1
3.7
EPSS
0.0%
CVE-2024-9512 MEDIUM PATCH This Month

An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync.

Gitlab Information Disclosure Debian
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-5195 MEDIUM POC PATCH This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. It was possible for authenticated users to access arbitrary compliance frameworks, leading to unauthorized data disclosure.

Gitlab Authentication Bypass Ubuntu Debian
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-0673 HIGH POC PATCH CERT-EU This Week

A denial of service vulnerability in GitLab CE/EE affecting all (CVSS 7.5) that allows an attacker. Risk factors: public PoC available.

Gitlab Denial Of Service Open Redirect
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-5996 MEDIUM POC PATCH This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 2.1.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. A lack of input validation in HTTP responses could allow an authenticated user to cause denial of service.

Gitlab Denial Of Service Ubuntu Debian
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-4278 HIGH PATCH CERT-EU This Week

CVE-2025-4278 is an HTML injection vulnerability in GitLab CE/EE versions 18.0.0 through 18.0.1 that allows authenticated attackers to inject malicious HTML through the new search page. Under specific conditions, this vulnerability can escalate to account takeover by leveraging user interaction (UI requirement), with a CVSS score of 8.7 indicating high severity. The vulnerability requires low attack complexity and network accessibility, making it a significant risk for organizations running affected GitLab versions.

Gitlab Code Injection
NVD
CVSS 3.1
8.7
EPSS
0.1%
CVE-2025-2254 HIGH PATCH CERT-EU This Week

Cross-Site Scripting (XSS) vulnerability in GitLab's snippet viewer functionality caused by improper output encoding, affecting versions 17.9-17.10.7, 17.11-17.11.3, and 18.0-18.0.1. An authenticated attacker with UI interaction from a victim can execute arbitrary JavaScript in the context of the victim's browser session, potentially stealing session tokens, performing unauthorized actions, or stealing sensitive data. The CVSS score of 8.7 (High) reflects network accessibility and significant impact on confidentiality and integrity, though exploitation requires user interaction and authenticated access.

Gitlab XSS
NVD
CVSS 3.1
8.7
EPSS
0.1%
CVE-2025-1516 MEDIUM PATCH This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 8.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper input validation in Tokens Names could be used to trigger a denial of service.

Gitlab Denial Of Service Ubuntu Debian
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-1478 MEDIUM PATCH This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in Board Names could be used to trigger a denial of service.

Gitlab Denial Of Service Ubuntu Debian
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-1763 HIGH POC This Week

An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
8.7
EPSS
0.5%
CVE-2024-9163 LOW Monitor

A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
3.5
EPSS
0.1%
CVE-2024-7803 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-0993 HIGH This Month

An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-0679 MEDIUM Monitor

An issue has been discovered in GitLab CE/EE affecting all versions from 17.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-0605 MEDIUM Monitor

An issue has been discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2024-12093 MEDIUM POC This Week

An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-4979 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-3111 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 10.2 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Kubernetes Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2025-2853 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2025-1110 LOW Monitor

An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 before 18.0.1. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
2.7
EPSS
0.1%
CVE-2025-1278 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 12.0 before 17.9.8, 17.10 before 17.10.6, and 17.11 before 17.11.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-0549 MEDIUM POC This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.3 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2024-8973 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-1908 HIGH POC This Week

An issue has been discovered in GitLab EE/CE that could allow an attacker to track users' browsing activities, potentially leading to full account take-over, affecting all versions from 16.6 before. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
7.7
EPSS
0.1%
CVE-2025-0639 MEDIUM This Month

An issue has been discovered affecting service availability via issue preview in GitLab CE/EE affecting all versions from 16.7 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-12244 MEDIUM POC This Month

An issue has been discovered in access controls could allow users to view certain restricted project information even when related features are disabled in GitLab EE, affecting all versions from 17.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-22090 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range() If track_pfn_copy() fails, we already added the dst VMA to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Gitlab Linux Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-0362 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 7.7 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. No vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2025-2469 LOW POC Monitor

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.9.6, and 17.10 before 17.10.4. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
3.7
EPSS
0.0%
EPSS 0% CVSS 7.5
HIGH This Week

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an unauthenticated user to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
EPSS 0% CVSS 5.0
MEDIUM POC This Month

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 to 18.2.8, 18.3 before 18.3.4, and 18.4 before 18.4.2 that could have allowed authenticated users without project. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Authentication Bypass
NVD
EPSS 0% CVSS 3.5
LOW Monitor

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to cause a. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Gitlab
NVD
EPSS 0% CVSS 3.1
LOW Monitor

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to bypass. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Gitlab Authentication Bypass
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

An issue has been discovered in GitLab CE/EE affecting all versions from 17.6 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that, under specific conditions, could have allowed. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
EPSS 0% CVSS 3.5
LOW Monitor

GitLab has remediated an issue in GitLab EE affecting all versions from 17.8 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to leak. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Gitlab
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker with. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that could have allowed a blocked user to access sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
EPSS 0% CVSS 3.1
LOW Monitor

GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to gain CSRF tokens by exploiting. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Gitlab CSRF
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

An issue has been discovered in GitLab EE affecting all versions from 18.1 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that, under certain circumstances, could have allowed an attacker. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD

Rejected reason: This CVE was assigned for a libxml2 issue#1012 but later deemed not valid. No vendor patch available.

Information Disclosure Gitlab
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix UBSAN shift-out-of-bounds warning If get_num_sdma_queues or get_num_xgmi_sdma_queues is 0, we end up doing a shift operation where the number of bits shifted equals number of bits in the operand. This behaviour is undefined. Set num_sdma_queues or num_xgmi_sdma_queues to ULLONG_MAX, if the count is >= number of bits in the operand. Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/1472

Linux Gitlab Information Disclosure +6
NVD
EPSS 0% CVSS 7.5
HIGH This Month

Denial of Service issue in GraphQL endpoints in Gitlab EE/CE affecting all versions from 11.10 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 allows unauthenticated users to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
EPSS 0% CVSS 3.5
LOW Monitor

An issue has been discovered in GitLab CE/EE affecting all versions from 17.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could have allowed an authenticated user to gain. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.2 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1, that allows an attacker to cause uncontrolled CPU. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
EPSS 0% CVSS 3.5
LOW Monitor

An issue has been discovered in GitLab CE/EE affecting all versions from 17.4 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 where certain string conversion methods exhibit performance. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
EPSS 0% CVSS 7.7
HIGH This Week

An issue has been discovered in GitLab CE/EE affecting all versions from 14.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1, that could have allowed Guest users to access sensitive. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
EPSS 0% CVSS 8.7
HIGH This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 14.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could allow an attacker to inject malicious content that. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab XSS
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A privilege escalation issue has been discovered in GitLab EE affecting all versions from 16.6 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 that could have allowed a developer with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab Privilege Escalation
NVD
EPSS 0% CVSS 3.8
LOW Monitor

An issue has been discovered in GitLab EE affecting all versions from 16.6 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
EPSS 0% CVSS 3.5
LOW Monitor

An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could have allowed an authenticated user to create a. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
EPSS 0% CVSS 7.5
HIGH This Month

An issue was discovered in GitLab CE/EE affecting all versions before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that allows unauthenticated users to cause a Denial of Service (DoS) condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: drop redundant sched job cleanup when cs is aborted Once command submission failed due to userptr invalidation in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Amd Linux Denial Of Service +5
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 7.8 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

An issue has been discovered in GitLab CE/EE affecting all versions from 15.1 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to view. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
EPSS 0% CVSS 8.5
HIGH This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to make unintended. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Gitlab SSRF
NVD
EPSS 0% CVSS 7.5
HIGH This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 7.12 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed unauthorized users to render the GitLab. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user to stall. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to disrupt access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Gitpod is a developer platform for cloud development environments. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that under certain conditions could have allowed an authenticated. Rated medium severity (CVSS 5.0). No vendor patch available.

RCE Gitlab Code Injection
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 14.1 before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that that under certain conditions could have allowed an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 8.15 before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have could have allowed an authenticated user to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have allowed unauthenticated users to access sensitive manual. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue has been discovered in GitLab EE affecting all versions from 18.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that could have allowed authenticated users with specific. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
EPSS 0% CVSS 8.7
HIGH This Week

An issue has been discovered in GitLab CE/EE affecting all versions from 18.2 before 18.2.2 that, under certain conditions, could have allowed authenticated users to achieve stored cross-site. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab XSS
NVD
EPSS 0% CVSS 8.7
HIGH This Week

An issue has been discovered in GitLab CE/EE affecting all versions from 14.2 before 18.0.6, 18.1 before 18.1.4 and 18.2 before 18.2.2 that, under certain conditions, could have allowed a successful. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab XSS
NVD
EPSS 0% CVSS 8.7
HIGH This Week

An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to achieve account takeover by. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab XSS
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 15.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users with developer. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 13.2 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to create a denial. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an authenticated user to cause a denial. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
EPSS 0% CVSS 3.1
LOW Monitor

An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that under certain conditions could have allowed users to view. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Gitlab
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 8.14 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an unauthenticated user to create a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 15.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
EPSS 6% CVSS 7.5
HIGH PATCH This Week

Rejected reason: Upon investigtion upstream maintainers discovered this was not a real issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure Ubuntu +1
NVD
EPSS 0% CVSS 8.7
HIGH PATCH This Week

CVE-2025-6948 is a Stored Cross-Site Scripting (XSS) vulnerability in GitLab CE/EE that allows authenticated attackers to execute actions on behalf of other users through malicious content injection. Affected versions include 17.11 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2. An attacker with valid credentials can manipulate the UI context (via user interaction) to perform unauthorized actions with high confidentiality and integrity impact across the GitLab instance.

Gitlab Code Injection
NVD
EPSS 0% CVSS 2.7
LOW PATCH Monitor

An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated maintainers to bypass group-level user invitation restrictions by sending crafted API requests.

Gitlab Authentication Bypass Debian
NVD
EPSS 0% CVSS 2.7
LOW PATCH Monitor

An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated users with invitation privileges to bypass group-level user invitation restrictions by manipulating group invitation functionality.

Gitlab Authentication Bypass Debian
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

An issue has been discovered in GitLab EE affecting all versions from 13.3 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that could have allowed authenticated project owners to bypass group-level forking restrictions by manipulating API requests.

Gitlab Authentication Bypass Debian
NVD
EPSS 0% CVSS 2.7
LOW PATCH Monitor

An issue has been discovered in GitLab EE affecting all versions from 16.10 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to assign unrelated compliance frameworks to projects by sending crafted GraphQL mutations that bypassed framework-specific permission checks.

Gitlab Authentication Bypass Ubuntu +1
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users with Guest role permissions to add child items to incident work items by sending crafted API requests that bypassed UI-enforced role restrictions.

Gitlab Authentication Bypass Ubuntu +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated attackers to create a DoS condition by sending crafted GraphQL requests.

Gitlab Denial Of Service Ubuntu +1
NVD
EPSS 0% CVSS 3.1
LOW PATCH Monitor

A privilege escalation vulnerability in GitLab CE/EE affecting all (CVSS 3.1). Remediation should follow standard vulnerability management procedures.

Gitlab Information Disclosure Ubuntu +1
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed unauthenticated attackers to upload arbitrary files to public projects by sending crafted API requests, potentially leading to resource abuse and unauthorized content storage.

Gitlab Authentication Bypass Ubuntu +1
NVD
EPSS 0% CVSS 3.1
LOW POC PATCH Monitor

An issue has been discovered in GitLab EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. Arbitrary access to the titles of an private specific references could be leaked through the service-desk custom email template.

Gitlab Authentication Bypass Debian
NVD
EPSS 0% CVSS 8.1
HIGH POC PATCH This Week

CVE-2024-4994 is a Cross-Site Request Forgery (CSRF) vulnerability in GitLab's GraphQL API that allows unauthenticated attackers to execute arbitrary GraphQL mutations through a malicious website visited by authenticated GitLab users. This affects GitLab CE/EE versions 16.1.0-16.11.4, 17.0.0-17.0.2, and 17.1.0, with a CVSS score of 8.1 indicating high severity. The vulnerability requires user interaction (clicking a malicious link) but can result in unauthorized data manipulation or system compromise depending on the mutations executed.

CSRF Gitlab RCE
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions from 7.10 prior before 16.11.5, version 17.0 before 17.0.3, and 17.1 before 17.1.1. It is possible for an attacker to cause a denial of service using a crafted markdown page.

Gitlab Denial Of Service Ubuntu +1
NVD
EPSS 0% CVSS 8.5
HIGH PATCH This Week

GitLab CE/EE contains a missing authorization check (CWE-862) in its compliance frameworks feature that allows authenticated users with limited privileges to apply compliance frameworks to projects outside the intended scope of the framework's group, potentially affecting confidentiality, integrity, and availability. This vulnerability affects GitLab versions 17.11 before 17.11.4 and 18.0 before 18.0.2. The CVSS 8.5 score reflects high severity due to the scope change and multiple impact categories, though exploitation requires low-level user authentication and higher-than-typical attack complexity.

Gitlab Privilege Escalation
NVD
EPSS 0% CVSS 8.7
HIGH PATCH This Week

A security vulnerability in all (CVSS 8.7) that allows for cross-site-scripting attack and content security policy bypass. High severity vulnerability requiring prompt remediation.

Gitlab Authentication Bypass
NVD
EPSS 0% CVSS 4.1
MEDIUM PATCH This Month

An issue was discovered in GitLab EE affecting all versions starting from 17.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, where webhook deletion audit log preserved auth credentials.

Gitlab Information Disclosure Ubuntu +1
NVD
EPSS 0% CVSS 3.7
LOW PATCH Monitor

An issue has been discovered in GitLab EE affecting all versions from 12.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Under certain conditions users could bypass IP access restrictions and view sensitive information.

Gitlab Information Disclosure Debian
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync.

Gitlab Information Disclosure Debian
NVD
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. It was possible for authenticated users to access arbitrary compliance frameworks, leading to unauthorized data disclosure.

Gitlab Authentication Bypass Ubuntu +1
NVD
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

A denial of service vulnerability in GitLab CE/EE affecting all (CVSS 7.5) that allows an attacker. Risk factors: public PoC available.

Gitlab Denial Of Service Open Redirect
NVD
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 2.1.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. A lack of input validation in HTTP responses could allow an authenticated user to cause denial of service.

Gitlab Denial Of Service Ubuntu +1
NVD
EPSS 0% CVSS 8.7
HIGH PATCH This Week

CVE-2025-4278 is an HTML injection vulnerability in GitLab CE/EE versions 18.0.0 through 18.0.1 that allows authenticated attackers to inject malicious HTML through the new search page. Under specific conditions, this vulnerability can escalate to account takeover by leveraging user interaction (UI requirement), with a CVSS score of 8.7 indicating high severity. The vulnerability requires low attack complexity and network accessibility, making it a significant risk for organizations running affected GitLab versions.

Gitlab Code Injection
NVD
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Cross-Site Scripting (XSS) vulnerability in GitLab's snippet viewer functionality caused by improper output encoding, affecting versions 17.9-17.10.7, 17.11-17.11.3, and 18.0-18.0.1. An authenticated attacker with UI interaction from a victim can execute arbitrary JavaScript in the context of the victim's browser session, potentially stealing session tokens, performing unauthorized actions, or stealing sensitive data. The CVSS score of 8.7 (High) reflects network accessibility and significant impact on confidentiality and integrity, though exploitation requires user interaction and authenticated access.

Gitlab XSS
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 8.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper input validation in Tokens Names could be used to trigger a denial of service.

Gitlab Denial Of Service Ubuntu +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in Board Names could be used to trigger a denial of service.

Gitlab Denial Of Service Ubuntu +1
NVD
EPSS 0% CVSS 8.7
HIGH POC This Week

An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab XSS
NVD
EPSS 0% CVSS 3.5
LOW Monitor

A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
EPSS 0% CVSS 7.5
HIGH This Month

An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

An issue has been discovered in GitLab CE/EE affecting all versions from 17.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
EPSS 0% CVSS 4.6
MEDIUM Monitor

An issue has been discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
EPSS 0% CVSS 6.8
MEDIUM POC This Week

An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Gitlab Authentication Bypass
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 10.2 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Kubernetes Denial Of Service
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
EPSS 0% CVSS 2.7
LOW Monitor

An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 before 18.0.1. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 12.0 before 17.9.8, 17.10 before 17.10.6, and 17.11 before 17.11.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
EPSS 0% CVSS 6.8
MEDIUM POC This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.3 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Gitlab Authentication Bypass
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
EPSS 0% CVSS 7.7
HIGH POC This Week

An issue has been discovered in GitLab EE/CE that could allow an attacker to track users' browsing activities, potentially leading to full account take-over, affecting all versions from 16.6 before. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Gitlab
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue has been discovered affecting service availability via issue preview in GitLab CE/EE affecting all versions from 16.7 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Denial Of Service
NVD
EPSS 0% CVSS 4.3
MEDIUM POC This Month

An issue has been discovered in access controls could allow users to view certain restricted project information even when related features are disabled in GitLab EE, affecting all versions from 17.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Authentication Bypass
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range() If track_pfn_copy() fails, we already added the dst VMA to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Gitlab Linux Information Disclosure
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 7.7 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. No vendor patch available.

Gitlab XSS
NVD
EPSS 0% CVSS 3.7
LOW POC Monitor

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.9.6, and 17.10 before 17.10.4. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Gitlab
NVD
Prev Page 3 of 14 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy