254
CVEs
5
Critical
68
High
0
KEV
57
PoC
46
Unpatched C/H
32.3%
Patch Rate
0.1%
Avg EPSS
Severity Breakdown
CRITICAL
5
HIGH
68
MEDIUM
143
LOW
37
Monthly CVE Trend
Affected Products (15)
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-1763 | An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 8.7 | 0.5% | 64 |
PoC
No patch
|
| CVE-2025-0811 | An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 8.7 | 0.2% | 64 |
PoC
No patch
|
| CVE-2025-2255 | An issue has been discovered in Gitlab EE/CE for AppSec affecting all versions from 13.5.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 8.7 | 0.2% | 64 |
PoC
No patch
|
| CVE-2024-4994 | CVE-2024-4994 is a Cross-Site Request Forgery (CSRF) vulnerability in GitLab's GraphQL API that allows unauthenticated attackers to execute arbitrary GraphQL mutations through a malicious website visited by authenticated GitLab users. This affects GitLab CE/EE versions 16.1.0-16.11.4, 17.0.0-17.0.2, and 17.1.0, with a CVSS score of 8.1 indicating high severity. The vulnerability requires user interaction (clicking a malicious link) but can result in unauthorized data manipulation or system compromise depending on the mutations executed. | HIGH | 8.1 | 0.1% | 61 |
PoC
|
| CVE-2026-3857 | A Cross-Site Request Forgery (CSRF) vulnerability in GitLab Community Edition and Enterprise Edition allows unauthenticated attackers to execute arbitrary GraphQL mutations on behalf of authenticated users without their consent. All versions from 17.10 before 18.8.7, versions 18.9 before 18.9.3, and versions 18.10 before 18.10.1 are affected. A public proof-of-concept exploit is available via HackerOne report 3584382, significantly increasing the risk of active exploitation. | HIGH | 8.1 | 0.0% | 61 |
PoC
|
| CVE-2026-4922 | Cross-Site Request Forgery (CSRF) in GitLab CE/EE allows remote unauthenticated attackers to execute GraphQL mutations as authenticated victims through crafted web pages. Affects all versions from 17.0 through 18.11.0, with publicly available exploit code (HackerOne report 3627285). Despite high CVSS 8.1, exploitation requires user interaction (phishing/social engineering) and is not automatable per CISA SSVC framework. No evidence of active exploitation in CISA KEV at time of analysis. Vendor patches released: 18.9.6, 18.10.4, and 18.11.1. | HIGH | 8.1 | 0.0% | 61 |
PoC
|
| CVE-2026-5262 | Cross-site scripting vulnerability in GitLab's Storybook development environment allows remote unauthenticated attackers to steal access tokens via crafted user interaction. Affects GitLab CE/EE versions 16.1.0 through 18.9.5, 18.10 through 18.10.3, and 18.11.0. Publicly available exploit code exists (HackerOne report 3574642), though CISA SSVC indicates no confirmed active exploitation at time of analysis. CVSS 8.0 reflects high confidentiality and integrity impact with scope change, but CVSS vector AC:H (high complexity) and UI:R (user interaction required) indicate exploitation requires targeted social engineering rather than automated mass exploitation. | HIGH | 8.0 | 0.0% | 60 |
PoC
|
| CVE-2026-5816 | Cross-site scripting (XSS) in GitLab CE/EE versions 18.10.0-18.10.3 and 18.11.0 enables unauthenticated attackers to execute arbitrary JavaScript in victim browser sessions via improper path validation. GitLab disclosed this vulnerability with publicly available exploit code (HackerOne report 3572231), though CISA SSVC indicates no active exploitation confirmed at time of analysis. CVSS 8.0 reflects the changed scope (S:C) allowing impact beyond the vulnerable component, though High attack complexity (AC:H) and required user interaction (UI:R) limit ease of exploitation. Patched in versions 18.10.4 and 18.11.1. | HIGH | 8.0 | 0.0% | 60 |
PoC
|
| CVE-2025-1908 | An issue has been discovered in GitLab EE/CE that could allow an attacker to track users' browsing activities, potentially leading to full account take-over, affecting all versions from 16.6 before. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available. | HIGH | 7.7 | 0.1% | 59 |
PoC
No patch
|
| CVE-2026-2995 | Improper HTML sanitization in GitLab EE versions 15.4-18.10.1 allows authenticated users to add email addresses to arbitrary user accounts, potentially enabling account takeover or unauthorized access escalation. Public exploit code exists for this vulnerability, and no patch is currently available. Affected deployments should implement access controls to restrict user modification privileges until updates become available. | HIGH | 7.7 | 0.0% | 59 |
PoC
|
| CVE-2024-9631 | An issue was discovered in GitLab CE/EE affecting all versions starting from 13.6 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, where viewing diffs of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 7.5 | 0.1% | 58 |
PoC
No patch
|
| CVE-2026-3988 | GitLab CE/EE contains a denial of service vulnerability in GraphQL request processing due to improper input validation (CWE-407). All versions from 18.5 through 18.8.6, 18.9 through 18.9.2, and 18.10 before 18.10.1 are affected. An unauthenticated attacker can remotely exploit this with low complexity to render GitLab instances unresponsive, and a public proof-of-concept exploit is available via HackerOne report 3597342. | HIGH | 7.5 | 0.0% | 58 |
PoC
|
| CVE-2025-0673 | A denial of service vulnerability in GitLab CE/EE affecting all (CVSS 7.5) that allows an attacker. Risk factors: public PoC available. | HIGH | 7.5 | 0.0% | 58 |
PoC
|
| CVE-2025-0549 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.3 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available. | MEDIUM | 6.8 | 0.1% | 54 |
PoC
No patch
|
| CVE-2026-2745 | GitLab CE/EE versions 7.11 through 18.10 contain an authentication bypass vulnerability in the WebAuthn two-factor authentication implementation due to inconsistent input validation, allowing unauthenticated attackers to gain unauthorized access to user accounts. The vulnerability affects a wide version range spanning multiple releases (7.11 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1). A proof-of-concept exploit is publicly available, and while the CVSS score of 6.8 indicates moderate severity, the authentication bypass nature and active exploit availability represent a significant real-world threat to GitLab deployments. | MEDIUM | 6.8 | 0.0% | 54 |
PoC
|