gitlab

1,423 tracked vulnerabilities.

CVE-2025-3396 MEDIUM
GitLab EE <17.11.6, <18.0.4, <18.1.2 - Auth Bypass
Jul 10, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-5846 LOW
GitLab EE <17.11.5-18.1.1 - Privilege Escalation
Jun 26, 2025
CVSS 2.7
EPSS 0.00
CVE-2025-5315 MEDIUM
GitLab 17.2-17.11.5, 18.0-18.0.3, 18.1-18.1.1 - Authenticated Missing Authorization via Crafted API Requests
Jun 26, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-3279 MEDIUM
GitLab 10.7-17.11.4, 18.0-18.0.2, 18.1 - Authenticated Denial of Service via Crafted GraphQL Requests
Jun 26, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-2938 LOW
GitLab CE/EE <17.11.5, <18.0.3, <18.1.1 - Privilege Escalation
Jun 26, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-1754 MEDIUM
GitLab CE/EE <17.11.5, <18.0.3, <18.1.1 - Unauthenticated File Upload
Jun 26, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-5121 HIGH
GitLab 17.11.0-17.11.3 and 18.0.0-18.0.1 - Missing Authorization in Compliance Framework Application
Jun 20, 2025
CVSS 8.5
EPSS 0.08
CVE-2025-2443 HIGH
GitLab 16.6-17.9.6, 17.10-17.10.4, 17.11 - Cross-Site Scripting and Content Security Policy Bypass
Jun 20, 2025
CVSS 8.7
EPSS 0.00
CVE-2025-5982 LOW
GitLab EE <17.10.8-18.0.2 - Auth Bypass
Jun 12, 2025
CVSS 3.7
EPSS 0.00
CVE-2025-5195 MEDIUM
GitLab 17.9-17.10.6, 17.11-17.11.2, 18.0 - Authenticated Authorization Bypass via Compliance Framework Access
Jun 12, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-0673 HIGH
GitLab CE/EE <17.10.8-18.0.2 - Open Redirect
Jun 12, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-5996 MEDIUM
GitLab 2.1.0-17.10.7, 17.11.0-17.11.3, 18.0.0-18.0.1 - DoS via HTTP Response Input Validation Bypass
Jun 12, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-4278 HIGH
GitLab 18.0.0-18.0.1 - HTML Injection in New Search Page
Jun 12, 2025
CVSS 8.7
EPSS 0.07
CVE-2025-2254 HIGH
GitLab 17.9-17.10.8, 17.11-17.11.4, 18.0-18.0.2 - Cross-Site Scripting in Snippet Viewer
Jun 12, 2025
CVSS 8.7
EPSS 0.00
CVE-2025-1516 MEDIUM
GitLab 8.7-17.10.7, 17.11-17.11.3, 18.0-18.0.1 - Denial of Service via Token Name Input Validation
Jun 12, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-1478 MEDIUM
GitLab 8.13-17.10.6, 17.11-17.11.2, 18.0 - Denial of Service via Board Name Input
Jun 12, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-1763 HIGH
GitLab 16.6-17.9.6, 17.10-17.10.4, 17.11 - Cross-Site Scripting and Content Security Policy Bypass
May 30, 2025
CVSS 8.7
EPSS 0.01
CVE-2025-0993 HIGH
GitLab < 17.10.7, 17.11 < 17.11.3, 18.0 < 18.0.1 - Authenticated Denial of Service via Resource Exhaustion
May 22, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-0679 MEDIUM
GitLab CE/EE <17.10.7-18.0.1 - Info Disclosure
May 22, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-0605 MEDIUM
GitLab CE/EE <17.10.7-18.0.1 - Auth Bypass
May 22, 2025
CVSS 4.6
EPSS 0.00
CVE-2025-4979 MEDIUM
GitLab CE/EE <17.10.7-18.0.1 - Info Disclosure
May 22, 2025
CVSS 4.9
EPSS 0.00
CVE-2025-3111 MEDIUM
GitLab 10.2-17.10.6, 17.11-17.11.2, 18.0 - Authenticated Denial of Service via Kubernetes Integration
May 22, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-2853 MEDIUM
GitLab < 17.10.7, 17.11 < 17.11.3, 18.0 < 18.0.1 - Authenticated Denial of Service
May 22, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-1110 LOW
GitLab 18.0 - Insufficient Granularity of Access Control via GraphQL Query
May 22, 2025
CVSS 2.7
EPSS 0.00
CVE-2025-1278 MEDIUM
GitLab CE/EE <17.9.8-17.11.2 - Auth Bypass
May 09, 2025
CVSS 5.3
EPSS 0.00