gitlab
1,423 tracked vulnerabilities.
CVE-2025-3396
MEDIUM
GitLab EE <17.11.6, <18.0.4, <18.1.2 - Auth Bypass
Jul 10, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-5846
LOW
GitLab EE <17.11.5-18.1.1 - Privilege Escalation
Jun 26, 2025
CVSS 2.7
EPSS 0.00
CVE-2025-5315
MEDIUM
GitLab 17.2-17.11.5, 18.0-18.0.3, 18.1-18.1.1 - Authenticated Missing Authorization via Crafted API Requests
Jun 26, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-3279
MEDIUM
GitLab 10.7-17.11.4, 18.0-18.0.2, 18.1 - Authenticated Denial of Service via Crafted GraphQL Requests
Jun 26, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-2938
LOW
GitLab CE/EE <17.11.5, <18.0.3, <18.1.1 - Privilege Escalation
Jun 26, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-1754
MEDIUM
GitLab CE/EE <17.11.5, <18.0.3, <18.1.1 - Unauthenticated File Upload
Jun 26, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-5121
HIGH
GitLab 17.11.0-17.11.3 and 18.0.0-18.0.1 - Missing Authorization in Compliance Framework Application
Jun 20, 2025
CVSS 8.5
EPSS 0.08
CVE-2025-2443
HIGH
GitLab 16.6-17.9.6, 17.10-17.10.4, 17.11 - Cross-Site Scripting and Content Security Policy Bypass
Jun 20, 2025
CVSS 8.7
EPSS 0.00
CVE-2025-5982
LOW
GitLab EE <17.10.8-18.0.2 - Auth Bypass
Jun 12, 2025
CVSS 3.7
EPSS 0.00
CVE-2025-5195
MEDIUM
GitLab 17.9-17.10.6, 17.11-17.11.2, 18.0 - Authenticated Authorization Bypass via Compliance Framework Access
Jun 12, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-0673
HIGH
GitLab CE/EE <17.10.8-18.0.2 - Open Redirect
Jun 12, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-5996
MEDIUM
GitLab 2.1.0-17.10.7, 17.11.0-17.11.3, 18.0.0-18.0.1 - DoS via HTTP Response Input Validation Bypass
Jun 12, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-4278
HIGH
GitLab 18.0.0-18.0.1 - HTML Injection in New Search Page
Jun 12, 2025
CVSS 8.7
EPSS 0.07
CVE-2025-2254
HIGH
GitLab 17.9-17.10.8, 17.11-17.11.4, 18.0-18.0.2 - Cross-Site Scripting in Snippet Viewer
Jun 12, 2025
CVSS 8.7
EPSS 0.00
CVE-2025-1516
MEDIUM
GitLab 8.7-17.10.7, 17.11-17.11.3, 18.0-18.0.1 - Denial of Service via Token Name Input Validation
Jun 12, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-1478
MEDIUM
GitLab 8.13-17.10.6, 17.11-17.11.2, 18.0 - Denial of Service via Board Name Input
Jun 12, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-1763
HIGH
GitLab 16.6-17.9.6, 17.10-17.10.4, 17.11 - Cross-Site Scripting and Content Security Policy Bypass
May 30, 2025
CVSS 8.7
EPSS 0.01
CVE-2025-0993
HIGH
GitLab < 17.10.7, 17.11 < 17.11.3, 18.0 < 18.0.1 - Authenticated Denial of Service via Resource Exhaustion
May 22, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-0679
MEDIUM
GitLab CE/EE <17.10.7-18.0.1 - Info Disclosure
May 22, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-0605
MEDIUM
GitLab CE/EE <17.10.7-18.0.1 - Auth Bypass
May 22, 2025
CVSS 4.6
EPSS 0.00
CVE-2025-4979
MEDIUM
GitLab CE/EE <17.10.7-18.0.1 - Info Disclosure
May 22, 2025
CVSS 4.9
EPSS 0.00
CVE-2025-3111
MEDIUM
GitLab 10.2-17.10.6, 17.11-17.11.2, 18.0 - Authenticated Denial of Service via Kubernetes Integration
May 22, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-2853
MEDIUM
GitLab < 17.10.7, 17.11 < 17.11.3, 18.0 < 18.0.1 - Authenticated Denial of Service
May 22, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-1110
LOW
GitLab 18.0 - Insufficient Granularity of Access Control via GraphQL Query
May 22, 2025
CVSS 2.7
EPSS 0.00
CVE-2025-1278
MEDIUM
GitLab CE/EE <17.9.8-17.11.2 - Auth Bypass
May 09, 2025
CVSS 5.3
EPSS 0.00