gitlab

1,423 tracked vulnerabilities.

CVE-2025-0549 MEDIUM
GitLab CE/EE <17.9.8, <17.10.6, <17.11.2 - Auth Bypass
May 09, 2025
CVSS 6.8
EPSS 0.00
CVE-2025-1908 HIGH
GitLab EE/CE <17.9.7-17.11.1 - Info Disclosure
Apr 24, 2025
CVSS 7.7
EPSS 0.00
CVE-2025-0639 MEDIUM
GitLab 16.7-17.9.6, 17.10-17.10.4, 17.11 - Denial of Service via Issue Preview
Apr 24, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-0362 MEDIUM
GitLab CE/EE <17.8.7-17.10.4 - CSRF
Apr 10, 2025
CVSS 6.4
EPSS 0.00
CVE-2025-2469 LOW
GitLab CE/EE <17.9.6, <17.10.4 - Info Disclosure
Apr 10, 2025
CVSS 3.7
EPSS 0.00
CVE-2025-2408 MEDIUM
GitLab CE/EE <17.8.7-17.10.4 - Auth Bypass
Apr 10, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-1677 MEDIUM
GitLab < 17.8.7, 17.9 < 17.9.6, 17.10 < 17.10.4 - Denial of Service via CI Pipeline Export Payload Injection
Apr 10, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-2867 MEDIUM
GitLab 17.8.0-17.8.5, 17.9.0-17.9.2, 17.10.0 - Unauthorized Sensitive Data Exposure via AI-Assisted Development Feature
Mar 27, 2025
CVSS 4.4
EPSS 0.00
CVE-2025-2255 HIGH
GitLab 13.5.0-17.8.5, 17.9.0-17.9.2, 17.10.0 - Cross-Site Scripting in AppSec Error Messages
Mar 27, 2025
CVSS 8.7
EPSS 0.00
CVE-2025-2242 HIGH
GitLab 17.4-17.8.5, 17.9-17.9.2, 17.10 - Incorrect Authorization
Mar 27, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-0811 HIGH
GitLab 17.7-17.8.5, 17.9-17.9.2, 17.10 - Cross-Site Scripting via File Rendering
Mar 27, 2025
CVSS 8.7
EPSS 0.00
CVE-2025-1257 MEDIUM
GitLab 12.3.0-17.7.6, 17.8.0-17.8.4, 17.9.0-17.9.1 - Denial of Service via API Input Manipulation
Mar 13, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-0652 MEDIUM
GitLab EE/CE <17.7.7-17.9.2 - Info Disclosure
Mar 13, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-2045 MEDIUM
GitLab 17.7.0-17.7.5, 17.8.0-17.8.3, 17.9.0 - Incorrect Authorization
Mar 06, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-1540 LOW
GitLab 17.5-17.6.4, 17.7-17.7.3, 17.8-17.8.1 - Incorrect Authorization for External Users
Mar 06, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-0555 HIGH
GitLab-EE <17.7.6, <17.8.4, <17.9.1 - XSS
Mar 03, 2025
CVSS 7.7
EPSS 0.00
CVE-2025-0475 HIGH
GitLab 15.10-17.7.5, 17.8-17.8.3, 17.9 - Cross-Site Scripting via Proxy Feature
Mar 03, 2025
CVSS 8.7
EPSS 0.00
CVE-2025-1198 MEDIUM
GitLab 16.11-17.6.4, 17.7-17.7.3, 17.8-17.8.1 - Insufficient Session Expiration via ActionCable
Feb 13, 2025
CVSS 4.2
EPSS 0.00
CVE-2025-0516 MEDIUM
GitLab CE/EE <17.7.4-17.8.2 - Privilege Escalation
Feb 12, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-1212 MEDIUM
GitLab CE/EE <17.6.5-17.8.2 - Info Disclosure
Feb 12, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-1042 MEDIUM
GitLab EE <17.6.5-17.8.2 - Info Disclosure
Feb 12, 2025
CVSS 4.9
EPSS 0.00
CVE-2025-0376 HIGH
GitLab 13.3-17.6.4, 17.7-17.7.3, 17.8-17.8.1 - Cross-Site Scripting via Change Page
Feb 12, 2025
CVSS 8.7
EPSS 0.00
CVE-2025-1072 MEDIUM
GitLab 7.14.1-17.3.6, 17.4-17.4.3, 17.5-17.5.1 - Denial of Service via Fogbugz Import
Feb 07, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-0290 MEDIUM
GitLab CE/EE <17.5.5-17.7.1 - Info Disclosure
Jan 28, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-0314 HIGH
GitLab 17.2-17.6.3, 17.7-17.7.2, 17.8 - Cross-Site Scripting via File Rendering
Jan 24, 2025
CVSS 8.7
EPSS 0.00