gitlab

1,383 tracked vulnerabilities.

CVE-2026-3254 LOW
Improper Restriction of Rendered UI Layers or Frames in GitLab
Apr 22, 2026
CVSS 3.5
EPSS 0.00
CVE-2026-1660 MEDIUM
Allocation of Resources Without Limits or Throttling in GitLab
Apr 22, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-5173 HIGH
Exposed Dangerous Method or Function in GitLab
Apr 08, 2026
CVSS 8.5
EPSS 0.00
CVE-2026-4916 LOW
Missing Authorization in GitLab
Apr 08, 2026
CVSS 2.7
EPSS 0.00
CVE-2026-4332 MEDIUM
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
Apr 08, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-2619 MEDIUM
Incorrect Authorization in GitLab
Apr 08, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-2104 MEDIUM
Authorization Bypass Through User-Controlled Key in GitLab
Apr 08, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-1752 MEDIUM
Incorrect Authorization in GitLab
Apr 08, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-1516 MEDIUM
Improper Control of Generation of Code ('Code Injection') in GitLab
Apr 08, 2026
CVSS 5.7
EPSS 0.00
CVE-2026-1101 MEDIUM
Improper Validation of Specified Quantity in Input in GitLab
Apr 08, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-1092 HIGH
Improper Validation of Specified Quantity in Input in GitLab
Apr 08, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-2370 HIGH
Improper Handling of Parameters in GitLab
Mar 30, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-3988 HIGH
Inefficient Algorithmic Complexity in GitLab
Mar 25, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-3857 HIGH
Cross-Site Request Forgery (CSRF) in GitLab
Mar 25, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-2995 HIGH
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab
Mar 25, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-2973 MEDIUM
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
Mar 25, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-2745 MEDIUM
Authentication Bypass Using an Alternate Path or Channel in GitLab
Mar 25, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-2726 MEDIUM
Incorrect Authorization in GitLab
Mar 25, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-1724 MEDIUM
Missing Authentication for Critical Function in GitLab
Mar 25, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-4363 LOW
Incorrect Authorization in GitLab
Mar 25, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-1182 MEDIUM
GitLab 8.14.0-18.7.5, 18.8.0-18.8.5, 18.9.0-18.9.1 - Authenticated Unauthorized Access to Confidential Issue Titles
Mar 12, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-3848 MEDIUM
GitLab CE/EE 8.11-18.7.5, 18.8.x < 18.8.6, 18.9.x < 18.9.2 - Internal Request Forgery via Import
Mar 11, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-1732 MEDIUM
GitLab 12.6-18.7.5, 18.8-18.8.5, 18.9-18.9.1 - Authenticated Confidential Issue Title Disclosure via Improper Filtering
Mar 11, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-1663 MEDIUM
GitLab CE/EE - Privilege Escalation
Mar 11, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-1230 MEDIUM
GitLab 18.7.5/18.8.5/18.9.1 - Authenticated Repository Content Spoofing via Branch Reference Validation Bypass
Mar 11, 2026
CVSS 4.1
EPSS 0.00
Products
gitlab 1,368 GitLab 108 gitlab-shell 5 dynamic_application_security_testing_analyzer 4 runner 3 gitlab-vscode-extension 2 GitLab AI Gateway 1 dast_api_scanner 1 gitaly 1 gitlab_runner 1 language_server 1 omnibus 1
Quick Filters
Critical CVEs With Exploits In CISA KEV