Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / gitlab

gitlab

1,383 tracked vulnerabilities.

CVE-2026-1090 HIGH

GitLab 10.6-18.7.5, 18.8-18.8.5, 18.9-18.9.1 - Stored XSS via Markdown Injection

CVE-2026-1069 HIGH

GitLab 18.9.0-18.9.1 - Unauthenticated Denial of Service via GraphQL Request

CVE-2026-0602 MEDIUM

GitLab 15.6-18.7.5, 18.8-18.8.5, 18.9-18.9.1 - Authenticated Metadata Disclosure via Snippet Rendering

CVE-2026-2845 MEDIUM

GitLab 11.2-18.7.4, 18.8-18.8.4, 18.9-18.9.0 - Authenticated Denial of Service via Bitbucket Server Import Endpoint

CVE-2026-1747 MEDIUM

GitLab 17.11-18.7.4, 18.8-18.8.4, 18.9-18.9.0 - Authenticated Privilege Escalation via Conan Package Modification

CVE-2026-1725 MEDIUM

GitLab 18.9 - Unauthenticated Denial of Service via CI Jobs API Endpoint

CVE-2026-1662 HIGH

GitLab 14.4-18.7.4, 18.8-18.8.4, 18.9-18.9.0 - Unauthenticated Denial of Service via Jira Events Endpoint

CVE-2026-1388 HIGH

GitLab 9.2-18.7.4, 18.8-18.8.4, 18.9.0 - ReDoS via Merge Request Endpoint

CVE-2026-0752 HIGH

GitLab CE/EE 16.2-18.7.4/18.8-18.8.4/18.9 - XSS

CVE-2026-1458 MEDIUM

GitLab 8.0-18.6.5, 18.7-18.7.3, 18.8-18.8.3 - Unauthenticated Denial of Service via Malicious File Upload

CVE-2026-1456 MEDIUM

GitLab 18.7-18.7.3 and 18.8-18.8.3 - Unauthenticated Denial of Service via Markdown Preview CPU Exhaustion

CVE-2026-1387 MEDIUM

GitLab 15.6-18.6.6, 18.7-18.7.4, 18.8-18.8.4 - Authenticated Denial of Service via GraphQL File Query

CVE-2026-1282 LOW

GitLab 18.6.0-18.6.5, 18.7.0-18.7.3, 18.8.0-18.8.3 - Authenticated Stored Cross-Site Scripting in Project Label Titles

CVE-2026-1094 MEDIUM

GitLab 18.8.0-18.8.3 - Authenticated File Change Obfuscation via WebUI

CVE-2026-1080 MEDIUM

GitLab 16.7-18.6.5, 18.7-18.7.3, 18.8-18.8.3 - Authenticated Authorization Bypass via Iterations API

CVE-2026-0958 HIGH

GitLab 18.4-18.6.5, 18.7-18.7.3, 18.8-18.8.3 - Unauthenticated Denial of Service via JSON Validation Middleware Bypass

CVE-2026-0595 HIGH

GitLab 13.9-18.6.5, 18.7-18.7.3, 18.8-18.8.3 - Authenticated HTML Injection in Test Case Titles

CVE-2026-1868 CRITICAL

GitLab AI Gateway <18.6.1-18.8.0 - DoS/Code Execution

CVE-2026-1751 LOW

GitLab CE/EE <18.5.0 - Info Disclosure

CVE-2026-1102 MEDIUM

GitLab 12.3-18.6.3, 18.7-18.7.1, 18.8-18.8.1 - DoS via Malformed SSH Auth

CVE-2026-0723 HIGH

GitLab CE/EE <18.6.4-18.8.2 - Auth Bypass

CVE-2025-14870 HIGH

Allocation of Resources Without Limits or Throttling in GitLab

CVE-2025-14869 HIGH

Improper Validation of Specified Quantity in Input in GitLab

CVE-2025-13874 MEDIUM

Authorization Bypass Through User-Controlled Key in GitLab

CVE-2025-12669 MEDIUM

Improper Control of Generation of Code ('Code Injection') in GitLab

Previous Page 3 of 56 Next

Products

gitlab 1,368 GitLab 108 gitlab-shell 5 dynamic_application_security_testing_analyzer 4 runner 3 gitlab-vscode-extension 2 GitLab AI Gateway 1 dast_api_scanner 1 gitaly 1 gitlab_runner 1 language_server 1 omnibus 1

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy