gitlab
1,423 tracked vulnerabilities.
CVE-2026-2370
HIGH
Improper Handling of Parameters in GitLab
Mar 30, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-3988
HIGH
Inefficient Algorithmic Complexity in GitLab
Mar 25, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-3857
HIGH
Cross-Site Request Forgery (CSRF) in GitLab
Mar 25, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-2995
HIGH
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab
Mar 25, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-2973
MEDIUM
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
Mar 25, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-2745
MEDIUM
Authentication Bypass Using an Alternate Path or Channel in GitLab
Mar 25, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-2726
MEDIUM
Incorrect Authorization in GitLab
Mar 25, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-1724
MEDIUM
Missing Authentication for Critical Function in GitLab
Mar 25, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-4363
LOW
Incorrect Authorization in GitLab
Mar 25, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-1182
MEDIUM
GitLab 8.14.0-18.7.5, 18.8.0-18.8.5, 18.9.0-18.9.1 - Authenticated Unauthorized Access to Confidential Issue Titles
Mar 12, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-3848
MEDIUM
GitLab CE/EE 8.11-18.7.5, 18.8.x < 18.8.6, 18.9.x < 18.9.2 - Internal Request Forgery via Import
Mar 11, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-1732
MEDIUM
GitLab 12.6-18.7.5, 18.8-18.8.5, 18.9-18.9.1 - Authenticated Confidential Issue Title Disclosure via Improper Filtering
Mar 11, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-1663
MEDIUM
GitLab CE/EE - Privilege Escalation
Mar 11, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-1230
MEDIUM
GitLab 18.7.5/18.8.5/18.9.1 - Authenticated Repository Content Spoofing via Branch Reference Validation Bypass
Mar 11, 2026
CVSS 4.1
EPSS 0.00
CVE-2026-1090
HIGH
GitLab 10.6-18.7.5, 18.8-18.8.5, 18.9-18.9.1 - Stored XSS via Markdown Injection
Mar 11, 2026
CVSS 8.7
EPSS 0.00
CVE-2026-1069
HIGH
GitLab 18.9.0-18.9.1 - Unauthenticated Denial of Service via GraphQL Request
Mar 11, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-0602
MEDIUM
GitLab 15.6-18.7.5, 18.8-18.8.5, 18.9-18.9.1 - Authenticated Metadata Disclosure via Snippet Rendering
Mar 11, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-2845
MEDIUM
GitLab 11.2-18.7.4, 18.8-18.8.4, 18.9-18.9.0 - Authenticated Denial of Service via Bitbucket Server Import Endpoint
Feb 25, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-1747
MEDIUM
GitLab 17.11-18.7.4, 18.8-18.8.4, 18.9-18.9.0 - Authenticated Privilege Escalation via Conan Package Modification
Feb 25, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-1725
MEDIUM
GitLab 18.9 - Unauthenticated Denial of Service via CI Jobs API Endpoint
Feb 25, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-1662
HIGH
GitLab 14.4-18.7.4, 18.8-18.8.4, 18.9-18.9.0 - Unauthenticated Denial of Service via Jira Events Endpoint
Feb 25, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-1388
HIGH
GitLab 9.2-18.7.4, 18.8-18.8.4, 18.9.0 - ReDoS via Merge Request Endpoint
Feb 25, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-0752
HIGH
GitLab CE/EE 16.2-18.7.4/18.8-18.8.4/18.9 - XSS
Feb 25, 2026
CVSS 8.0
EPSS 0.00
CVE-2026-1458
MEDIUM
GitLab 8.0-18.6.5, 18.7-18.7.3, 18.8-18.8.3 - Unauthenticated Denial of Service via Malicious File Upload
Feb 11, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-1456
MEDIUM
GitLab 18.7-18.7.3 and 18.8-18.8.3 - Unauthenticated Denial of Service via Markdown Preview CPU Exhaustion
Feb 11, 2026
CVSS 6.5
EPSS 0.00