gitlab

1,423 tracked vulnerabilities.

CVE-2026-2370 HIGH
Improper Handling of Parameters in GitLab
Mar 30, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-3988 HIGH
Inefficient Algorithmic Complexity in GitLab
Mar 25, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-3857 HIGH
Cross-Site Request Forgery (CSRF) in GitLab
Mar 25, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-2995 HIGH
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab
Mar 25, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-2973 MEDIUM
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
Mar 25, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-2745 MEDIUM
Authentication Bypass Using an Alternate Path or Channel in GitLab
Mar 25, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-2726 MEDIUM
Incorrect Authorization in GitLab
Mar 25, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-1724 MEDIUM
Missing Authentication for Critical Function in GitLab
Mar 25, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-4363 LOW
Incorrect Authorization in GitLab
Mar 25, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-1182 MEDIUM
GitLab 8.14.0-18.7.5, 18.8.0-18.8.5, 18.9.0-18.9.1 - Authenticated Unauthorized Access to Confidential Issue Titles
Mar 12, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-3848 MEDIUM
GitLab CE/EE 8.11-18.7.5, 18.8.x < 18.8.6, 18.9.x < 18.9.2 - Internal Request Forgery via Import
Mar 11, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-1732 MEDIUM
GitLab 12.6-18.7.5, 18.8-18.8.5, 18.9-18.9.1 - Authenticated Confidential Issue Title Disclosure via Improper Filtering
Mar 11, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-1663 MEDIUM
GitLab CE/EE - Privilege Escalation
Mar 11, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-1230 MEDIUM
GitLab 18.7.5/18.8.5/18.9.1 - Authenticated Repository Content Spoofing via Branch Reference Validation Bypass
Mar 11, 2026
CVSS 4.1
EPSS 0.00
CVE-2026-1090 HIGH
GitLab 10.6-18.7.5, 18.8-18.8.5, 18.9-18.9.1 - Stored XSS via Markdown Injection
Mar 11, 2026
CVSS 8.7
EPSS 0.00
CVE-2026-1069 HIGH
GitLab 18.9.0-18.9.1 - Unauthenticated Denial of Service via GraphQL Request
Mar 11, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-0602 MEDIUM
GitLab 15.6-18.7.5, 18.8-18.8.5, 18.9-18.9.1 - Authenticated Metadata Disclosure via Snippet Rendering
Mar 11, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-2845 MEDIUM
GitLab 11.2-18.7.4, 18.8-18.8.4, 18.9-18.9.0 - Authenticated Denial of Service via Bitbucket Server Import Endpoint
Feb 25, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-1747 MEDIUM
GitLab 17.11-18.7.4, 18.8-18.8.4, 18.9-18.9.0 - Authenticated Privilege Escalation via Conan Package Modification
Feb 25, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-1725 MEDIUM
GitLab 18.9 - Unauthenticated Denial of Service via CI Jobs API Endpoint
Feb 25, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-1662 HIGH
GitLab 14.4-18.7.4, 18.8-18.8.4, 18.9-18.9.0 - Unauthenticated Denial of Service via Jira Events Endpoint
Feb 25, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-1388 HIGH
GitLab 9.2-18.7.4, 18.8-18.8.4, 18.9.0 - ReDoS via Merge Request Endpoint
Feb 25, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-0752 HIGH
GitLab CE/EE 16.2-18.7.4/18.8-18.8.4/18.9 - XSS
Feb 25, 2026
CVSS 8.0
EPSS 0.00
CVE-2026-1458 MEDIUM
GitLab 8.0-18.6.5, 18.7-18.7.3, 18.8-18.8.3 - Unauthenticated Denial of Service via Malicious File Upload
Feb 11, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-1456 MEDIUM
GitLab 18.7-18.7.3 and 18.8-18.8.3 - Unauthenticated Denial of Service via Markdown Preview CPU Exhaustion
Feb 11, 2026
CVSS 6.5
EPSS 0.00