Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / gitlab

gitlab

1,383 tracked vulnerabilities.

CVE-2025-12073 MEDIUM

GitLab 18.0-18.6.5, 18.7-18.7.3, 18.8-18.8.3 - Authenticated Server-Side Request Forgery via Git Repository Import

CVE-2025-13928 HIGH

GitLab 17.7-18.6.3, 18.7-18.7.1, 18.8-18.8.1 - Unauthenticated Denial of Service via API Endpoint Authorization Bypass

CVE-2025-13927 HIGH

GitLab 11.9-18.6.3, 18.7-18.7.1, 18.8-18.8.1 - Unauthenticated Denial of Service via Malformed Authentication Data

CVE-2025-13335 MEDIUM

GitLab 17.1-18.6.3, 18.7-18.7.1, 18.8-18.8.1 - Authenticated Denial of Service via Wiki Cycle Detection Bypass

CVE-2025-11224 HIGH

GitLab 15.10-18.3.5, 18.4-18.4.3, 18.5-18.5.1 - Authenticated Stored Cross-Site Scripting via Kubernetes Proxy

CVE-2025-9222 HIGH

GitLab 18.2.2-18.5.4, 18.6-18.6.2, 18.7-18.7.0 - Authenticated Stored Cross-Site Scripting via GitLab Flavored Markdown

CVE-2025-3950 LOW

GitLab CE/EE <18.5.5-18.7.1 - Info Disclosure

CVE-2025-13781 MEDIUM

GitLab 18.5-18.5.4, 18.6-18.6.2, 18.7-18.7.0 - Authenticated Missing Authorization in GraphQL Mutations

CVE-2025-13772 HIGH

GitLab 18.4.0-18.5.4, 18.6.0-18.6.2, 18.7.0 - Authenticated Missing Authorization via Namespace Identifier Manipulation

CVE-2025-13761 HIGH

GitLab 18.6-18.6.2 and 18.7-18.7.0 - Unauthenticated Stored Cross-Site Scripting

CVE-2025-11246 MEDIUM

GitLab CE/EE <18.5.5-18.7.1 - Privilege Escalation

CVE-2025-10569 MEDIUM

GitLab 8.3-18.5.5, 18.6-18.6.3, 18.7-18.7.1 - Authenticated Denial of Service via External API Response

CVE-2025-12734 LOW

GitLab 15.6-18.4.5, 18.5-18.5.3, 18.6-18.6.1 - Authenticated Cross-Site Scripting via Merge Request Title

CVE-2025-12029 HIGH

GitLab 15.11-18.4.5, 18.5-18.5.3, 18.6-18.6.1 - Unauthenticated Cross-Site Scripting in Swagger UI

CVE-2025-8405 HIGH

GitLab CE/EE <18.4.6-18.6.2 - Privilege Escalation

CVE-2025-4097 MEDIUM

GitLab 11.10-18.4.5, 18.5-18.5.3, 18.6-18.6.1 - Authenticated Denial of Service via Image Upload

CVE-2025-11984 MEDIUM

GitLab CE/EE <18.4.6-18.6.2 - Auth Bypass

CVE-2025-11247 MEDIUM

GitLab EE <18.4.6-18.6.2 - Info Disclosure

CVE-2025-14157 MEDIUM

GitLab 6.3-18.4.5, 18.5-18.5.3, 18.6-18.6.1 - Authenticated Denial of Service via Large API Content Parameters

CVE-2025-13978 MEDIUM

GitLab 17.5-18.4.5, 18.5-18.5.3, 18.6-18.6.1 - Authenticated Private Project Name Disclosure via API Requests

CVE-2025-12716 HIGH

GitLab CE/EE <18.4.6-18.6.2 - Privilege Escalation

CVE-2025-12562 HIGH

GitLab 11.10-18.4.5, 18.5-18.5.3, 18.6-18.6.1 - Unauthenticated Denial of Service via GraphQL Query Complexity Bypass

CVE-2025-7449 MEDIUM

GitLab 8.3-18.4.5, 18.5-18.5.3, 18.6-18.6.1 - Authenticated Denial of Service via HTTP Response Processing

CVE-2025-6195 MEDIUM

GitLab EE <18.4.5-18.6.1 - Info Disclosure

CVE-2025-13611 LOW

GitLab 13.2-18.5.4 and 18.6-18.6.2 - Authenticated Sensitive Token Exposure via Log File Insertion

Previous Page 5 of 56 Next

Products

gitlab 1,368 GitLab 108 gitlab-shell 5 dynamic_application_security_testing_analyzer 4 runner 3 gitlab-vscode-extension 2 GitLab AI Gateway 1 dast_api_scanner 1 gitaly 1 gitlab_runner 1 language_server 1 omnibus 1

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy