gitlab
1,423 tracked vulnerabilities.
CVE-2026-1387
MEDIUM
GitLab 15.6-18.6.6, 18.7-18.7.4, 18.8-18.8.4 - Authenticated Denial of Service via GraphQL File Query
Feb 11, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-1282
LOW
GitLab 18.6.0-18.6.5, 18.7.0-18.7.3, 18.8.0-18.8.3 - Authenticated Stored Cross-Site Scripting in Project Label Titles
Feb 11, 2026
CVSS 3.5
EPSS 0.00
CVE-2026-1094
MEDIUM
GitLab 18.8.0-18.8.3 - Authenticated File Change Obfuscation via WebUI
Feb 11, 2026
CVSS 4.6
EPSS 0.00
CVE-2026-1080
MEDIUM
GitLab 16.7-18.6.5, 18.7-18.7.3, 18.8-18.8.3 - Authenticated Authorization Bypass via Iterations API
Feb 11, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-0958
HIGH
GitLab 18.4-18.6.5, 18.7-18.7.3, 18.8-18.8.3 - Unauthenticated Denial of Service via JSON Validation Middleware Bypass
Feb 11, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-0595
HIGH
GitLab 13.9-18.6.5, 18.7-18.7.3, 18.8-18.8.3 - Authenticated HTML Injection in Test Case Titles
Feb 11, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-1868
CRITICAL
GitLab AI Gateway <18.6.1-18.8.0 - DoS/Code Execution
Feb 09, 2026
CVSS 9.9
EPSS 0.00
CVE-2026-1751
LOW
GitLab CE/EE <18.5.0 - Info Disclosure
Feb 02, 2026
CVSS 3.1
EPSS 0.00
CVE-2026-1102
MEDIUM
GitLab 12.3-18.6.3, 18.7-18.7.1, 18.8-18.8.1 - DoS via Malformed SSH Auth
Jan 22, 2026
CVSS 5.3
EPSS 0.01
CVE-2026-0723
HIGH
GitLab CE/EE <18.6.4-18.8.2 - Auth Bypass
Jan 22, 2026
CVSS 7.4
EPSS 0.01
CVE-2025-12506
LOW
Use of Incorrectly-Resolved Name or Reference in GitLab
Jul 08, 2026
CVSS 3.5
EPSS 0.00
CVE-2025-14870
HIGH
Allocation of Resources Without Limits or Throttling in GitLab
May 14, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-14869
HIGH
Improper Validation of Specified Quantity in Input in GitLab
May 14, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-13874
MEDIUM
Authorization Bypass Through User-Controlled Key in GitLab
May 14, 2026
CVSS 4.3
EPSS 0.00
CVE-2025-12669
MEDIUM
Improper Control of Generation of Code ('Code Injection') in GitLab
May 14, 2026
CVSS 5.4
EPSS 0.00
CVE-2025-9957
LOW
Incorrect Authorization in GitLab
Apr 22, 2026
CVSS 2.7
EPSS 0.00
CVE-2025-6016
MEDIUM
Allocation of Resources Without Limits or Throttling in GitLab
Apr 22, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-3922
MEDIUM
Allocation of Resources Without Limits or Throttling in GitLab
Apr 22, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-0186
MEDIUM
Allocation of Resources Without Limits or Throttling in GitLab
Apr 22, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-9484
MEDIUM
Missing Authorization in GitLab
Apr 08, 2026
CVSS 4.3
EPSS 0.00
CVE-2025-12664
HIGH
Improper Validation of Specified Quantity in Input in GitLab
Apr 08, 2026
CVSS 7.5
EPSS 0.01
CVE-2025-14595
MEDIUM
Missing Authorization in GitLab
Mar 25, 2026
CVSS 4.3
EPSS 0.00
CVE-2025-13436
MEDIUM
Allocation of Resources Without Limits or Throttling in GitLab
Mar 25, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-13078
MEDIUM
Improper Validation of Specified Quantity in Input in GitLab
Mar 25, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-12555
MEDIUM
GitLab CE/EE 15.1-18.7.5/18.8-18.8.5/18.9-18.9.1 - Info Disclosure
Mar 11, 2026
CVSS 4.3
EPSS 0.00