gitlab
1,423 tracked vulnerabilities.
CVE-2025-14513
HIGH
GitLab 16.11-18.7.5, 18.8-18.8.5, 18.9-18.9.1 - DoS via Protected Branches API
Mar 11, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-13929
HIGH
GitLab 10.0-18.7.5, 18.8-18.8.5, 18.9-18.9.1 - Unauthenticated Denial of Service via Repository Archive Endpoint
Mar 11, 2026
CVSS 7.5
EPSS 0.01
CVE-2025-13690
MEDIUM
GitLab 16.11-18.7.5, 18.8-18.8.5, 18.9-18.9.1 - Authenticated Denial of Service via Webhook Custom Header Input
Mar 11, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-12704
LOW
GitLab EE 18.2-18.9.2 - Auth Bypass
Mar 11, 2026
CVSS 3.5
EPSS 0.00
CVE-2025-12697
LOW
GitLab 15.5-18.7.5, 18.8-18.8.5, 18.9-18.9.1 - Authenticated Datadog API Credential Exposure
Mar 11, 2026
CVSS 2.2
EPSS 0.00
CVE-2025-12576
MEDIUM
GitLab 9.3-18.7.5, 18.8-18.8.5, 18.9-18.9.1 - Authenticated Denial of Service via Webhook Response Handling
Mar 11, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-14511
HIGH
GitLab 12.2-18.7.4, 18.8-18.8.4, 18.9-18.9.0 - Unauthenticated Denial of Service via Container Registry Event Endpoint
Feb 25, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-3525
MEDIUM
GitLab 9.0-18.7.4, 18.8-18.8.4, 18.9-18.9.0 - Authenticated Denial of Service via CI Trigger API
Feb 25, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-14103
MEDIUM
GitLab CE/EE 17.7-18.9 - Privilege Escalation
Feb 25, 2026
CVSS 4.3
EPSS 0.00
CVE-2025-8099
HIGH
GitLab 10.8-18.6.5, 18.7-18.7.3, 18.8-18.8.3 - Unauthenticated Denial of Service via GraphQL Query Flooding
Feb 11, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-7659
HIGH
GitLab CE/EE <18.6.6-18.8.4 - Info Disclosure
Feb 11, 2026
CVSS 8.0
EPSS 0.00
CVE-2025-14594
LOW
GitLab CE/EE <18.6.6-18.8.4 - Info Disclosure
Feb 11, 2026
CVSS 3.5
EPSS 0.00
CVE-2025-14592
LOW
GitLab CE/EE <18.6.6-18.8.4 - Privilege Escalation
Feb 11, 2026
CVSS 3.7
EPSS 0.00
CVE-2025-14560
HIGH
GitLab CE/EE <18.6.6-18.8.4 - Privilege Escalation
Feb 11, 2026
CVSS 7.3
EPSS 0.00
CVE-2025-12575
MEDIUM
GitLab 18.0-18.6.5, 18.7-18.7.3, 18.8-18.8.3 - Authenticated Server-Side Request Forgery
Feb 11, 2026
CVSS 5.4
EPSS 0.00
CVE-2025-12073
MEDIUM
GitLab 18.0-18.6.5, 18.7-18.7.3, 18.8-18.8.3 - Authenticated Server-Side Request Forgery via Git Repository Import
Feb 11, 2026
CVSS 4.3
EPSS 0.00
CVE-2025-13928
HIGH
GitLab 17.7-18.6.3, 18.7-18.7.1, 18.8-18.8.1 - Unauthenticated Denial of Service via API Endpoint Authorization Bypass
Jan 22, 2026
CVSS 7.5
EPSS 0.01
CVE-2025-13927
HIGH
GitLab 11.9-18.6.3, 18.7-18.7.1, 18.8-18.8.1 - Unauthenticated Denial of Service via Malformed Authentication Data
Jan 22, 2026
CVSS 7.5
EPSS 0.01
CVE-2025-13335
MEDIUM
GitLab 17.1-18.6.3, 18.7-18.7.1, 18.8-18.8.1 - Authenticated Denial of Service via Wiki Cycle Detection Bypass
Jan 22, 2026
CVSS 6.5
EPSS 0.01
CVE-2025-11224
HIGH
GitLab 15.10-18.3.5, 18.4-18.4.3, 18.5-18.5.1 - Authenticated Stored Cross-Site Scripting via Kubernetes Proxy
Jan 14, 2026
CVSS 7.7
EPSS 0.00
CVE-2025-9222
HIGH
GitLab 18.2.2-18.5.4, 18.6-18.6.2, 18.7-18.7.0 - Authenticated Stored Cross-Site Scripting via GitLab Flavored Markdown
Jan 09, 2026
CVSS 8.7
EPSS 0.00
CVE-2025-3950
LOW
GitLab CE/EE <18.5.5-18.7.1 - Info Disclosure
Jan 09, 2026
CVSS 3.5
EPSS 0.00
CVE-2025-13781
MEDIUM
GitLab 18.5-18.5.4, 18.6-18.6.2, 18.7-18.7.0 - Authenticated Missing Authorization in GraphQL Mutations
Jan 09, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-13772
HIGH
GitLab 18.4.0-18.5.4, 18.6.0-18.6.2, 18.7.0 - Authenticated Missing Authorization via Namespace Identifier Manipulation
Jan 09, 2026
CVSS 7.1
EPSS 0.00
CVE-2025-13761
HIGH
GitLab 18.6-18.6.2 and 18.7-18.7.0 - Unauthenticated Stored Cross-Site Scripting
Jan 09, 2026
CVSS 8.0
EPSS 0.01