Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / gitlab

gitlab

1,383 tracked vulnerabilities.

CVE-2025-12653 MEDIUM

GitLab CE/EE <18.4.5-18.6.1 - Info Disclosure

CVE-2025-12571 HIGH

GitLab 17.10-18.4.5, 18.5-18.5.3, 18.6-18.6.1 - Unauthenticated Denial of Service via Malicious JSON Payloads

CVE-2025-9825 MEDIUM

GitLab 13.7-18.2.8, 18.3-18.3.4, 18.4-18.4.2 - Authenticated Sensitive CI/CD Variable Exposure via GraphQL API

CVE-2025-12983 LOW

GitLab 16.9-18.3.5, 18.4-18.4.3, 18.5-18.5.1 - Authenticated Denial of Service via Nested Markdown Formatting

CVE-2025-7736 LOW

GitLab CE/EE <18.3.6-18.5.2 - Auth Bypass

CVE-2025-7000 MEDIUM

GitLab CE/EE <18.3.6-18.5.2 - Info Disclosure

CVE-2025-6945 LOW

GitLab 17.8-18.3.5, 18.4-18.4.3, 18.5-18.5.1 - Information Disclosure via Merge Request Comment Prompt Injection

CVE-2025-6171 MEDIUM

GitLab 13.2-18.3.5, 18.4-18.4.3, 18.5-18.5.1 - Authenticated Missing Authorization via Packages API

CVE-2025-2615 MEDIUM

GitLab <18.3.6-18.5.2 - Info Disclosure

CVE-2025-11990 LOW

GitLab 18.4.0-18.4.3 & 18.5.0-18.5.1 CSRF Token Exposure via Input Validation Bypass

CVE-2025-11865 MEDIUM

GitLab 18.1-18.3.6, 18.4-18.4.4, 18.5-18.5.2 - Incorrect Authorization

CVE-2025-11702 HIGH

GitLab 17.1.0-18.3.4, 18.4.0-18.4.2, 18.5.0 - Authenticated Project Runner Hijacking via Missing Authorization

CVE-2025-6601 LOW

GitLab EE <18.4.3-18.5.1 - Privilege Escalation

CVE-2025-11989 LOW

GitLab 17.6.0-18.3.4, 18.4-18.4.2, 18.5 - Authenticated Missing Authorization via Quick Action Command Injection

CVE-2025-11974 MEDIUM

GitLab 11.7-18.3.4, 18.4-18.4.2, 18.5 - Unauthenticated Denial of Service via Large File Upload

CVE-2025-11971 MEDIUM

GitLab 10.6.0-18.3.4, 18.4.0-18.4.2, 18.5.0 - Authenticated Unauthorized Pipeline Execution via Commit Manipulation

CVE-2025-11447 HIGH

GitLab 11.0-18.3.4, 18.4.0-18.4.2, 18.5.0 - Unauthenticated Denial of Service via Crafted GraphQL JSON Payloads

CVE-2025-10497 HIGH

GitLab 17.10-18.3.4, 18.4-18.4.2, 18.5 - Unauthenticated Denial of Service via Crafted Payloads

CVE-2025-2934 MEDIUM

GitLab 5.2-18.2.7, 18.3-18.3.3, 18.4-18.4.1 - Authenticated Denial of Service via Malicious Webhook Endpoint

CVE-2025-11340 HIGH

GitLab EE <18.3.4-18.4.2 - Privilege Escalation

CVE-2025-10004 HIGH

GitLab 13.12-18.2.8, 18.3-18.3.4, 18.4-18.4.2 - Denial of Service via Crafted GraphQL Queries

CVE-2025-8014 HIGH

GitLab 11.10-18.2.6, 18.3-18.3.2, 18.4-18.4.0 - Unauthenticated Denial of Service via GraphQL Query Complexity Bypass

CVE-2025-5069 LOW

GitLab CE/EE <18.2.7-18.4.1 - Privilege Escalation

CVE-2025-11042 MEDIUM

GitLab 17.2-18.2.6, 18.3-18.3.2, 18.4 - Denial of Service via GraphQL Query

CVE-2025-10868 LOW

GitLab CE/EE <18.2.7-18.4.1 - Info Disclosure

Previous Page 6 of 56 Next

Products

gitlab 1,368 GitLab 108 gitlab-shell 5 dynamic_application_security_testing_analyzer 4 runner 3 gitlab-vscode-extension 2 GitLab AI Gateway 1 dast_api_scanner 1 gitaly 1 gitlab_runner 1 language_server 1 omnibus 1

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy