Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / gitlab

gitlab

1,383 tracked vulnerabilities.

CVE-2025-9958 HIGH

GitLab CE/EE <18.2.7-18.4.1 - Info Disclosure

CVE-2025-9642 HIGH

GitLab 14.10-18.2.6, 18.3-18.3.2, 18.4 - Cross-Site Scripting

CVE-2025-7691 MEDIUM

GitLab EE <18.2.7-<18.3.3-<18.4.1 - Privilege Escalation

CVE-2025-10871 LOW

GitLab EE 16.6-18.2.6, 18.3-18.3.2, 18.4 - Authenticated Privilege Escalation via Custom Role Assignment

CVE-2025-10867 LOW

GitLab 18.1-18.2.6, 18.3-18.3.2, 18.4-18.4.0 - Authenticated Denial of Service via GraphQL API

CVE-2025-10858 HIGH

GitLab < 18.2.7, 18.3 < 18.3.3, 18.4 < 18.4.1 - Unauthenticated Denial of Service via Large JSON File Upload

CVE-2025-7337 MEDIUM

GitLab 7.8-18.1.5, 18.2-18.2.5, 18.3-18.3.1 - Authenticated Denial of Service via Large File Upload

CVE-2025-6769 MEDIUM

GitLab CE/EE <18.1.6-18.3.2 - Info Disclosure

CVE-2025-6454 HIGH

GitLab 16.11-18.1.5, 18.2-18.2.5, 18.3-18.3.1 - Authenticated Server-Side Request Forgery via Proxy Request Injection

CVE-2025-2256 HIGH

GitLab 7.12-18.1.5, 18.2-18.2.5, 18.3-18.3.1 - Denial of Service via Large SAML Responses

CVE-2025-1250 MEDIUM

GitLab CE/EE <18.1.6-18.3.2 - Privilege Escalation

CVE-2025-10094 MEDIUM

GitLab CE/EE <18.1.6-18.3.2 - Privilege Escalation

CVE-2025-5101 MEDIUM

GitLab < 18.1.5, 18.2 < 18.2.5, 18.3 < 18.3.1 - Authenticated Code Injection via Branch/Tag Ambiguity

CVE-2025-4225 MEDIUM

GitLab 14.1-18.1.4, 18.2-18.2.4, 18.3-18.3.0 - Unauthenticated Denial of Service via GraphQL Requests

CVE-2025-3601 MEDIUM

GitLab 8.15-18.1.4, 18.2-18.2.4, 18.3-18.3.0 - Authenticated Denial of Service via Large URL Response

CVE-2025-2246 MEDIUM

GitLab < 18.1.5, 18.2 < 18.2.5, 18.3 < 18.3.1 - Unauthenticated Sensitive CI/CD Variable Exposure via GraphQL API

CVE-2025-8770 MEDIUM

GitLab 18.0-18.0.6, 18.1-18.1.4, 18.2-18.2.2 - Merge Request Approval Policy Bypass

CVE-2025-7739 HIGH

GitLab 18.2.0-18.2.1 - Authenticated Stored Cross-Site Scripting in Scoped Label Descriptions

CVE-2025-7734 HIGH

GitLab CE/EE <18.0.6-18.2.2 - Code Injection

CVE-2025-6186 HIGH

GitLab 18.1-18.1.4 and 18.2-18.2.2 - Authenticated Account Takeover via Work Item Name HTML Injection

CVE-2025-5819 MEDIUM

GitLab CE/EE <18.0.6-18.2.2 - Info Disclosure

CVE-2025-2937 MEDIUM

GitLab 13.2-18.0.5, 18.1-18.1.3, 18.2-18.2.1 - Authenticated Denial of Service via Wiki Markdown Payload

CVE-2025-2614 MEDIUM

GitLab 11.6-18.0.5, 18.1-18.1.3, 18.2-18.2.1 - Authenticated Denial of Service via Resource Exhaustion

CVE-2025-2498 LOW

Gitlab EE <18.0.6-18.2.2 - Auth Bypass

CVE-2025-1477 MEDIUM

GitLab 8.14-18.0.5, 18.1-18.1.3, 18.2-18.2.1 - Unauthenticated Denial of Service via Integration API Endpoints

Previous Page 7 of 56 Next

Products

gitlab 1,368 GitLab 108 gitlab-shell 5 dynamic_application_security_testing_analyzer 4 runner 3 gitlab-vscode-extension 2 GitLab AI Gateway 1 dast_api_scanner 1 gitaly 1 gitlab_runner 1 language_server 1 omnibus 1

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy