gitlab
1,423 tracked vulnerabilities.
CVE-2025-11246
MEDIUM
GitLab CE/EE <18.5.5-18.7.1 - Privilege Escalation
Jan 09, 2026
CVSS 5.4
EPSS 0.00
CVE-2025-10569
MEDIUM
GitLab 8.3-18.5.5, 18.6-18.6.3, 18.7-18.7.1 - Authenticated Denial of Service via External API Response
Jan 09, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-12734
LOW
GitLab 15.6-18.4.5, 18.5-18.5.3, 18.6-18.6.1 - Authenticated Cross-Site Scripting via Merge Request Title
Dec 11, 2025
CVSS 3.5
EPSS 0.00
CVE-2025-12029
HIGH
GitLab 15.11-18.4.5, 18.5-18.5.3, 18.6-18.6.1 - Unauthenticated Cross-Site Scripting in Swagger UI
Dec 11, 2025
CVSS 8.0
EPSS 0.01
CVE-2025-8405
HIGH
GitLab CE/EE <18.4.6-18.6.2 - Privilege Escalation
Dec 11, 2025
CVSS 7.7
EPSS 0.00
CVE-2025-4097
MEDIUM
GitLab 11.10-18.4.5, 18.5-18.5.3, 18.6-18.6.1 - Authenticated Denial of Service via Image Upload
Dec 11, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-11984
MEDIUM
GitLab CE/EE <18.4.6-18.6.2 - Auth Bypass
Dec 11, 2025
CVSS 6.8
EPSS 0.00
CVE-2025-11247
MEDIUM
GitLab EE <18.4.6-18.6.2 - Info Disclosure
Dec 11, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-14157
MEDIUM
GitLab 6.3-18.4.5, 18.5-18.5.3, 18.6-18.6.1 - Authenticated Denial of Service via Large API Content Parameters
Dec 11, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-13978
MEDIUM
GitLab 17.5-18.4.5, 18.5-18.5.3, 18.6-18.6.1 - Authenticated Private Project Name Disclosure via API Requests
Dec 11, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-12716
HIGH
GitLab CE/EE <18.4.6-18.6.2 - Privilege Escalation
Dec 11, 2025
CVSS 8.7
EPSS 0.00
CVE-2025-12562
HIGH
GitLab 11.10-18.4.5, 18.5-18.5.3, 18.6-18.6.1 - Unauthenticated Denial of Service via GraphQL Query Complexity Bypass
Dec 11, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-7449
MEDIUM
GitLab 8.3-18.4.5, 18.5-18.5.3, 18.6-18.6.1 - Authenticated Denial of Service via HTTP Response Processing
Nov 26, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-6195
MEDIUM
GitLab EE <18.4.5-18.6.1 - Info Disclosure
Nov 26, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-13611
LOW
GitLab 13.2-18.5.4 and 18.6-18.6.2 - Authenticated Sensitive Token Exposure via Log File Insertion
Nov 26, 2025
CVSS 2.0
EPSS 0.00
CVE-2025-12653
MEDIUM
GitLab CE/EE <18.4.5-18.6.1 - Info Disclosure
Nov 26, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-12571
HIGH
GitLab 17.10-18.4.5, 18.5-18.5.3, 18.6-18.6.1 - Unauthenticated Denial of Service via Malicious JSON Payloads
Nov 26, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-9825
MEDIUM
GitLab 13.7-18.2.8, 18.3-18.3.4, 18.4-18.4.2 - Authenticated Sensitive CI/CD Variable Exposure via GraphQL API
Nov 21, 2025
CVSS 5.0
EPSS 0.00
CVE-2025-12983
LOW
GitLab 16.9-18.3.5, 18.4-18.4.3, 18.5-18.5.1 - Authenticated Denial of Service via Nested Markdown Formatting
Nov 15, 2025
CVSS 3.5
EPSS 0.00
CVE-2025-7736
LOW
GitLab CE/EE <18.3.6-18.5.2 - Auth Bypass
Nov 15, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-7000
MEDIUM
GitLab CE/EE <18.3.6-18.5.2 - Info Disclosure
Nov 15, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-6945
LOW
GitLab 17.8-18.3.5, 18.4-18.4.3, 18.5-18.5.1 - Information Disclosure via Merge Request Comment Prompt Injection
Nov 15, 2025
CVSS 3.5
EPSS 0.00
CVE-2025-6171
MEDIUM
GitLab 13.2-18.3.5, 18.4-18.4.3, 18.5-18.5.1 - Authenticated Missing Authorization via Packages API
Nov 15, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-2615
MEDIUM
GitLab <18.3.6-18.5.2 - Info Disclosure
Nov 15, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-11990
LOW
GitLab 18.4.0-18.4.3 & 18.5.0-18.5.1 CSRF Token Exposure via Input Validation Bypass
Nov 15, 2025
CVSS 3.1
EPSS 0.00