gitlab
1,423 tracked vulnerabilities.
CVE-2025-11865
MEDIUM
GitLab 18.1-18.3.6, 18.4-18.4.4, 18.5-18.5.2 - Incorrect Authorization
Nov 15, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-11702
HIGH
GitLab 17.1.0-18.3.4, 18.4.0-18.4.2, 18.5.0 - Authenticated Project Runner Hijacking via Missing Authorization
Oct 29, 2025
CVSS 8.5
EPSS 0.01
CVE-2025-6601
LOW
GitLab EE <18.4.3-18.5.1 - Privilege Escalation
Oct 27, 2025
CVSS 2.7
EPSS 0.00
CVE-2025-11989
LOW
GitLab 17.6.0-18.3.4, 18.4-18.4.2, 18.5 - Authenticated Missing Authorization via Quick Action Command Injection
Oct 27, 2025
CVSS 3.7
EPSS 0.00
CVE-2025-11974
MEDIUM
GitLab 11.7-18.3.4, 18.4-18.4.2, 18.5 - Unauthenticated Denial of Service via Large File Upload
Oct 27, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-11971
MEDIUM
GitLab 10.6.0-18.3.4, 18.4.0-18.4.2, 18.5.0 - Authenticated Unauthorized Pipeline Execution via Commit Manipulation
Oct 27, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-11447
HIGH
GitLab 11.0-18.3.4, 18.4.0-18.4.2, 18.5.0 - Unauthenticated Denial of Service via Crafted GraphQL JSON Payloads
Oct 27, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-10497
HIGH
GitLab 17.10-18.3.4, 18.4-18.4.2, 18.5 - Unauthenticated Denial of Service via Crafted Payloads
Oct 27, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-2934
MEDIUM
GitLab 5.2-18.2.7, 18.3-18.3.3, 18.4-18.4.1 - Authenticated Denial of Service via Malicious Webhook Endpoint
Oct 09, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-11340
HIGH
GitLab EE <18.3.4-18.4.2 - Privilege Escalation
Oct 09, 2025
CVSS 7.7
EPSS 0.00
CVE-2025-10004
HIGH
GitLab 13.12-18.2.8, 18.3-18.3.4, 18.4-18.4.2 - Denial of Service via Crafted GraphQL Queries
Oct 09, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-8014
HIGH
GitLab 11.10-18.2.6, 18.3-18.3.2, 18.4-18.4.0 - Unauthenticated Denial of Service via GraphQL Query Complexity Bypass
Sep 27, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-5069
LOW
GitLab CE/EE <18.2.7-18.4.1 - Privilege Escalation
Sep 26, 2025
CVSS 3.5
EPSS 0.00
CVE-2025-11042
MEDIUM
GitLab 17.2-18.2.6, 18.3-18.3.2, 18.4 - Denial of Service via GraphQL Query
Sep 26, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-10868
LOW
GitLab CE/EE <18.2.7-18.4.1 - Info Disclosure
Sep 26, 2025
CVSS 3.5
EPSS 0.00
CVE-2025-9958
HIGH
GitLab CE/EE <18.2.7-18.4.1 - Info Disclosure
Sep 26, 2025
CVSS 7.7
EPSS 0.00
CVE-2025-9642
HIGH
GitLab 14.10-18.2.6, 18.3-18.3.2, 18.4 - Cross-Site Scripting
Sep 26, 2025
CVSS 8.7
EPSS 0.01
CVE-2025-7691
MEDIUM
GitLab EE <18.2.7-<18.3.3-<18.4.1 - Privilege Escalation
Sep 26, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-10871
LOW
GitLab EE 16.6-18.2.6, 18.3-18.3.2, 18.4 - Authenticated Privilege Escalation via Custom Role Assignment
Sep 26, 2025
CVSS 3.8
EPSS 0.00
CVE-2025-10867
LOW
GitLab 18.1-18.2.6, 18.3-18.3.2, 18.4-18.4.0 - Authenticated Denial of Service via GraphQL API
Sep 26, 2025
CVSS 3.5
EPSS 0.00
CVE-2025-10858
HIGH
GitLab < 18.2.7, 18.3 < 18.3.3, 18.4 < 18.4.1 - Unauthenticated Denial of Service via Large JSON File Upload
Sep 26, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-7337
MEDIUM
GitLab 7.8-18.1.5, 18.2-18.2.5, 18.3-18.3.1 - Authenticated Denial of Service via Large File Upload
Sep 12, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-6769
MEDIUM
GitLab CE/EE <18.1.6-18.3.2 - Info Disclosure
Sep 12, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-6454
HIGH
GitLab 16.11-18.1.5, 18.2-18.2.5, 18.3-18.3.1 - Authenticated Server-Side Request Forgery via Proxy Request Injection
Sep 12, 2025
CVSS 8.5
EPSS 0.01
CVE-2025-2256
HIGH
GitLab 7.12-18.1.5, 18.2-18.2.5, 18.3-18.3.1 - Denial of Service via Large SAML Responses
Sep 12, 2025
CVSS 7.5
EPSS 0.00