gitlab

CVE-2025-8279 HIGH

GitLab Language Server 7.6.0-7.29.9 - Unauthenticated Arbitrary GraphQL Query Execution

Jul 28, 2025

CVSS 8.7

EPSS 0.00

CVE-2025-7001 MEDIUM

GitLab CE/EE <18.0.5-18.2.1 - Privilege Escalation

Jul 24, 2025

CVSS 4.3

EPSS 0.00

CVE-2025-4976 MEDIUM

GitLab EE <18.0.5-18.2.1 - Info Disclosure

Jul 24, 2025

CVSS 4.3

EPSS 0.00

CVE-2025-1299 MEDIUM

GitLab 15.4-17.12, 18.0-18.0.4, 18.1-18.1.2, 18.2 - Unauthenticated Deployment Job Log Disclosure via Crafted Request

Jul 24, 2025

CVSS 4.3

EPSS 0.00

CVE-2025-0765 MEDIUM

GitLab CE/EE <18.0.5-18.2.1 - Info Disclosure

Jul 24, 2025

CVSS 4.3

EPSS 0.00

CVE-2025-4700 HIGH

GitLab 15.10-18.0.4, 18.1-18.1.2, 18.2-18.2.0 - Cross-Site Scripting

Jul 23, 2025

CVSS 8.7

EPSS 0.00

CVE-2025-4439 HIGH

GitLab 15.10-17.12, 18.0-18.0.4, 18.1-18.1.2, 18.2-18.2.0 - Authenticated Cross-Site Scripting via CDN-Served Instance

Jul 23, 2025

CVSS 7.7

EPSS 0.00

CVE-2025-6948 HIGH

GitLab 17.11.0-17.11.5, 18.0.0-18.0.3, 18.1.0-18.1.1 - Cross-Site Scripting

Jul 10, 2025

CVSS 8.7

EPSS 0.00

CVE-2025-6168 LOW

GitLab 18.0.0-18.0.3 - Authenticated Group Invitation Restriction Bypass via Crafted API Requests

Jul 10, 2025

CVSS 2.7

EPSS 0.00

CVE-2025-4972 LOW

GitLab 18.0.0-18.0.3 - Authenticated Invitation Restriction Bypass via Group Invitation Manipulation

Jul 10, 2025

CVSS 2.7

EPSS 0.00

CVE-2025-3396 MEDIUM

GitLab EE <17.11.6, <18.0.4, <18.1.2 - Auth Bypass

Jul 10, 2025

CVSS 4.3

EPSS 0.00

CVE-2025-5846 LOW

GitLab EE <17.11.5-18.1.1 - Privilege Escalation

Jun 26, 2025

CVSS 2.7

EPSS 0.00

CVE-2025-5315 MEDIUM

GitLab 17.2-17.11.5, 18.0-18.0.3, 18.1-18.1.1 - Authenticated Missing Authorization via Crafted API Requests

Jun 26, 2025

CVSS 4.3

EPSS 0.00

CVE-2025-3279 MEDIUM

GitLab 10.7-17.11.4, 18.0-18.0.2, 18.1 - Authenticated Denial of Service via Crafted GraphQL Requests

Jun 26, 2025

CVSS 6.5

EPSS 0.00

CVE-2025-2938 LOW

GitLab CE/EE <17.11.5, <18.0.3, <18.1.1 - Privilege Escalation

Jun 26, 2025

CVSS 3.1

EPSS 0.00

CVE-2025-1754 MEDIUM

GitLab CE/EE <17.11.5, <18.0.3, <18.1.1 - Unauthenticated File Upload

Jun 26, 2025

CVSS 5.3

EPSS 0.00

CVE-2025-5121 HIGH

GitLab 17.11.0-17.11.3 and 18.0.0-18.0.1 - Missing Authorization in Compliance Framework Application

Jun 20, 2025

CVSS 8.5

EPSS 0.00

CVE-2025-2443 HIGH

GitLab 16.6-17.9.6, 17.10-17.10.4, 17.11 - Cross-Site Scripting and Content Security Policy Bypass

Jun 20, 2025

CVSS 8.7

EPSS 0.00

CVE-2025-5982 LOW

GitLab EE <17.10.8-18.0.2 - Auth Bypass

Jun 12, 2025

CVSS 3.7

EPSS 0.00

CVE-2025-5195 MEDIUM

GitLab 17.9-17.10.6, 17.11-17.11.2, 18.0 - Authenticated Authorization Bypass via Compliance Framework Access

Jun 12, 2025

CVSS 4.3

EPSS 0.00

CVE-2025-0673 HIGH

GitLab CE/EE <17.10.8-18.0.2 - Open Redirect

Jun 12, 2025

CVSS 7.5

EPSS 0.00

CVE-2025-5996 MEDIUM

GitLab 2.1.0-17.10.7, 17.11.0-17.11.3, 18.0.0-18.0.1 - DoS via HTTP Response Input Validation Bypass

Jun 12, 2025

CVSS 6.5

EPSS 0.00

CVE-2025-4278 HIGH

GitLab 18.0.0-18.0.1 - HTML Injection in New Search Page

Jun 12, 2025

CVSS 8.7

EPSS 0.00

CVE-2025-2254 HIGH

GitLab 17.9-17.10.8, 17.11-17.11.4, 18.0-18.0.2 - Cross-Site Scripting in Snippet Viewer

Jun 12, 2025

CVSS 8.7

EPSS 0.00

CVE-2025-1516 MEDIUM

GitLab 8.7-17.10.7, 17.11-17.11.3, 18.0-18.0.1 - Denial of Service via Token Name Input Validation

Jun 12, 2025

CVSS 6.5

EPSS 0.00