gitlab

CVE-2025-1478 MEDIUM

GitLab 8.13-17.10.6, 17.11-17.11.2, 18.0 - Denial of Service via Board Name Input

Jun 12, 2025

CVSS 6.5

EPSS 0.00

CVE-2025-1763 HIGH

GitLab 16.6-17.9.6, 17.10-17.10.4, 17.11 - Cross-Site Scripting and Content Security Policy Bypass

May 30, 2025

CVSS 8.7

EPSS 0.00

CVE-2025-0993 HIGH

GitLab < 17.10.7, 17.11 < 17.11.3, 18.0 < 18.0.1 - Authenticated Denial of Service via Resource Exhaustion

May 22, 2025

CVSS 7.5

EPSS 0.00

CVE-2025-0679 MEDIUM

GitLab CE/EE <17.10.7-18.0.1 - Info Disclosure

May 22, 2025

CVSS 4.3

EPSS 0.00

CVE-2025-0605 MEDIUM

GitLab CE/EE <17.10.7-18.0.1 - Auth Bypass

May 22, 2025

CVSS 4.6

EPSS 0.00

CVE-2025-4979 MEDIUM

GitLab CE/EE <17.10.7-18.0.1 - Info Disclosure

May 22, 2025

CVSS 4.9

EPSS 0.00

CVE-2025-3111 MEDIUM

GitLab 10.2-17.10.6, 17.11-17.11.2, 18.0 - Authenticated Denial of Service via Kubernetes Integration

May 22, 2025

CVSS 6.5

EPSS 0.00

CVE-2025-2853 MEDIUM

GitLab < 17.10.7, 17.11 < 17.11.3, 18.0 < 18.0.1 - Authenticated Denial of Service

May 22, 2025

CVSS 6.5

EPSS 0.00

CVE-2025-1110 LOW

GitLab 18.0 - Insufficient Granularity of Access Control via GraphQL Query

May 22, 2025

CVSS 2.7

EPSS 0.00

CVE-2025-1278 MEDIUM

GitLab CE/EE <17.9.8-17.11.2 - Auth Bypass

May 09, 2025

CVSS 5.3

EPSS 0.00

CVE-2025-0549 MEDIUM

GitLab CE/EE <17.9.8, <17.10.6, <17.11.2 - Auth Bypass

May 09, 2025

CVSS 6.8

EPSS 0.00

CVE-2025-1908 HIGH

GitLab EE/CE <17.9.7-17.11.1 - Info Disclosure

Apr 24, 2025

CVSS 7.7

EPSS 0.00

CVE-2025-0639 MEDIUM

GitLab 16.7-17.9.6, 17.10-17.10.4, 17.11 - Denial of Service via Issue Preview

Apr 24, 2025

CVSS 6.5

EPSS 0.00

CVE-2025-0362 MEDIUM

GitLab CE/EE <17.8.7-17.10.4 - CSRF

Apr 10, 2025

CVSS 6.4

EPSS 0.00

CVE-2025-2469 LOW

GitLab CE/EE <17.9.6, <17.10.4 - Info Disclosure

Apr 10, 2025

CVSS 3.7

EPSS 0.00

CVE-2025-2408 MEDIUM

GitLab CE/EE <17.8.7-17.10.4 - Auth Bypass

Apr 10, 2025

CVSS 5.3

EPSS 0.00

CVE-2025-1677 MEDIUM

GitLab < 17.8.7, 17.9 < 17.9.6, 17.10 < 17.10.4 - Denial of Service via CI Pipeline Export Payload Injection

Apr 10, 2025

CVSS 6.5

EPSS 0.00

CVE-2025-2867 MEDIUM

GitLab 17.8.0-17.8.5, 17.9.0-17.9.2, 17.10.0 - Unauthorized Sensitive Data Exposure via AI-Assisted Development Feature

Mar 27, 2025

CVSS 4.4

EPSS 0.00

CVE-2025-2255 HIGH

GitLab 13.5.0-17.8.5, 17.9.0-17.9.2, 17.10.0 - Cross-Site Scripting in AppSec Error Messages

Mar 27, 2025

CVSS 8.7

EPSS 0.00

CVE-2025-2242 HIGH

GitLab 17.4-17.8.5, 17.9-17.9.2, 17.10 - Incorrect Authorization

Mar 27, 2025

CVSS 7.5

EPSS 0.00

CVE-2025-0811 HIGH

GitLab 17.7-17.8.5, 17.9-17.9.2, 17.10 - Cross-Site Scripting via File Rendering

Mar 27, 2025

CVSS 8.7

EPSS 0.00

CVE-2025-1257 MEDIUM

GitLab 12.3.0-17.7.6, 17.8.0-17.8.4, 17.9.0-17.9.1 - Denial of Service via API Input Manipulation

Mar 13, 2025

CVSS 6.5

EPSS 0.00

CVE-2025-0652 MEDIUM

GitLab EE/CE <17.7.7-17.9.2 - Info Disclosure

Mar 13, 2025

CVSS 4.3

EPSS 0.00

CVE-2025-2045 MEDIUM

GitLab 17.7.0-17.7.5, 17.8.0-17.8.3, 17.9.0 - Incorrect Authorization

Mar 06, 2025

CVSS 4.3

EPSS 0.00

CVE-2025-1540 LOW

GitLab 17.5-17.6.4, 17.7-17.7.3, 17.8-17.8.1 - Incorrect Authorization for External Users

Mar 06, 2025

CVSS 3.1

EPSS 0.00