gitlab

1,423 tracked vulnerabilities.

CVE-2025-1250 MEDIUM
GitLab CE/EE <18.1.6-18.3.2 - Privilege Escalation
Sep 12, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-10094 MEDIUM
GitLab CE/EE <18.1.6-18.3.2 - Privilege Escalation
Sep 12, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-5101 MEDIUM
GitLab < 18.1.5, 18.2 < 18.2.5, 18.3 < 18.3.1 - Authenticated Code Injection via Branch/Tag Ambiguity
Aug 27, 2025
CVSS 5.0
EPSS 0.00
CVE-2025-4225 MEDIUM
GitLab 14.1-18.1.4, 18.2-18.2.4, 18.3-18.3.0 - Unauthenticated Denial of Service via GraphQL Requests
Aug 27, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-3601 MEDIUM
GitLab 8.15-18.1.4, 18.2-18.2.4, 18.3-18.3.0 - Authenticated Denial of Service via Large URL Response
Aug 27, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-2246 MEDIUM
GitLab < 18.1.5, 18.2 < 18.2.5, 18.3 < 18.3.1 - Unauthenticated Sensitive CI/CD Variable Exposure via GraphQL API
Aug 27, 2025
CVSS 5.8
EPSS 0.00
CVE-2025-8770 MEDIUM
GitLab 18.0-18.0.6, 18.1-18.1.4, 18.2-18.2.2 - Merge Request Approval Policy Bypass
Aug 13, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-7739 HIGH
GitLab 18.2.0-18.2.1 - Authenticated Stored Cross-Site Scripting in Scoped Label Descriptions
Aug 13, 2025
CVSS 8.7
EPSS 0.00
CVE-2025-7734 HIGH
GitLab CE/EE <18.0.6-18.2.2 - Code Injection
Aug 13, 2025
CVSS 8.7
EPSS 0.00
CVE-2025-6186 HIGH
GitLab 18.1-18.1.4 and 18.2-18.2.2 - Authenticated Account Takeover via Work Item Name HTML Injection
Aug 13, 2025
CVSS 8.7
EPSS 0.00
CVE-2025-5819 MEDIUM
GitLab CE/EE <18.0.6-18.2.2 - Info Disclosure
Aug 13, 2025
CVSS 5.0
EPSS 0.00
CVE-2025-2937 MEDIUM
GitLab 13.2-18.0.5, 18.1-18.1.3, 18.2-18.2.1 - Authenticated Denial of Service via Wiki Markdown Payload
Aug 13, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-2614 MEDIUM
GitLab 11.6-18.0.5, 18.1-18.1.3, 18.2-18.2.1 - Authenticated Denial of Service via Resource Exhaustion
Aug 13, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-2498 LOW
Gitlab EE <18.0.6-18.2.2 - Auth Bypass
Aug 13, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-1477 MEDIUM
GitLab 8.14-18.0.5, 18.1-18.1.3, 18.2-18.2.1 - Unauthenticated Denial of Service via Integration API Endpoints
Aug 13, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-8279 HIGH
GitLab Language Server 7.6.0-7.29.9 - Unauthenticated Arbitrary GraphQL Query Execution
Jul 28, 2025
CVSS 8.7
EPSS 0.00
CVE-2025-7001 MEDIUM
GitLab CE/EE <18.0.5-18.2.1 - Privilege Escalation
Jul 24, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-4976 MEDIUM
GitLab EE <18.0.5-18.2.1 - Info Disclosure
Jul 24, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-1299 MEDIUM
GitLab 15.4-17.12, 18.0-18.0.4, 18.1-18.1.2, 18.2 - Unauthenticated Deployment Job Log Disclosure via Crafted Request
Jul 24, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-0765 MEDIUM
GitLab CE/EE <18.0.5-18.2.1 - Info Disclosure
Jul 24, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-4700 HIGH
GitLab 15.10-18.0.4, 18.1-18.1.2, 18.2-18.2.0 - Cross-Site Scripting
Jul 23, 2025
CVSS 8.7
EPSS 0.00
CVE-2025-4439 HIGH
GitLab 15.10-17.12, 18.0-18.0.4, 18.1-18.1.2, 18.2-18.2.0 - Authenticated Cross-Site Scripting via CDN-Served Instance
Jul 23, 2025
CVSS 7.7
EPSS 0.00
CVE-2025-6948 HIGH
GitLab 17.11.0-17.11.5, 18.0.0-18.0.3, 18.1.0-18.1.1 - Cross-Site Scripting
Jul 10, 2025
CVSS 8.7
EPSS 0.00
CVE-2025-6168 LOW
GitLab 18.0.0-18.0.3 - Authenticated Group Invitation Restriction Bypass via Crafted API Requests
Jul 10, 2025
CVSS 2.7
EPSS 0.00
CVE-2025-4972 LOW
GitLab 18.0.0-18.0.3 - Authenticated Invitation Restriction Bypass via Group Invitation Manipulation
Jul 10, 2025
CVSS 2.7
EPSS 0.00