← Back

Gitlab

gitlab

1,402 CVEs • 11 products

Products (11)

Click to collapse
Toggle
Gitlab
gitlab
1,387 CVEs
Gitlab Shell
gitlab-shell
5 CVEs
Dynamic Application Security Testing Analyzer
dynamic_application_security_testing_analyzer
4 CVEs
Runner
runner
3 CVEs
Gitlab Vscode Extension
gitlab-vscode-extension
2 CVEs
Omnibus
omnibus
1 CVE
Gitaly
gitaly
1 CVE
Gitlab Runner
gitlab_runner
1 CVE
Dast Api Scanner
dast_api_scanner
1 CVE
\
1 CVE
Language Server
language_server
1 CVE

CVEs (1,402)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-5195
1Gitlab
1Gitlab
Aug 8, 2025
Jun 12, 2025
N/A· v4
4.3 MEDIUM· v3
N/A· v2
An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. It was possible for authenticated users to access arbitrary compliance framework...Show more
An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. It was possible for authenticated users to access arbitrary compliance frameworks, leading to unauthorized data disclosure.Show less
CVE-2025-0673
1Gitlab
1Gitlab
Aug 8, 2025
Jun 12, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2, allow an attacker to trigger an infinite redirect loop, potentially leading to a...Show more
An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2, allow an attacker to trigger an infinite redirect loop, potentially leading to a denial of service condition.Show less
CVE-2025-5996
1Gitlab
1Gitlab
Aug 8, 2025
Jun 12, 2025
N/A· v4
6.5 MEDIUM· v3
N/A· v2
An issue has been discovered in GitLab CE/EE affecting all versions from 2.1.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. A lack of input validation in HTTP responses could allow an authenticated user...Show more
An issue has been discovered in GitLab CE/EE affecting all versions from 2.1.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. A lack of input validation in HTTP responses could allow an authenticated user to cause denial of service.Show less
CVE-2025-4278
1Gitlab
1Gitlab
Aug 8, 2025
Jun 12, 2025
N/A· v4
8.7 HIGH· v3
N/A· v2
An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html injection in new search page could lead to account takeover.
CVE-2025-2254
1Gitlab
1Gitlab
Aug 8, 2025
Jun 12, 2025
N/A· v4
6.1 MEDIUM· v3
N/A· v2
An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper output encoding in the snipper viewer functionality lead to Cross-Site...Show more
An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper output encoding in the snipper viewer functionality lead to Cross-Site scripting attacks.Show less
CVE-2025-1516
1Gitlab
1Gitlab
Aug 8, 2025
Jun 12, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
An issue has been discovered in GitLab CE/EE affecting all versions from 8.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper input validation in Tokens Names could be used to trigger a denial of se...Show more
An issue has been discovered in GitLab CE/EE affecting all versions from 8.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper input validation in Tokens Names could be used to trigger a denial of service.Show less
CVE-2025-1478
1Gitlab
1Gitlab
Aug 8, 2025
Jun 12, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in Board Names could be used to trigger a denial of s...Show more
An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in Board Names could be used to trigger a denial of service.Show less
CVE-2025-1763
1Gitlab
1Gitlab
Aug 8, 2025
May 30, 2025
N/A· v4
8.7 HIGH· v3
N/A· v2
An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.6 before 17.9.7, 17.1...Show more
An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1.Show less
CVE-2024-9163
1Gitlab
1Gitlab
Aug 8, 2025
May 23, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs.
CVE-2024-7803
1Gitlab
1Gitlab
Aug 8, 2025
May 23, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A Discord webhook integration may cause DoS.
CVE-2025-0993
1Gitlab
1Gitlab
May 29, 2025
May 22, 2025
N/A· v4
6.5 MEDIUM· v3
N/A· v2
An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. This could allow an authenticated attacker to cause a denial of service condition by exhau...Show more
An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. This could allow an authenticated attacker to cause a denial of service condition by exhausting server resources.Show less
CVE-2025-0679
1Gitlab
1Gitlab
May 29, 2025
May 22, 2025
N/A· v4
4.3 MEDIUM· v3
N/A· v2
An issue has been discovered in GitLab CE/EE affecting all versions from 17.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Under certain conditions un-authorised users can view full email addresses that...Show more
An issue has been discovered in GitLab CE/EE affecting all versions from 17.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Under certain conditions un-authorised users can view full email addresses that should be partially obscured.Show less
CVE-2025-0605
1Gitlab
1Gitlab
May 29, 2025
May 22, 2025
N/A· v4
4.3 MEDIUM· v3
N/A· v2
An issue has been discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Group access controls could allow certain users to bypass two-factor authenticat...Show more
An issue has been discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Group access controls could allow certain users to bypass two-factor authentication requirements.Show less
CVE-2024-12093
1Gitlab
1Gitlab
Aug 8, 2025
May 22, 2025
N/A· v4
6.8 MEDIUM· v3
N/A· v2
An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Improper XPath validation allows modified SAML response to bypass 2FA requiremen...Show more
An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Improper XPath validation allows modified SAML response to bypass 2FA requirement under specialized conditions.Show less
CVE-2025-4979
1Gitlab
1Gitlab
Aug 8, 2025
May 22, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. An attacker may be able to reveal masked or hidden CI variables (that they did not author)...Show more
An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. An attacker may be able to reveal masked or hidden CI variables (that they did not author) in the WebUI, by simply creating their own variable and observing the HTTP response.Show less
CVE-2025-3111
1Gitlab
1Gitlab
May 29, 2025
May 22, 2025
N/A· v4
6.5 MEDIUM· v3
N/A· v2
An issue has been discovered in GitLab CE/EE affecting all versions from 10.2 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in the Kubernetes integration could allow an authenti...Show more
An issue has been discovered in GitLab CE/EE affecting all versions from 10.2 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in the Kubernetes integration could allow an authenticated user to cause denial of service..Show less
CVE-2025-2853
1Gitlab
1Gitlab
May 29, 2025
May 22, 2025
N/A· v4
6.5 MEDIUM· v3
N/A· v2
An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of proper validation in GitLab could allow an authenticated user to cause a denial...Show more
An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of proper validation in GitLab could allow an authenticated user to cause a denial of service condition.Show less
CVE-2025-1110
1Gitlab
1Gitlab
May 29, 2025
May 22, 2025
N/A· v4
4.3 MEDIUM· v3
N/A· v2
An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 before 18.0.1. In certain circumstances, a user with limited permissions could access Job Data via a crafted GraphQL query.
CVE-2025-1278
1Gitlab
1Gitlab
Aug 8, 2025
May 9, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
An issue has been discovered in GitLab CE/EE affecting all versions from 12.0 before 17.9.8, 17.10 before 17.10.6, and 17.11 before 17.11.2. Under certain conditions users could bypass IP access restrictions and view sen...Show more
An issue has been discovered in GitLab CE/EE affecting all versions from 12.0 before 17.9.8, 17.10 before 17.10.6, and 17.11 before 17.11.2. Under certain conditions users could bypass IP access restrictions and view sensitive information.Show less
CVE-2025-0549
1Gitlab
1Gitlab
Aug 8, 2025
May 9, 2025
N/A· v4
6.8 MEDIUM· v3
N/A· v2
An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.3 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. A security vulnerability allows attackers to bypass De...Show more
An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.3 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. A security vulnerability allows attackers to bypass Device OAuth flow protections, enabling authorization form submission through minimal user interaction.Show less