Filtered by vendor Gitlab
Subscriptions
Total
1226 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-2256 | 1 Gitlab | 1 Gitlab | 2025-09-15 | 7.5 High |
| An issue has been discovered in GitLab CE/EE affecting all versions from 7.12 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed unauthorized users to render the GitLab instance unresponsive to legitimate users by sending multiple concurrent large SAML responses. | ||||
| CVE-2025-6454 | 1 Gitlab | 1 Gitlab | 2025-09-15 | 8.5 High |
| An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to make unintended internal requests through proxy environments by injecting crafted sequences. | ||||
| CVE-2025-1250 | 1 Gitlab | 1 Gitlab | 2025-09-15 | 6.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user to stall background job processing by sending specially crafted commit messages, merge request descriptions, or notes. | ||||
| CVE-2025-10094 | 1 Gitlab | 1 Gitlab | 2025-09-15 | 6.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to disrupt access to token listings and related administrative operations by creating tokens with excessively large names. | ||||
| CVE-2025-6769 | 1 Gitlab | 1 Gitlab | 2025-09-15 | 4.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 15.1 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to view administrator-only maintenance notes by accessing runner details through specific interfaces. | ||||
| CVE-2025-7337 | 1 Gitlab | 1 Gitlab | 2025-09-15 | 6.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 7.8 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user with Developer-level access to cause a persistent denial of service affecting all users on a GitLab instance by uploading large files. | ||||
| CVE-2025-2246 | 1 Gitlab | 1 Gitlab | 2025-09-02 | 5.8 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have allowed unauthenticated users to access sensitive manual CI/CD variables by querying the GraphQL API. | ||||
| CVE-2025-3601 | 1 Gitlab | 1 Gitlab | 2025-09-02 | 6.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 8.15 before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have could have allowed an authenticated user to cause a Denial of Service (DoS) condition by submitting URLs that generate excessively large responses. | ||||
| CVE-2025-4225 | 1 Gitlab | 1 Gitlab | 2025-09-02 | 5.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 14.1 before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that that under certain conditions could have allowed an unauthenticated attacker to cause a denial-of-service condition affecting all users by sending specially crafted GraphQL requests. | ||||
| CVE-2025-5101 | 1 Gitlab | 1 Gitlab | 2025-09-02 | 5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that under certain conditions could have allowed an authenticated attacker to distribute malicious code that appears harmless in the web interface by taking advantage of ambiguity between branches and tags during repository imports. | ||||
| CVE-2025-5819 | 1 Gitlab | 1 Gitlab | 2025-08-29 | 5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 15.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users with developer access to obtain ID tokens for protected branches under certain circumstances. | ||||
| CVE-2024-10925 | 1 Gitlab | 1 Gitlab | 2025-08-26 | 5.3 Medium |
| A vulnerability in GitLab-EE affecting all versions from 16.2 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows a Guest user to read Security policy YAML | ||||
| CVE-2025-8770 | 1 Gitlab | 1 Gitlab | 2025-08-15 | 6.5 Medium |
| An issue has been discovered in GitLab EE affecting all versions from 18.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that could have allowed authenticated users with specific access to bypass merge request approval policies by manipulating approval rule identifiers. | ||||
| CVE-2025-7739 | 1 Gitlab | 1 Gitlab | 2025-08-15 | 8.7 High |
| An issue has been discovered in GitLab CE/EE affecting all versions from 18.2 before 18.2.2 that, under certain conditions, could have allowed authenticated users to achieve stored cross-site scripting by injecting malicious HTML content in scoped label descriptions. | ||||
| CVE-2025-7734 | 1 Gitlab | 1 Gitlab | 2025-08-15 | 8.7 High |
| An issue has been discovered in GitLab CE/EE affecting all versions from 14.2 before 18.0.6, 18.1 before 18.1.4 and 18.2 before 18.2.2 that, under certain conditions, could have allowed a successful attacker to execute actions on behalf of users by injecting malicious content. | ||||
| CVE-2025-6186 | 1 Gitlab | 1 Gitlab | 2025-08-15 | 8.7 High |
| An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to achieve account takeover by injecting malicious HTML into work item names. | ||||
| CVE-2025-2937 | 1 Gitlab | 1 Gitlab | 2025-08-15 | 6.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 13.2 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to create a denial of service condition by sending specially crafted markdown payloads to the Wiki feature. | ||||
| CVE-2025-2614 | 1 Gitlab | 1 Gitlab | 2025-08-15 | 6.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an authenticated user to cause a denial of service condition by creating specially crafted content that consumes excessive server resources when processed. | ||||
| CVE-2025-2498 | 1 Gitlab | 1 Gitlab | 2025-08-15 | 3.1 Low |
| An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that under certain conditions could have allowed users to view assigned issues from restricted groups by bypassing IP restrictions. | ||||
| CVE-2025-1477 | 1 Gitlab | 1 Gitlab | 2025-08-15 | 6.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 8.14 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an unauthenticated user to create a denial of service condition by sending specially crafted payloads to specific integration API endpoints. | ||||