GitLab CVE 脆弱性と CVE 一覧(1,414)

製品(CPE): — CVE 件数: 1,414

GitLab 脆弱性概要

GitLab 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。

公開された問題は vendor risk cross-site scripting、パス処理の欠陥, and vendor risk ssrf に関連することが多く、vendor surface automation pipelines and vendor surface build workflows の文脈で vendor impact session compromise and ファイル上書き などの暴露リスクを伴う場合があります。

掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。

脆弱性分布の推移(直近24か月)

表示中 141160 / 1414 CVE 件数
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2025-13761 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an unauthenticated user to execute arbitrary code in the context of an authenticated user's browser by convincing the legitimate user to visit a specially crafted webpage. [email protected] 8.0 0.57% 2026-01-09 2026-06-29
CVE-2025-11246 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user with specific permissions to remove all project runners from unrelated projects by manipulating GraphQL runner associations. [email protected] 5.4 0.39% 2026-01-09 2026-06-17
CVE-2025-10569 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to create a denial of service condition by providing crafted responses to external API calls. [email protected] 6.5 0.48% 2026-01-09 2026-06-17
CVE-2025-12734 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to, under certain conditions, render content in dialogs to other users by injecting malicious HTML content into merge request titles. [email protected] 3.5 0.23% 2025-12-11 2026-06-17
CVE-2025-12029 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have, under certain circumstances, allowed an unauthenticated user to perform unauthorized actions on behalf of another user by injecting malicious external scripts into the Swagger UI." [email protected] 8.0 0.50% 2025-12-11 2026-06-17
CVE-2025-8405 GitLab has remediated a security issue in GitLab CE/EE affecting all versions from 17.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to perform unauthorized actions on behalf of other users by injecting malicious HTML into vulnerability code flow displays. [email protected] 7.7 0.49% 2025-12-11 2026-06-17
CVE-2025-4097 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to cause a denial of service condition by uploading specially crafted images. [email protected] 6.5 0.26% 2025-12-11 2026-06-17
CVE-2025-11984 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to bypass WebAuthn two-factor authentication by manipulating the session state under certain conditions. [email protected] 6.8 0.27% 2025-12-11 2026-06-17
CVE-2025-11247 GitLab has remediated an issue in GitLab EE affecting all versions from 13.2 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to disclose sensitive information from private projects by executing specifically crafted GraphQL queries. [email protected] 4.3 0.21% 2025-12-11 2026-06-17
CVE-2025-14157 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 6.3 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to cause a Denial of Service condition by sending crafted API calls with large content parameters. [email protected] 6.5 0.27% 2025-12-10 2026-06-17
CVE-2025-13978 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.5 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to discover the names of private projects they do not have access through API requests. [email protected] 4.3 0.26% 2025-12-10 2026-06-17
CVE-2025-12716 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that, under certain conditions could have allowed an authenticated user to perform unauthorized actions on behalf of another user by creating wiki pages with malicious content. [email protected] 8.7 0.40% 2025-12-10 2026-06-17
CVE-2025-12562 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an unauthenticated user to create a denial of service condition by sending crafted GraphQL queries that bypass query complexity limits. [email protected] 7.5 0.76% 2025-12-10 2026-06-17
CVE-2024-9183 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 prior to 18.4.5, 18.5 prior to 18.5.3, and 18.6 prior to 18.6.1 that could have allowed an authenticated user to obtain credentials from higher-privileged users and perform actions in their context under specific conditions. [email protected] 7.7 0.21% 2025-12-05 2026-06-17
CVE-2025-7449 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user with specific permissions to cause a denial of service condition through HTTP response processing. [email protected] 6.5 0.36% 2025-11-26 2026-06-17
CVE-2025-6195 GitLab has remediated an issue in GitLab EE affecting all versions from 13.7 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user to view information from security reports under certain configuration conditions. [email protected] 4.3 0.27% 2025-11-26 2026-06-17
CVE-2025-13611 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.5.5 and 18.6 before 18.6.3 that could have allowed an authenticated user with access to certain logs to obtain sensitive tokens under specific conditions. [email protected] 2.0 0.21% 2025-11-26 2026-06-17
CVE-2025-12653 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that under specific conditions could have allowed an unauthenticated user to join arbitrary organizations by changing headers on some requests. [email protected] 6.5 0.25% 2025-11-26 2026-06-17
CVE-2025-12571 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an unauthenticated user to cause a Denial of Service condition by sending specifically crafted requests containing malicious JSON payloads. [email protected] 7.5 0.44% 2025-11-26 2026-06-17
CVE-2025-9825 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 to 18.2.8, 18.3 before 18.3.4, and 18.4 before 18.4.2 that could have allowed authenticated users without project membership to view sensitive manual CI/CD variables by querying the GraphQL API. [email protected] 5.0 0.30% 2025-11-21 2026-06-17
cvelogic Threat Intelligence