GitLab CVE Vulnerabilities & CVE List (1,421)

Products (CPE): — CVEs: 1,421

GitLab vulnerability overview

Aggregates CVE and security vulnerability intelligence across all GitLab-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Historical issues mainly involve vendor risk cross-site scripting, vendor risk path handling, and vendor risk ssrf and related problems; some flaws may lead to vendor impact session compromise and vendor impact file overwrite.

Vulnerability distribution trend (last 24 months)

Showing 121140 of 1421 CVEs
«« First « Prev Page 7 / 72 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2025-14103 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthorized user with Developer-role permissions to set pipeline variables for manually triggered jobs under certain conditions. [email protected] 4.3 0.19% 2026-02-25 2026-06-17
CVE-2026-1458 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an unauthenticated user to cause denial of service by uploading malicious files. [email protected] 6.5 0.36% 2026-02-11 2026-06-17
CVE-2026-1456 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through CPU exhaustion by submitting specially crafted markdown files that trigger exponential processing in markdown preview. [email protected] 6.5 0.36% 2026-02-11 2026-06-17
CVE-2026-1387 GitLab has remediated an issue in GitLab EE affecting all versions from 15.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to cause Denial of Service by uploading a malicious file and repeatedly querying it through GraphQl. [email protected] 6.5 0.29% 2026-02-11 2026-06-17
CVE-2026-1282 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to inject malicious content into project labels titles. [email protected] 3.5 0.16% 2026-02-11 2026-06-17
CVE-2026-1094 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI. [email protected] 4.6 0.16% 2026-02-11 2026-06-17
CVE-2026-1080 GitLab has remediated an issue in GitLab EE affecting all versions from 16.7 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to access iteration data from private descendant groups by querying the iterations API endpoint. [email protected] 4.3 0.19% 2026-02-11 2026-06-17
CVE-2026-0958 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through memory or CPU exhaustion by bypassing JSON validation middleware limits. [email protected] 7.5 0.39% 2026-02-11 2026-06-17
CVE-2026-0595 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.9 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to add unauthorized email addresses to victim accounts through HTML injection in test case titles. [email protected] 7.3 0.22% 2026-02-11 2026-06-17
CVE-2025-8099 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.8 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an unauthenticated user to cause denial of service by sending repeated GraphQL queries. [email protected] 7.5 0.40% 2026-02-11 2026-06-17
CVE-2025-7659 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to steal tokens and access private repositories by abusing incomplete validation in the Web IDE. [email protected] 8.0 0.18% 2026-02-11 2026-06-17
CVE-2025-14594 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to view certain pipeline values by querying the API. [email protected] 3.5 0.16% 2026-02-11 2026-06-17
CVE-2025-14592 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized operations by submitting GraphQL mutations through the GLQL API endpoint. [email protected] 3.7 0.25% 2026-02-11 2026-06-17
CVE-2025-14560 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized actions on behalf of another user by injecting malicious content into vulnerability code flow. [email protected] 7.3 0.22% 2026-02-11 2026-06-17
CVE-2025-12575 GitLab has remediated an issue in GitLab EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user with certain permissions to make unauthorized requests to internal network services through the GitLab server. [email protected] 5.4 0.16% 2026-02-11 2026-06-17
CVE-2025-12073 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an authenticated user to perform server-side request forgery against internal services by bypassing protections in the Git repository import functionality. [email protected] 4.3 0.23% 2026-02-11 2026-06-17
CVE-2026-1751 A vulnerability has been discovered in GitLab CE/EE affecting all versions starting with 16.8 before 18.5.0 that could have allowed unauthorized edits to merge request approval rules under certain conditions. [email protected] 3.1 0.18% 2026-02-02 2026-06-17
CVE-2026-1102 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to create a denial of service condition by sending repeated malformed SSH authentication requests. [email protected] 5.3 0.54% 2026-01-22 2026-06-17
CVE-2026-0723 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an individual with existing knowledge of a victim's credential ID to bypass two-factor authentication by submitting forged device responses. [email protected] 7.4 0.83% 2026-01-22 2026-06-17
CVE-2025-13928 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to cause a denial of service condition by exploiting incorrect authorization validation in API endpoints. [email protected] 7.5 0.71% 2026-01-22 2026-06-17
«« First « Prev Page 7 / 72 Next »
cvelogic Threat Intelligence