GitLab CVE Vulnerabilities & CVE List (1,422)

Products (CPE): — CVEs: 1,422

GitLab vulnerability overview

Aggregates CVE and security vulnerability intelligence across all GitLab-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Historical issues mainly involve vendor risk cross-site scripting, vendor risk path handling, and vendor risk ssrf and related problems; some flaws may lead to vendor impact session compromise and vendor impact file overwrite.

Vulnerability distribution trend (last 24 months)

Showing 141160 of 1422 CVEs
«« First « Prev Page 8 / 72 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2025-13928 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to cause a denial of service condition by exploiting incorrect authorization validation in API endpoints. [email protected] 7.5 0.71% 2026-01-22 2026-06-17
CVE-2025-13927 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.9 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to create a denial of service condition by sending crafted requests with malformed authentication data. [email protected] 7.5 0.85% 2026-01-22 2026-06-17
CVE-2025-13335 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that under certain circumstances could have allowed an authenticated user to create a denial of service condition by configuring malformed Wiki documents that bypass cycle detection. [email protected] 6.5 0.52% 2026-01-22 2026-06-17
CVE-2025-11224 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to execute stored cross-site scripting through improper input validation in the Kubernetes proxy functionality. [email protected] 7.7 0.31% 2026-01-14 2026-06-17
CVE-2025-9222 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2.2 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to achieve stored cross-site scripting by exploiting GitLab Flavored Markdown. [email protected] 8.7 0.35% 2026-01-09 2026-06-29
CVE-2025-3950 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed a user to leak certain information by referencing specially crafted images that bypass asset proxy protection. [email protected] 3.5 0.23% 2026-01-09 2026-06-17
CVE-2025-13781 GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to modify instance-wide AI feature provider settings by exploiting missing authorization checks in GraphQL mutations. [email protected] 6.5 0.41% 2026-01-09 2026-06-17
CVE-2025-13772 GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to access and utilize AI model settings from unauthorized namespaces by manipulating namespace identifiers in API requests. [email protected] 7.1 0.39% 2026-01-09 2026-06-29
CVE-2025-13761 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an unauthenticated user to execute arbitrary code in the context of an authenticated user's browser by convincing the legitimate user to visit a specially crafted webpage. [email protected] 8.0 0.57% 2026-01-09 2026-06-29
CVE-2025-11246 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user with specific permissions to remove all project runners from unrelated projects by manipulating GraphQL runner associations. [email protected] 5.4 0.39% 2026-01-09 2026-06-17
CVE-2025-10569 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to create a denial of service condition by providing crafted responses to external API calls. [email protected] 6.5 0.48% 2026-01-09 2026-06-17
CVE-2025-12734 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to, under certain conditions, render content in dialogs to other users by injecting malicious HTML content into merge request titles. [email protected] 3.5 0.23% 2025-12-11 2026-06-17
CVE-2025-12029 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have, under certain circumstances, allowed an unauthenticated user to perform unauthorized actions on behalf of another user by injecting malicious external scripts into the Swagger UI." [email protected] 8.0 0.50% 2025-12-11 2026-06-17
CVE-2025-8405 GitLab has remediated a security issue in GitLab CE/EE affecting all versions from 17.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to perform unauthorized actions on behalf of other users by injecting malicious HTML into vulnerability code flow displays. [email protected] 7.7 0.49% 2025-12-11 2026-06-17
CVE-2025-4097 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to cause a denial of service condition by uploading specially crafted images. [email protected] 6.5 0.26% 2025-12-11 2026-06-17
CVE-2025-11984 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to bypass WebAuthn two-factor authentication by manipulating the session state under certain conditions. [email protected] 6.8 0.27% 2025-12-11 2026-06-17
CVE-2025-11247 GitLab has remediated an issue in GitLab EE affecting all versions from 13.2 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to disclose sensitive information from private projects by executing specifically crafted GraphQL queries. [email protected] 4.3 0.21% 2025-12-11 2026-06-17
CVE-2025-14157 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 6.3 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to cause a Denial of Service condition by sending crafted API calls with large content parameters. [email protected] 6.5 0.27% 2025-12-10 2026-06-17
CVE-2025-13978 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.5 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to discover the names of private projects they do not have access through API requests. [email protected] 4.3 0.26% 2025-12-10 2026-06-17
CVE-2025-12716 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that, under certain conditions could have allowed an authenticated user to perform unauthorized actions on behalf of another user by creating wiki pages with malicious content. [email protected] 8.7 0.40% 2025-12-10 2026-06-17
«« First « Prev Page 8 / 72 Next »
cvelogic Threat Intelligence