Filtered by vendor Gitlab
Subscriptions
Filtered by product Gitlab
Subscriptions
Total
1180 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-2938 | 1 Gitlab | 1 Gitlab | 2025-06-27 | 3.1 Low |
| An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to gain elevated project privileges by requesting access to projects where role modifications during the approval process resulted in unintended permission grants. | ||||
| CVE-2025-5846 | 1 Gitlab | 1 Gitlab | 2025-06-26 | 2.7 Low |
| An issue has been discovered in GitLab EE affecting all versions from 16.10 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to assign unrelated compliance frameworks to projects by sending crafted GraphQL mutations that bypassed framework-specific permission checks. | ||||
| CVE-2025-1754 | 1 Gitlab | 1 Gitlab | 2025-06-26 | 5.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed unauthenticated attackers to upload arbitrary files to public projects by sending crafted API requests, potentially leading to resource abuse and unauthorized content storage. | ||||
| CVE-2025-5315 | 1 Gitlab | 1 Gitlab | 2025-06-26 | 4.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users with Guest role permissions to add child items to incident work items by sending crafted API requests that bypassed UI-enforced role restrictions. | ||||
| CVE-2025-3279 | 1 Gitlab | 1 Gitlab | 2025-06-26 | 6.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated attackers to create a DoS condition by sending crafted GraphQL requests. | ||||
| CVE-2023-1555 | 1 Gitlab | 1 Gitlab | 2025-06-26 | 2.7 Low |
| An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A namespace-level banned user can access the API. | ||||
| CVE-2023-4018 | 1 Gitlab | 1 Gitlab | 2025-06-25 | 4.3 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to create model experiments in public projects. | ||||
| CVE-2024-7586 | 1 Gitlab | 1 Gitlab | 2025-06-23 | 4.1 Medium |
| An issue was discovered in GitLab EE affecting all versions starting from 17.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, where webhook deletion audit log preserved auth credentials. | ||||
| CVE-2024-4025 | 1 Gitlab | 1 Gitlab | 2025-06-23 | 6.5 Medium |
| A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions from 7.10 prior before 16.11.5, version 17.0 before 17.0.3, and 17.1 before 17.1.1. It is possible for an attacker to cause a denial of service using a crafted markdown page. | ||||
| CVE-2025-2443 | 1 Gitlab | 1 Gitlab | 2025-06-23 | 8.7 High |
| An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1. | ||||
| CVE-2025-5121 | 1 Gitlab | 1 Gitlab | 2025-06-23 | 8.5 High |
| An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have allowed compliance frameworks to be applied to projects outside the compliance framework's group. | ||||
| CVE-2024-4994 | 1 Gitlab | 1 Gitlab | 2025-06-23 | 8.1 High |
| An issue has been discovered in GitLab CE/EE affecting all versions from 16.1.0 before 16.11.5, all versions starting from 17.0 before 17.0.3, all versions starting from 17.1.0 before 17.1.1 which allowed for a CSRF attack on GitLab's GraphQL API leading to the execution of arbitrary GraphQL mutations. | ||||
| CVE-2023-5600 | 1 Gitlab | 1 Gitlab | 2025-06-23 | 3.1 Low |
| An issue has been discovered in GitLab EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. Arbitrary access to the titles of an private specific references could be leaked through the service-desk custom email template. | ||||
| CVE-2023-6955 | 1 Gitlab | 1 Gitlab | 2025-06-17 | 6.6 Medium |
| A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group. | ||||
| CVE-2023-2030 | 1 Gitlab | 1 Gitlab | 2025-06-17 | 3.5 Low |
| An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an attacker could potentially modify the metadata of signed commits. | ||||
| CVE-2025-5982 | 1 Gitlab | 1 Gitlab | 2025-06-16 | 3.7 Low |
| An issue has been discovered in GitLab EE affecting all versions from 12.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Under certain conditions users could bypass IP access restrictions and view sensitive information. | ||||
| CVE-2025-1516 | 1 Gitlab | 1 Gitlab | 2025-06-12 | 6.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 8.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper input validation in Tokens Names could be used to trigger a denial of service. | ||||
| CVE-2025-0673 | 1 Gitlab | 1 Gitlab | 2025-06-12 | 7.5 High |
| An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2, allow an attacker to trigger an infinite redirect loop, potentially leading to a denial of service condition. | ||||
| CVE-2024-9512 | 1 Gitlab | 1 Gitlab | 2025-06-12 | 5.3 Medium |
| An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync. | ||||
| CVE-2025-1478 | 1 Gitlab | 1 Gitlab | 2025-06-12 | 6.5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in Board Names could be used to trigger a denial of service. | ||||