24 matches found
CVE-2025-10497 Allocation of Resources Without Limits or Throttling in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause a denial of service condition by sending specially crafted payloads...
CVE-2025-10004
CVE-2025-10004 affects GitLab CE/EE versions 13.12 through 18.2.8, 18.3 through 18.3.4, and 18.4 through 18.4.2. The issue allows crafted GraphQL queries to request large repository blobs, potentially making a GitLab instance unresponsive or severely degraded. A remediation has been released; Git...
PT-2025-29075 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 18.0 through 18.0.3 GitLab EE versions 18.1 through 18.1.1 Description: An issue allows authenticated maintainers to bypass group-level user invitation restrictions by sending crafted API requests. Recommendations: Update t...
PT-2025-29076 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 17.11 through 17.11.5 GitLab CE/EE versions 18.0 through 18.0.3 GitLab CE/EE versions 18.1 through 18.1.1 Description: An issue has been discovered in GitLab CE/EE that, under certain conditions, could allow an attacker ...
BIT-GITLAB-2025-0673 Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2, allow an attacker to trigger an infinite redirect loop, potentially leading to a denial of service condition...
CVE-2025-0673 Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2, allow an attacker to trigger an infinite redirect loop, potentially leading to a denial of service condition...
CVE-2024-12093 Improper Validation of Consistency within Input in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Improper XPath validation allows modified SAML response to bypass 2FA requirement under specialized conditions...
PT-2025-17706 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab EE/CE versions 16.6 through 17.9.7 GitLab EE/CE versions 17.10 through 17.10.5 GitLab EE/CE versions 17.11 through 17.11.1 Description: An issue has been discovered in GitLab EE/CE that could allow an attacker to track users' browsing...
CVE-2024-12619 Insufficient Granularity of Access Control in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1, allowing internal users to gain unauthorized access to internal projects...
BIT-GITLAB-2025-0475 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1. A proxy feature could potentially allow unintended content rendering leading to XSS under specific circumstances...
GHSA-RWW2-M274-8F9V vulnerabilities
Vulnerabilities for packages: gitlab-runner-fips, gitlab-cng-fips...
CVE-2025-0376 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
An XSS vulnerability exists in GitLab CE/EE affecting all versions from 13.3 prior to 17.6.5, 17.7 prior to 17.7.4 and 17.8 prior to 17.8.2 that allows an attacker to execute unauthorized actions via a change page...
CVE-2022-2931
A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Malformed content added to the issue description could have been used to trigger high CPU usage...
CVE-2022-0244
An issue has been discovered in GitLab CE/EE affecting all versions starting with 14.5. Arbitrary file read was possible by importing a group was due to incorrect handling of file...
CVE-2024-9631 Inefficient Algorithmic Complexity in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 13.6 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, where viewing diffs of MR with conflicts can be slow...
PT-2025-1086 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.7 through 17.5.5 GitLab CE/EE versions 17.6 through 17.6.3 GitLab CE/EE versions 17.7 through 17.7.1 Description: An issue was discovered in GitLab CE/EE that allows a denial of service DoS by creating cyclic referenc...
PT-2024-10156 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 11.0 through 17.4.6 GitLab CE/EE versions 17.5 through 17.5.4 GitLab CE/EE versions 17.6 through 17.6.2 Description: The issue is related to the GraphQL Mutation Handler component of the GitLab platform, which can lead t...
PT-2024-33781 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.1.0 through 16.11.4 GitLab CE/EE versions 17.0.0 through 17.0.2 GitLab CE/EE versions 17.1.0 Description: An issue has been discovered in GitLab CE/EE that allowed for a CSRF attack on GitLab's GraphQL API, leading to...
PT-2023-10698 · Slack +1 · Slack +2
Name of the Vulnerable Software and Affected Versions: GitLab Community and Enterprise Edition versions 11.1.7 and earlier, 11.2.x through 11.2.3, 11.3.x through 11.3.0 Description: The issue is related to Cross Site Request Forgery CSRF in the Slack integration for issuing slash commands. This...
CVE-2022-3285
Bypass of healthcheck endpoint allow list affecting all versions from 12.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an unauthorized attacker to prevent access to GitLab...