21403 matches found
CVE-2025-13078
The vulnerability CVE-2025-13078 affects GitLab CE/EE, including versions 16.10 through 18.10.0 with published fixes. An authenticated user could trigger a denial of service by abusing resource consumption when processing specific webhook configuration inputs. Affected versions require upgrades t...
CVE-2025-13078 Improper Validation of Specified Quantity in Input in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when processing certain webhook configurati...
CVE-2025-13436
GitLab CVE-2025-13436 affects GitLab CE/EE versions 13.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1. An authenticated user could trigger a Denial of Service via excessive resource consumption when processing certain CI-related inputs. The issue is mitigated by patch releases: 18....
CVE-2025-13436 Allocation of Resources Without Limits or Throttling in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when handling certain CI-related inputs...
CVE-2025-13436 Allocation of Resources Without Limits or Throttling in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when handling certain CI-related inputs...
CVE-2025-13436
Removed by vendor...
CVE-2025-14595 Missing Authorization in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user with Planner role to view security category metadata and attributes in group security...
CVE-2025-14595
Summary of CVE-2025-14595 (GitLab) A vulnerability in GitLab Enterprise Edition (GitLab EE) allowed an authenticated user with the Planner role to view security category metadata and attributes in the group security configuration, due to insufficient access control. The issue affects GitLab EE ve...
CVE-2025-14595
Removed by vendor...
CVE-2025-14595 Missing Authorization in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user with Planner role to view security category metadata and attributes in group security...
CVE-2026-1724
Removed by vendor...
CVE-2026-1724
Summary: CVE-2026-1724 concerns GitLab Enterprise Edition where an improper access control vulnerability could allow an unauthenticated user to access API tokens for self-hosted AI models. The issue affects GitLab versions 18.5 up to 18.8.7, 18.9 up to 18.9.3, and 18.10 up to 18.10.1. Root cause ...
CVE-2026-2745 Authentication Bypass Using an Alternate Path or Channel in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to bypass WebAuthn two-factor authentication and gain unauthorized access to user accounts due to inconsisten...
CVE-2026-2745
Removed by vendor...
CVE-2026-2745 Authentication Bypass Using an Alternate Path or Channel in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to bypass WebAuthn two-factor authentication and gain unauthorized access to user accounts due to inconsisten...
CVE-2026-2745
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to bypass WebAuthn two-factor authentication and gain unauthorized access to user accounts due to inconsisten...
CVE-2026-2745
GitLab CVE-2026-2745 affects GitLab CE/EE versions 7.11 up to 18.8.7, 18.8.x before 18.8.7; 18.9 before 18.9.3; and 18.10 before 18.10.1. The issue allowed an unauthenticated user to bypass WebAuthn two‑factor authentication and gain unauthorized access to user accounts due to inconsistent input ...
CVE-2026-2726
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to perform unauthorized actions on merge requests in other projects due to improper access control during...
CVE-2026-2726 Incorrect Authorization in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to perform unauthorized actions on merge requests in other projects due to improper access control during...
CVE-2026-2726
GitLab CVE-2026-2726: An issue in GitLab CE/EE allowed an authenticated user to performUnauthorized actions on merge requests in other projects due to improper access control during cross-repository operations. Affected versions were: 11.10 to before 18.8.7, 18.9 before 18.9.3, and 18.10 before 1...