CVE-2025-4225

An issue has been discovered in GitLab CE/EE affecting all versions from 14.1 before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that that under certain conditions could have allowed an unauthenticated attacker to cause a denial-of-service condition affecting all users by sending specially...

BIT-GITLAB-2025-4225 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 14.1 before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that that under certain conditions could have allowed an unauthenticated attacker to cause a denial-of-service condition affecting all users by sending specially...

BIT-GITLAB-2025-2246 Missing Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have allowed unauthenticated users to access sensitive manual CI/CD variables by querying the GraphQL API...

Linux Distros Unpatched Vulnerability : CVE-2021-22209

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted i...

Linux Distros Unpatched Vulnerability : CVE-2025-1110

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 before 18.0.1. In certain circumstances, a user with limited permissions could...

Linux Distros Unpatched Vulnerability : CVE-2020-13317

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4. An insufficient check in the GraphQL api allowed a maintainer to delete a...

Linux Distros Unpatched Vulnerability : CVE-2021-39904

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An Improper Access Control vulnerability in the GraphQL API in all versions of GitLab CE/EE starting from 13.1 before 14.2.6, all versions starting from 14.3...

Linux Distros Unpatched Vulnerability : CVE-2020-13334

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper authorization checks allow a non-member of a project/group to change the confidentiality...

@anjy7/navbar-cms (=0.0.5), @contentql/core (>=0.1.2 <=0.3.5) +17 more potentially affected by CVE-2025-4643 +1 more via @payloadcms/graphql (>=3.0.0-alpha.0 <=3.44.0-internal.6b79dc2)

@payloadcms/graphql NPM version =3.0.0-alpha.0, =0.1.2, =0.1.0, =3.0.0, =3.2.0, =0.2.0, =3.0.0-beta.10, =1.0.1, =0.1.0, =0.1.4, =1.0.0, =0.0.5, =0.0.1, =0.0.9-alpha.5, =0.0.5, =1.0.3 and more Source cves: CVE-2025-4643, CVE-2025-4644 Source advisory: OSV:GHSA-26RV-H2HF-3FW4...

@anjy7/navbar-cms (=0.0.5), @contentql/core (>=0.1.2 <=0.3.5) +17 more potentially affected by CVE-2025-4643 via @payloadcms/graphql (>=3.0.0-alpha.0 <=3.44.0-internal.6b79dc2)

@payloadcms/graphql NPM version =3.0.0-alpha.0, =0.1.2, =0.1.0, =3.0.0, =3.2.0, =0.2.0, =3.0.0-beta.10, =1.0.1, =0.1.0, =0.1.4, =1.0.0, =0.0.5, =0.0.1, =0.0.9-alpha.5, =0.0.5, =1.0.3 and more Source cves: CVE-2025-4643 Source advisory: OSV:GHSA-5V66-M237-HWF7...

CVE-2025-4225

An issue has been discovered in GitLab CE/EE affecting all versions from 14.1 before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that that under certain conditions could have allowed an unauthenticated attacker to cause a denial-of-service condition affecting all users by sending specially...

CVE-2025-2246 Missing Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have allowed unauthenticated users to access sensitive manual CI/CD variables by querying the GraphQL API...

CVE-2025-2246 Missing Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have allowed unauthenticated users to access sensitive manual CI/CD variables by querying the GraphQL API...

CVE-2025-2246 Missing Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have allowed unauthenticated users to access sensitive manual CI/CD variables by querying the GraphQL API...

CVE-2025-2246

Technical details about CVE-2025-2246 are not publicly provided in the connected documents; no confirmed affected products, versions, or fixes are documented here. Monitor for updates.

CVE-2025-2246

Removed by vendor...

CVE-2025-4225

Removed by vendor...

CVE-2025-4225

Technical details are not publicly available in the provided documents. Monitor for updates.

CVE-2025-4225 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 14.1 before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that that under certain conditions could have allowed an unauthenticated attacker to cause a denial-of-service condition affecting all users by sending specially...

PT-2025-34931 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 18.1.5 GitLab CE/EE versions 18.2 through 18.2.5 GitLab CE/EE versions prior to 18.3.1 Description: An issue exists in GitLab CE/EE that allows unauthenticated users to access sensitive manual CI/CD variables by...