3121 matches found
Vulnerabilities fixed in GitLab EE & CE
GitLab has fixed vulnerabilities in GitLab CE/EE Specifically for versions before 18.2.7, 18.3.3, and 18.4.1. The vulnerabilities include allowing authenticated users to access confidential information by creating projects with the same name as the victim, and gaining unauthorized access to...
CVE-2025-8014
Denial of Service issue in GraphQL endpoints in Gitlab EE/CE affecting all versions from 11.10 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 allows unauthenticated users to potentially bypass query complexity limits leading to resource exhaustion and service disruption...
CVE-2025-8014 Allocation of Resources Without Limits or Throttling in GitLab
Denial of Service issue in GraphQL endpoints in Gitlab EE/CE affecting all versions from 11.10 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 allows unauthenticated users to potentially bypass query complexity limits leading to resource exhaustion and service disruption...
CVE-2025-8014
CVE-2025-8014 affects GitLab CE/EE where unauthenticated users could bypass query complexity limits on GraphQL endpoints, potentially causing resource exhaustion and DoS. Affected versions include GitLab 11.10 up to 18.2.7, 18.3 up to 18.3.3, and 18.4 up to 18.4.1. The vulnerability stems from un...
CVE-2025-8014 Allocation of Resources Without Limits or Throttling in GitLab
Denial of Service issue in GraphQL endpoints in Gitlab EE/CE affecting all versions from 11.10 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 allows unauthenticated users to potentially bypass query complexity limits leading to resource exhaustion and service disruption...
CVE-2025-8014 Allocation of Resources Without Limits or Throttling in GitLab
Denial of Service issue in GraphQL endpoints in Gitlab EE/CE affecting all versions from 11.10 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 allows unauthenticated users to potentially bypass query complexity limits leading to resource exhaustion and service disruption...
CVE-2025-8014
Removed by vendor...
CVE-2025-10867
An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could have allowed an authenticated user to create a denial-of-service condition by exploiting an unprotected GraphQL API through repeated requests...
CVE-2025-11042
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.2 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service DoS condition while using specific GraphQL queries...
PT-2025-39734
Name of the Vulnerable Software and Affected Versions GitLab EE/CE versions 11.10 through 18.2.7 GitLab EE/CE versions 18.3 through 18.3.3 GitLab EE/CE versions 18.4 through 18.4.1 Description A denial of service issue exists in GraphQL endpoints within GitLab EE/CE. This allows unauthenticated...
CVE-2025-59845
Apollo Studio Embeddable Explorer & Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery CSRF vulnerability was identified. The vulnerability arises from missing orig...
CVE-2025-59845 Apollo Embedded Sandbox and Explorer vulnerable to CSRF via window.postMessage origin-validation bypass
Apollo Studio Embeddable Explorer & Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery CSRF vulnerability was identified. The vulnerability arises from missing orig...
CVE-2025-59845 Apollo Embedded Sandbox and Explorer vulnerable to CSRF via window.postMessage origin-validation bypass
Apollo Studio Embeddable Explorer & Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery CSRF vulnerability was identified. The vulnerability arises from missing orig...
Exploit for CVE-2025-55817
This is a PoC exploit for CVE-2025-55817, a Stored Cross Site Sc...
Cross-site Request Forgery (CSRF)
Overview @apollo/sandbox is a This repo hosts the source for Apollo Studio's Embeddable Sandbox Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via missing origin validation in the window.postMessage process. An attacker can execute unauthorized GraphQL queries...
CVE-2025-11042
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.2 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service DoS condition while using specific GraphQL queries...
CVE-2025-11042 Allocation of Resources Without Limits or Throttling in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.2 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service DoS condition while using specific GraphQL queries...
CVE-2025-11042 Allocation of Resources Without Limits or Throttling in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.2 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service DoS condition while using specific GraphQL queries...
CVE-2025-11042 Allocation of Resources Without Limits or Throttling in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.2 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service DoS condition while using specific GraphQL queries...
CVE-2025-11042
Summary (CVE-2025-11042) : GitLab CE/ EE suffers a DoS-style flaw where specific GraphQL queries can cause uncontrolled CPU consumption across affected versions: 17.2–before 18.2.7, 18.3–before 18.3.3, and 18.4–before 18.4.1. The issue is linked to resource management during GraphQL handling and ...