CVE-2026-6552 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 15.5 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with group Owner role to take over another group member's GitLab account due to improper...

EUVD-2022-43160

Malicious code in bioql PyPI...

GHSA-652X-M2GR-HPPM OAuth2-Proxy's `--gitlab-group` GitLab Group Authorization config flag stopped working in v7.0.0

The --gitlab-group flag for group-based authorization in the GitLab provider stopped working in the v7.0.0 release. Regardless of the flag settings, authorization wasn't restricted. Additionally, any authenticated users had whichever groups were set in --gitlab-group added to the new...

CVE-2025-0516

CVE-2025-0516 affects GitLab CE/EE. The vulnerability is caused by improper authorization that allows users with limited permissions to perform unauthorized actions on critical project data. Affected versions are GitLab: 17.7 before 17.7.4 and 17.8 before 17.8.2; these are vulnerable, per the pro...

CVE-2021-22186

An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners...