957 matches found
PT-2025-26937 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 10.7 through 17.11.5 GitLab CE/EE versions 18.0 through 18.0.3 GitLab CE/EE versions 18.1 through 18.1.1 Description: An issue has been discovered in GitLab CE/EE that could allow authenticated attackers to create a...
CVE-2025-5121
An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have allowed compliance frameworks to be applied to projects outside the compliance framework's group...
CVE-2024-4025
A Denial of Service DoS condition has been discovered in GitLab CE/EE affecting all versions from 7.10 prior before 16.11.5, version 17.0 before 17.0.3, and 17.1 before 17.1.1. It is possible for an attacker to cause a denial of service using a crafted markdown page...
PT-2025-26452 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 7.10 through 16.11.5 GitLab CE/EE version 17.0 through 17.0.3 GitLab CE/EE version 17.1 through 17.1.1 Description: A Denial of Service DoS condition exists in GitLab CE/EE. An attacker can cause a denial of service by...
CVE-2025-2254 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper output encoding in the snipper viewer functionality lead to Cross-Site scripting attacks...
PT-2025-25286 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.13 through 17.10.7 GitLab CE/EE versions 17.11 through 17.11.3 GitLab CE/EE versions 18.0 through 18.0.1 Description: An issue has been discovered in GitLab CE/EE, where a lack of input validation in Board Names could ...
PT-2025-25291 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 17.9 through 17.10.6 GitLab CE/EE versions 17.11 through 17.11.2 GitLab CE/EE versions 18.0 through 18.0.0 Description: An issue has been discovered in GitLab CE/EE, allowing authenticated users to access arbitrary...
PT-2025-25287 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 8.7 through 17.10.8 GitLab CE/EE versions 17.11 through 17.11.4 GitLab CE/EE versions 18.0 through 18.0.2 Description: An issue has been discovered in GitLab CE/EE affecting all versions from 8.7 before 17.10.8, 17.11...
PT-2025-25292 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 17.7 through 17.10.8 GitLab CE/EE versions 17.11 through 17.11.4 GitLab CE/EE versions 18.0 through 18.0.2 Description: An issue has been discovered in GitLab CE/EE that allows an attacker to trigger an infinite redirect...
PT-2025-25290 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 2.1.0 through 17.10.7 GitLab CE/EE versions 17.11 through 17.11.3 GitLab CE/EE versions 18.0 through 18.0.1 Description: An issue has been discovered in GitLab CE/EE, where a lack of input validation in HTTP responses...
PT-2025-25288 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 17.9 through 17.10.7 GitLab CE/EE versions 17.11 through 17.11.3 GitLab CE/EE versions 18.0 through 18.0.1 Description: The issue is related to improper output encoding in the snippet viewer functionality, leading to...
PT-2025-25289
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.0 through 18.0.2 Description An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions, HTML injection in the new search page could lead to account...
CVE-2024-9163
A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs...
CVE-2024-9163
Removed by vendor...
CVE-2025-0290
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 prior to 17.5.5, from 17.6 prior to 17.6.3, and from 17.7 prior to 17.7.1. Under certain conditions, processing of CI artifacts metadata could cause background jobs to become unresponsive...
CVE-2024-0231
A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits...
CVE-2024-8179
An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. Improper output encoding could lead to XSS if CSP is not enabled...
CVE-2024-11669
An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Certain API endpoints could potentially allow unauthorized access to sensitive data due to overly broad application of token scopes...
CVE-2023-6688
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.11 prior to 16.11.2. A problem with the processing logic for Google Chat Messages integration may lead to a regular expression DoS attack on the server...
CVE-2023-3424
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.3 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. A Regular Expression Denial of Service was possible via sending crafted payloads to the...