957 matches found
CVE-2021-22232
HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE...
CVE-2021-39880
A Denial Of Service vulnerability in the apollouploadserver Ruby gem in GitLab CE/EE all versions starting from 11.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to deny access to all users via specially crafted...
CVE-2020-13277
An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5...
CVE-2020-26407
A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project...
CVE-2020-13358
A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. Affected versions are: =13.4, =13.3, =13.5, 13.5.2...
CVE-2025-0605
An issue has been discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Group access controls could allow certain users to bypass two-factor authentication requirements...
PT-2025-22489 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 17.1 through 17.10.6 GitLab CE/EE versions 17.11 through 17.11.2 GitLab CE/EE versions 18.0 through 18.0.0 Description: An issue has been discovered in GitLab CE/EE where under certain conditions, unauthorized users can...
PT-2025-22482 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 18.0 through 18.0.0 Description: An issue has been discovered in GitLab CE/EE where a user with limited permissions could access Job Data via a crafted GraphQL query in certain circumstances. Recommendations: For GitLab...
PT-2025-22479 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 17.10.7 GitLab CE/EE version 17.11 prior to 17.11.3 GitLab CE/EE version 18.0 prior to 18.0.1 Description: An issue has been discovered in GitLab CE/EE that allows an attacker to reveal masked or hidden CI...
PT-2025-22488 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.8 through 17.10.6 GitLab CE/EE versions 17.11 through 17.11.2 GitLab CE/EE versions 18.0 through 18.0.0 Description: An issue has been discovered in GitLab CE/EE, where group access controls could allow certain users ...
PT-2025-22486 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 11.1 through 17.10.6 GitLab CE/EE versions 17.11 through 17.11.2 GitLab CE/EE versions 18.0 through 18.0.0 Description: An issue has been discovered in GitLab CE/EE, where improper XPath validation allows a modified SAML...
PT-2025-22477 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 10.2 through 17.10.6 GitLab CE/EE versions 17.11 through 17.11.2 GitLab CE/EE versions 18.0 through 18.0.0 Description: An issue has been discovered in GitLab CE/EE due to a lack of input validation in the Kubernetes...
PT-2025-22459 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 17.10.7 GitLab CE/EE version 17.11 prior to 17.11.3 GitLab CE/EE version 18.0 prior to 18.0.1 Description: An issue has been discovered in GitLab CE/EE that could allow an authenticated attacker to cause a denia...
PT-2025-20571 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 17.1 through 17.9.7 GitLab CE/EE versions 17.10 through 17.10.5 GitLab CE/EE versions 17.11 through 17.11.1 Description: An issue has been discovered in GitLab CE/EE that could cause a Denial of Service DoS condition. Th...
PT-2025-20573 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 12.0 through 17.9.7 GitLab CE/EE versions 17.10 through 17.10.5 GitLab CE/EE versions 17.11 through 17.11.1 Description: An issue has been discovered in GitLab CE/EE that allows users to bypass IP access restrictions and...
PT-2025-20572 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 17.3 through 17.9.7 GitLab CE/EE versions 17.10 through 17.10.5 GitLab CE/EE versions 17.11 through 17.11.1 Description: An issue has been discovered in GitLab CE/EE that allows attackers to bypass Device OAuth flow...
CVE-2025-0639
An issue has been discovered affecting service availability via issue preview in GitLab CE/EE affecting all versions from 16.7 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1...
PT-2025-17705 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.7 through 17.9.7 GitLab CE/EE versions 17.10 through 17.10.5 GitLab CE/EE versions 17.11 through 17.11.1 Description: An issue has been discovered affecting service availability via issue preview in GitLab CE/EE. The...
CVE-2025-2469 Debug Messages Revealing Unnecessary Information in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.9.6, and 17.10 before 17.10.4. The runtime profiling data of a specific service was accessible to unauthenticated users...
CVE-2025-1677
CVE-2025-1677 is a DoS in GitLab CE/EE causing denial of service when oversized payloads are injected into CI pipeline exports. Affected versions: all up to 17.8.7, 17.9 prior to 17.9.6, and 17.10 prior to 17.10.4. Remediation: upgrade to GitLab 17.9.6 or 17.10.4 or later (per provided details). ...