EUVD-2025-31329

Malicious code in bioql PyPI...

PT-2025-39734

Name of the Vulnerable Software and Affected Versions GitLab EE/CE versions 11.10 through 18.2.7 GitLab EE/CE versions 18.3 through 18.3.3 GitLab EE/CE versions 18.4 through 18.4.1 Description A denial of service issue exists in GraphQL endpoints within GitLab EE/CE. This allows unauthenticated...

UBUNTU-CVE-2024-4994

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1.0 before 16.11.5, all versions starting from 17.0 before 17.0.3, all versions starting from 17.1.0 before 17.1.1 which allowed for a CSRF attack on GitLab's GraphQL API leading to the execution of arbitrary GraphQL...

CVE-2021-4191: GitLab GraphQL API User Enumeration (FIXED)

On February 25, 2022, GitLab published a fix for CVE-2021-4191, which is an instance of CWE-359, "Exposure of Private Personal Information to an Unauthorized Actor." The now-patched vulnerability affected GitLab versions since 13.0. The vulnerability is the result of a missing authentication chec...

UBUNTU-CVE-2021-39904

An Improper Access Control vulnerability in the GraphQL API in all versions of GitLab CE/EE starting from 13.1 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows a Merge Request creator to resolve discussions and apply suggestion...