EUVD-2024-46330

Malicious code in bioql PyPI...

EUVD-2022-34787

Malicious code in bioql PyPI...

Rejected reason: Maintainers have included reasons at https://gitlab.gnome.org/GNOME/libsoup/-/issues/465

...

Linux Distros Unpatched Vulnerability : CVE-2023-1787

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A search timeou...

Linux Distros Unpatched Vulnerability : CVE-2021-22239

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and later. CVE-2021-22239 Note that Nessus relies on the presence ...

BIT-GITLAB-2025-1299 Missing Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 18.0.5, all versions starting from 18.1 before 18.1.3, all versions starting from 18.2 before 18.2.1 that, under circumstances, could have allowed an unauthorized user to read deployment job logs by...

CVE-2025-0765

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed an unauthorized user to access custom service desk email addresses...

BIT-GITLAB-2025-6168 Incorrect Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated maintainers to bypass group-level user invitation restrictions by sending crafted API requests...

CVE-2025-6168

An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated maintainers to bypass group-level user invitation restrictions by sending crafted API requests...

BIT-GITLAB-2025-5846 Missing Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions from 16.10 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to assign unrelated compliance frameworks to projects by sending crafted GraphQL mutations that bypassed...

BIT-GITLAB-2024-7586 Insertion of Sensitive Information into Log File in GitLab

An issue was discovered in GitLab EE affecting all versions starting from 17.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, where webhook deletion audit log preserved auth credentials...

BIT-GITLAB-2023-5600 Missing Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. Arbitrary access to the titles of an private specific references could be leaked through the service-des...

CVE-2025-5121 Missing Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have allowed compliance frameworks to be applied to projects outside the compliance framework's group...

BIT-GITLAB-2025-5982 Insufficient Granularity of Access Control in GitLab

An issue has been discovered in GitLab EE affecting all versions from 12.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Under certain conditions users could bypass IP access restrictions and view sensitive information...

CVE-2025-5195 Authorization Bypass Through User-Controlled Key in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. It was possible for authenticated users to access arbitrary compliance frameworks, leading to unauthorized data disclosure...

CVE-2025-1478

An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in Board Names could be used to trigger a denial of service...

CVE-2025-2254

Removed by vendor...

CVE-2025-4278

Removed by vendor...

BIT-GITLAB-2025-4979 Insufficient Granularity of Access Control in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. An attacker may be able to reveal masked or hidden CI variables that they did not author in the WebUI, by simply creating their own variable and observing the HTTP...

BIT-GITLAB-2024-12093 Improper Validation of Consistency within Input in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Improper XPath validation allows modified SAML response to bypass 2FA requirement under specialized conditions...