CVE-2026-3988

GitLab CVE-2026-3988 affects GitLab CE/EE prior to 18.8.7, 18.9 prior to 18.9.3, and 18.10 prior to 18.10.1. The issue stems from improper input validation in GraphQL request processing, allowing an unauthenticated attacker to cause a denial of service by making the GitLab instance unresponsive. ...

CVE-2025-14511 Improper Validation of Specified Quantity in Input in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted files to the container registry event endpoint under...

CVE-2025-12073

GitLab CVE-2025-12073 affects CE/EE versions 18.0–18.6.5, 18.7–18.7.3, and 18.8–18.8.3, where an authenticated user could perform SSRF against internal services by bypassing protections in the repository import functionality. The issue has been remediated in patch releases, notably the 18.6.6, 18...

Linux Distros Unpatched Vulnerability : CVE-2024-6389

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab-CE/EE affecting all versions starting with 17.0 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. An attacker as a...

SUSE CVE-2018-17453

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers may have been able to obtain sensitive access-token data from Sentry logs via the GRPC::Unknown exception...