GitLab Enterprise Edition（EE）和GitLab Community Edition（CE） 跨站脚本漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. Versions of GitLab CE/EE prior to 18.11.3 contained a cross-site...

EUVD-2026-25048

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed a user to use invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions...

EUVD-2025-208993

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when handling certain CI-related inputs...

PT-2026-27991

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 17.7 through 18.8.6 GitLab CE/EE versions 18.9 through 18.9.2 GitLab CE/EE versions 18.10 through 18.10.0 Description An authenticated user could execute arbitrary JavaScript in a user's browser. This is due to improper...

CVE-2025-12555 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that, under certain conditions, could have allowed an authenticated user to access previous pipeline job information on projects with repository and CI/CD...

CVE-2020-7969

GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure...

CVE-2020-7972

GitLab EE 12.2 has Insecure Permissions issue 2 of 2...

CVE-2020-7976

GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control...

CVE-2020-7967

GitLab EE 8.0 through 12.7.2 has Insecure Permissions issue 1 of 2...

CVE-2020-7968

GitLab EE 8.0 through 12.7.2 has Incorrect Access Control...

CVE-2020-7977

GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions...

CVE-2020-7971

GitLab EE 11.0 and later through 12.7.2 allows XSS...

CVE-2020-10077

GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation revealed that a particular deprecated service was creating a server side request forgery risk...

CVE-2020-10084

GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Sending a specially crafted request to the vulnerabilityfeedback endpoint could result in the exposure of a private project namespace...

CVE-2023-4002

An issue has been discovered in GitLab EE affecting all versions starting from 14.1 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for EE-licensed users to link any security policy project by its ID to projects or group...

CVE-2021-22233

An information disclosure vulnerability in GitLab EE versions 13.10 and later allowed a user to read project details...

CVE-2021-22251

Improper validation of invited users' email address in GitLab EE affecting all versions since 12.2 allowed projects to add members with email address domain that should be blocked by group settings...

CVE-2021-22247

Improper authorization in GitLab CE/EE affecting all versions since 13.0 allows guests in private projects to view CI/CD analytics...

CVE-2022-0425

A DNS rebinding vulnerability in the Irker IRC Gateway integration in all versions of GitLab CE/EE since version 7.9 allows an attacker to trigger Server Side Request Forgery SSRF attacks...

CVE-2023-4812

An issue has been discovered in GitLab EE affecting all versions starting from 15.3 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2. The required CODEOWNERS approval could be bypassed by adding changes to a previously approved merge...