CVE-2020-8114

GitLab EE 8.9 and later through 12.7.2 has Insecure Permission...

CVE-2020-26407

A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project...

CVE-2020-7974

GitLab EE 10.1 through 12.7.2 allows Information Disclosure...

CVE-2025-0605

An issue has been discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Group access controls could allow certain users to bypass two-factor authentication requirements...

CVE-2019-19628

In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions...

CVE-2019-19312

GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 has Incorrect Access Control. After a project changed to private, previously forked repositories were still able to get information about the private project through the API...

CVE-2019-5487

An improper access control vulnerability exists in Gitlab EE...

CVE-2019-19313

GitLab EE 12.3 through 12.5, 12.4.3, and 12.3.6 allows Denial of Service. Certain characters were making it impossible to create, edit, or view issues and commits...

BIT-GITLAB-2024-12244 Missing Authorization in GitLab

An issue has been discovered in access controls could allow users to view certain restricted project information even when related features are disabled in GitLab EE, affecting all versions from 17.7 prior to 17.9.7, 17.10 prior to 17.10.5, and 17.11 prior to 17.11.1...

CVE-2025-0639

An issue has been discovered affecting service availability via issue preview in GitLab CE/EE affecting all versions from 16.7 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1...

CVE-2024-12244

CVE-2024-12244†Missing Authorization in GitLab . The issue is an access-control flaw in GitLab Enterprise Edition (GitLab EE) that could allow a user to view certain restricted project information even when related features are disabled. Affected versions are GitLab EE 17.7 up to 17.9.7, 17.10 up...

PT-2025-17732 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 16.6 through 17.9.6 GitLab EE versions 17.10 through 17.10.4 GitLab EE versions 17.11 through 17.11.0 Description: An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security...

PT-2025-17662 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 17.7 through 17.9.6 GitLab EE versions 17.10 through 17.10.4 GitLab EE versions 17.11 through 17.11.0 Description: An issue has been discovered in access controls that could allow users to view certain restricted project...

CVE-2024-11129

An issue has been discovered in GitLab EE affecting all versions from 17.1 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. This allows attackers to perform targeted searches with sensitive keywords to get the count of issues containing the searched term."...

CVE-2025-2469 Debug Messages Revealing Unnecessary Information in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.9.6, and 17.10 before 17.10.4. The runtime profiling data of a specific service was accessible to unauthenticated users...

CVE-2024-11129 Generation of Error Message Containing Sensitive Information in GitLab

An issue has been discovered in GitLab EE affecting all versions from 17.1 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. This allows attackers to perform targeted searches with sensitive keywords to get the count of issues containing the searched term."...

CVE-2025-1677

CVE-2025-1677 is a DoS in GitLab CE/EE causing denial of service when oversized payloads are injected into CI pipeline exports. Affected versions: all up to 17.8.7, 17.9 prior to 17.9.6, and 17.10 prior to 17.10.4. Remediation: upgrade to GitLab 17.9.6 or 17.10.4 or later (per provided details). ...

PT-2025-15976 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.12 through 17.8.6 GitLab CE/EE versions 17.9 through 17.9.5 GitLab CE/EE versions 17.10 through 17.10.3 Description: An issue has been discovered affecting GitLab CE/EE, where under certain conditions, users could...

CVE-2024-9773

An issue was discovered in GitLab EE affecting all versions starting from 14.9 before 17.8.6, all versions starting from 17.9 before 17.8.3, all versions starting from 17.10 before 17.10.1. An input validation issue in the Harbor registry integration could have allowed a maintainer to add malicio...

CVE-2024-9773 Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab

An issue was discovered in GitLab EE affecting all versions starting from 14.9 before 17.8.6, all versions starting from 17.9 before 17.8.3, all versions starting from 17.10 before 17.10.1. An input validation issue in the Harbor registry integration could have allowed a maintainer to add malicio...