CVE-2024-9773

Summary of CVE-2024-9773 (GitLab EE) An input validation flaw in the Harbor registry integration affects GitLab Enterprise Edition (EE) versions: 14.9 through 17.8.6, 17.9 through 17.8.3, and 17.10 through 17.10.1. The issue could allow a maintainer to inject malicious code into CLI commands show...

CVE-2024-9773

Removed by vendor...

PT-2025-12999 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 17.7 through 17.8.6 GitLab CE/EE versions 17.9 through 17.9.3 GitLab CE/EE versions 17.10 through 17.10.1 Description: An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.8.6, 17.9...

PT-2025-13454 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab EE/CE versions 12.10 through 17.8.5 GitLab EE/CE versions 17.9 through 17.9.2 GitLab EE/CE versions 17.10 through 17.10.0 Description: An issue has been discovered in GitLab EE/CE where a maliciously crafted file can cause uncontrolled...

PT-2025-26446 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 16.6 through 17.9.6 GitLab EE versions 17.10 through 17.10.4 GitLab EE versions 17.11 through 17.11.0 Description: An issue in GitLab EE allows for cross-site-scripting attacks and content security policy bypass in a user's...

CVE-2024-7296

An issue was discovered in GitLab EE affecting all versions from 16.5 prior to 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2 which allowed a user with a custom permission to approve pending membership requests beyond the maximum number of allowed users...

BIT-GITLAB-2024-13054 Allocation of Resources Without Limits or Throttling in GitLab

An issue was discovered in GitLab CE/EE affecting all versions before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2. where a denial of service vulnerability could allow an attacker to cause a system reboot under certain conditions...

BIT-GITLAB-2024-7296 Incorrect Authorization in GitLab

An issue was discovered in GitLab EE affecting all versions from 16.5 prior to 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2 which allowed a user with a custom permission to approve pending membership requests beyond the maximum number of allowed users...

CVE-2025-1257

An issue was discovered in GitLab EE affecting all versions starting with 12.3 before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2. A vulnerability in certain GitLab instances could allow an attacker to cause a denial of service condition by manipulating specific API inputs...

CVE-2024-7296

An issue was discovered in GitLab EE affecting all versions from 16.5 prior to 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2 which allowed a user with a custom permission to approve pending membership requests beyond the maximum number of allowed users...

CVE-2024-7296

GitLab EE contains CVE-2024-7296: affected releases are 16.5 up to 17.7.7, 17.8 up to 17.8.5, and 17.9 up to 17.9.2. A user with a custom permission could approve pending membership requests beyond the configured cap, potentially granting access beyond allowed users. This is described across mult...

CVE-2024-7296 Incorrect Authorization in GitLab

An issue was discovered in GitLab EE affecting all versions from 16.5 prior to 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2 which allowed a user with a custom permission to approve pending membership requests beyond the maximum number of allowed users...

CVE-2025-1257 Allocation of Resources Without Limits or Throttling in GitLab

An issue was discovered in GitLab EE affecting all versions starting with 12.3 before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2. A vulnerability in certain GitLab instances could allow an attacker to cause a denial of service condition by manipulating specific API inputs...

CVE-2025-1257

Removed by vendor...

CVE-2024-8402

Removed by vendor...

CVE-2024-8402 Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab

An issue was discovered in GitLab EE affecting all versions starting from 17.2 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. An input validation issue in the Google Cloud IAM integration feature could have enabled a Maintainer to...

CVE-2024-8402 Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab

An issue was discovered in GitLab EE affecting all versions starting from 17.2 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. An input validation issue in the Google Cloud IAM integration feature could have enabled a Maintainer to...

CVE-2024-13054 Allocation of Resources Without Limits or Throttling in GitLab

An issue was discovered in GitLab CE/EE affecting all versions before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2. where a denial of service vulnerability could allow an attacker to cause a system reboot under certain conditions...

PT-2025-11153 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 12.3 through 17.7.6 GitLab EE versions 17.8 through 17.8.4 GitLab EE versions 17.9 through 17.9.1 Description: An issue exists in GitLab EE that may allow a remote attacker to cause a denial of service condition by...

CVE-2025-2045

Improper authorization in GitLab EE affecting all versions from 17.7 prior to 17.7.6, 17.8 prior to 17.8.4, 17.9 prior to 17.9.1 allow users with limited permissions to access to potentially sensitive project analytics data...