21402 matches found
CVE-2026-2726
Removed by vendor...
CVE-2026-2973 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to execute arbitrary JavaScript in a user's browser due to improper sanitization of entity-encoded content in...
CVE-2026-2973 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to execute arbitrary JavaScript in a user's browser due to improper sanitization of entity-encoded content in...
CVE-2026-2973
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to execute arbitrary JavaScript in a user's browser due to improper sanitization of entity-encoded content in...
CVE-2026-2973
Removed by vendor...
CVE-2026-2973
GitLab CVE-2026-2973 affects GitLab CE/EE versions 17.7–before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1. The issue is an improper sanitization of entity-encoded content in Mermaid diagrams that could allow an authenticated user to execute arbitrary JavaScript in another user’s browser...
CVE-2026-2995 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to add email addresses to targeted user accounts due to improper sanitization of HTML content...
CVE-2026-2995
Summary: CVE-2026-2995 affects GitLab Enterprise Edition (GitLab EE) and was fixed via patch releases. Affected versions (as remediated): all GitLab EE versions from 15.4 before 18.8.7; 18.9 before 18.9.3; and 18.10 before 18.10.1. Root cause / vulnerability: improper sanitization of HTML content...
CVE-2026-2995
GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to add email addresses to targeted user accounts due to improper sanitization of HTML content...
CVE-2026-2995 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to add email addresses to targeted user accounts due to improper sanitization of HTML content...
CVE-2026-2995
Removed by vendor...
CVE-2026-3857
GitLab CSRF protection weakness allowed an unauthenticated user to trigger arbitrary GraphQL mutations on behalf of authenticated users in GitLab CE/EE versions 17.10–before 18.8.7, 18.9–before 18.9.3, and 18.10–before 18.10.1. Patches fixed these issues in the 18.10.1 release (and related adviso...
CVE-2026-3857 Cross-Site Request Forgery (CSRF) in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to execute arbitrary GraphQL mutations on behalf of authenticated users due to insufficient CSRF protection...
CVE-2026-3857
Removed by vendor...
CVE-2026-3857
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to execute arbitrary GraphQL mutations on behalf of authenticated users due to insufficient CSRF protection...
CVE-2026-3857 Cross-Site Request Forgery (CSRF) in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to execute arbitrary GraphQL mutations on behalf of authenticated users due to insufficient CSRF protection...
CVE-2026-3988
Removed by vendor...
CVE-2026-3988 Inefficient Algorithmic Complexity in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to cause a denial of service by making the GitLab instance unresponsive due to improper input validation in...
CVE-2026-3988 Inefficient Algorithmic Complexity in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to cause a denial of service by making the GitLab instance unresponsive due to improper input validation in...
CVE-2026-3988
GitLab CVE-2026-3988 affects GitLab CE/EE prior to 18.8.7, 18.9 prior to 18.9.3, and 18.10 prior to 18.10.1. The issue stems from improper input validation in GraphQL request processing, allowing an unauthenticated attacker to cause a denial of service by making the GitLab instance unresponsive. ...