21402 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-1090
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowe...
Linux Distros Unpatched Vulnerability : CVE-2025-12555
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that, under certain...
Linux Distros Unpatched Vulnerability : CVE-2026-1182
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.14 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowe...
CVE-2026-1182 vulnerabilities
Vulnerabilities for packages: gitlab-runner, gitlab-kas...
GHSA-P3CX-FRRM-35M8 vulnerabilities
Vulnerabilities for packages: gitlab-runner, gitlab-kas...
[SECURITY] Fedora 42 Update: glab-1.89.0-1.fc42
A GitLab CLI tool bringing GitLab to your command line...
GHSA-P3CX-FRRM-35M8 vulnerabilities
Vulnerabilities for packages: gitlab-cng-fips, gitlab-rails-ce-fips, gitlab-workhorse-ce-fips, gitlab-kas, gitlab-cng, gitlab-kas-fips, gitlab-runner, gitlab-rails-ce, gitlab-workhorse-ce, gitlab-runner-fips...
CVE-2026-1182 vulnerabilities
Vulnerabilities for packages: gitlab-cng-fips, gitlab-rails-ce-fips, gitlab-workhorse-ce-fips, gitlab-kas, gitlab-cng, gitlab-kas-fips, gitlab-runner, gitlab-rails-ce, gitlab-workhorse-ce, gitlab-runner-fips...
BIT-GITLAB-2026-3848 Improper Neutralization of CRLF Sequences ('CRLF Injection') in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to make unintended internal requests through proxy environments under certain conditions due to improper input...
BIT-GITLAB-2026-1732 Improper Removal of Sensitive Information Before Storage or Transfer in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose confidential issue titles due to improper filtering under certain circumstances...
BIT-GITLAB-2026-1663 Missing Authorization in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user with group import permissions to create labels in private projects due to improper authorization validation in th...
BIT-GITLAB-2026-1230 Use of Incorrectly-Resolved Name or Reference in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 1.0 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to cause repository downloads to contain different code than displayed in the web interface due to incorrect...
BIT-GITLAB-2026-1090 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user, when the markdownplaceholders feature flag was enabled, to inject JavaScript in a browser due to improper...
BIT-GITLAB-2026-1069 Uncontrolled Recursion in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by sending specially crafted GraphQL requests due to uncontrolled recursion under certain circumstances...
BIT-GITLAB-2026-0602 Authentication Bypass Using an Alternate Path or Channel in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose metadata from private issues, merge requests, epics, milestones, or commits due to improper filtering...
BIT-GITLAB-2025-14513 Improper Validation of Specified Quantity in Input in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service condition due to improper input validation when processing specially crafted JSON...
BIT-GITLAB-2025-13929 Allocation of Resources Without Limits or Throttling in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.0 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by issuing specially crafted requests to repository archive endpoints under certai...
BIT-GITLAB-2025-13690 Allocation of Resources Without Limits or Throttling in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to cause a denial of service condition due to improper input validation on webhook custom header names under...
BIT-GITLAB-2025-12704 Missing Authorization in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to access Virtual Registry data in groups where they are not members due to improper authorization under certain...
BIT-GITLAB-2025-12697 Improper Encoding or Escaping of Output in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.5 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user with maintainer-role permissions to reveal Datadog API credentials under certain conditions...