BIT-GITLAB-2025-9484 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 16.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that under certain circumstances could have allowed an authenticated user to have access to other users' email addresses via certain GraphQL queries...

Missing Authentication for Critical Function

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the createSubscriptions process. An attacker can execute unauthorized GraphQ...

Vulnerabilities fixed in GitLab CE/EE

GitLab has fixed vulnerabilities in GitLab CE/EE. The vulnerabilities include several issues, including the ability for authenticated users to upload malicious images, perform unauthorized actions by injecting malicious HTML, obtain sensitive information through GraphQL queries, and bypass WebAut...

EUVD-2025-198377

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 to 18.2.8, 18.3 before 18.3.4, and 18.4 before 18.4.2 that could have allowed authenticated users without project membership to view sensitive manual CI/CD variables by querying the GraphQL API...

Linux Distros Unpatched Vulnerability : CVE-2024-5430

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab CE/EE affecting all versions starting from 16.10 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1...

CVE-2024-5430

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.10 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows a project maintainer can delete the merge request approval policy via graphQL...

CVE-2025-1110

Removed by vendor...

CVE-2022-0172

An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.3. Under certain conditions it was possible to bypass the IP restriction for public projects through GraphQL allowing unauthorised users to read titles of issues, merge requests and milestones...

PT-2022-13008 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 12.3 and later Description: An issue has been discovered in GitLab CE/EE, where under certain conditions, it was possible to bypass the IP restriction for public projects through GraphQL. This allowed unauthorized users ...

PT-2021-2305 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.1 and earlier Magento versions 2.4.0-p1 and earlier Magento versions 2.3.6 and earlier Description: The issue is related to a cross-site request forgery CSRF vulnerability via the GraphQL API. Successful exploitation coul...

PT-2020-18975 · Silverstripe · Silverstripe

Name of the Vulnerable Software and Affected Versions: SilverStripe version 4.5.0 Description: The issue allows attackers to read certain records that should not have been placed into a result set. This is due to the automatic permission-checking mechanism in the silverstripe/graphql module not...