CVE-2025-1477 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 8.14 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an unauthenticated user to create a denial of service condition by sending specially crafted payloads to specific integration API endpoin...

CVE-2025-4700

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under specific circumstances, could have potentially allowed a successful attacker to trigger unintended content rendering leading to XSS...

PT-2025-30634 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 17.0 through 18.0.4 GitLab EE versions 18.1 through 18.1.2 GitLab EE versions 18.2 through 18.2.0 Description: An issue exists in GitLab EE that, under certain circumstances, could allow an attacker to access internal notes...

CVE-2022-1711

Server-Side Request Forgery SSRF in GitHub repository jgraph/drawio prior to 18.0.5...

PT-2022-14072 · Drawio · Drawio

Name of the Vulnerable Software and Affected Versions: drawio versions prior to 18.0.5 Description: The issue allows for path traversal in the WellKnownServlet, enabling the reading of local files of the web application. This can potentially lead to sensitive information disclosure...

PT-2022-14073 · Drawio · Drawio

Name of the Vulnerable Software and Affected Versions: drawio versions prior to 18.0.5 Description: The issue is related to a Server-Side Request Forgery SSRF in the editor's proxy via an IPv6 link-local address. This allows for SSRF to internal link-local IPv6 addresses. Recommendations: For...