Filtered by vendor Gitlab
Subscribe
Total
1298 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-0958 | 1 Gitlab | 1 Gitlab | 2026-02-13 | N/A | 7.5 HIGH |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through memory or CPU exhaustion by bypassing JSON validation middleware limits. | |||||
| CVE-2025-8099 | 1 Gitlab | 1 Gitlab | 2026-02-13 | N/A | 7.5 HIGH |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.8 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an unauthenticated user to cause denial of service by sending repeated GraphQL queries. | |||||
| CVE-2025-7659 | 1 Gitlab | 1 Gitlab | 2026-02-13 | N/A | 8.0 HIGH |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to steal tokens and access private repositories by abusing incomplete validation in the Web IDE. | |||||
| CVE-2025-14594 | 1 Gitlab | 1 Gitlab | 2026-02-13 | N/A | 3.5 LOW |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to view certain pipeline values by querying the API. | |||||
| CVE-2025-14592 | 1 Gitlab | 1 Gitlab | 2026-02-13 | N/A | 3.7 LOW |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized operations by submitting GraphQL mutations through the GLQL API endpoint. | |||||
| CVE-2025-14560 | 1 Gitlab | 1 Gitlab | 2026-02-13 | N/A | 7.3 HIGH |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized actions on behalf of another user by injecting malicious content into vulnerability code flow. | |||||
| CVE-2025-12575 | 1 Gitlab | 1 Gitlab | 2026-02-13 | N/A | 5.4 MEDIUM |
| GitLab has remediated an issue in GitLab EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user with certain permissions to make unauthorized requests to internal network services through the GitLab server. | |||||
| CVE-2025-12073 | 1 Gitlab | 1 Gitlab | 2026-02-13 | N/A | 4.3 MEDIUM |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an authenticated user to perform server-side request forgery against internal services by bypassing protections in the Git repository import functionality. | |||||
| CVE-2026-1458 | 1 Gitlab | 1 Gitlab | 2026-02-12 | N/A | 6.5 MEDIUM |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an unauthenticated user to cause denial of service by uploading malicious files. | |||||
| CVE-2026-1456 | 1 Gitlab | 1 Gitlab | 2026-02-12 | N/A | 6.5 MEDIUM |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through CPU exhaustion by submitting specially crafted markdown files that trigger exponential processing in markdown preview. | |||||
| CVE-2026-1080 | 1 Gitlab | 1 Gitlab | 2026-02-12 | N/A | 4.3 MEDIUM |
| GitLab has remediated an issue in GitLab EE affecting all versions from 16.7 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to access iteration data from private descendant groups by querying the iterations API endpoint. | |||||
| CVE-2026-1387 | 1 Gitlab | 1 Gitlab | 2026-02-12 | N/A | 6.5 MEDIUM |
| GitLab has remediated an issue in GitLab EE affecting all versions from 15.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to cause Denial of Service by uploading a malicious file and repeatedly querying it through GraphQl. | |||||
| CVE-2026-1282 | 1 Gitlab | 1 Gitlab | 2026-02-12 | N/A | 3.5 LOW |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to inject malicious content into project labels titles. | |||||
| CVE-2026-1094 | 1 Gitlab | 1 Gitlab | 2026-02-12 | N/A | 4.6 MEDIUM |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI. | |||||
| CVE-2026-0595 | 1 Gitlab | 1 Gitlab | 2026-02-12 | N/A | 7.3 HIGH |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.9 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to add unauthorized email addresses to victim accounts through HTML injection in test case titles. | |||||
| CVE-2021-39935 | 1 Gitlab | 1 Gitlab | 2026-02-04 | 5.0 MEDIUM | 6.8 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API | |||||
| CVE-2026-1751 | 1 Gitlab | 1 Gitlab | 2026-02-04 | N/A | 3.1 LOW |
| A vulnerability has been discovered in GitLab CE/EE affecting all versions starting with 16.8 before 18.5.0 that could have allowed unauthorized edits to merge request approval rules under certain conditions. | |||||
| CVE-2026-1102 | 1 Gitlab | 1 Gitlab | 2026-01-26 | N/A | 5.3 MEDIUM |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to create a denial of service condition by sending repeated malformed SSH authentication requests. | |||||
| CVE-2025-13928 | 1 Gitlab | 1 Gitlab | 2026-01-26 | N/A | 7.5 HIGH |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to cause a denial of service condition by exploiting incorrect authorization validation in API endpoints. | |||||
| CVE-2025-13927 | 1 Gitlab | 1 Gitlab | 2026-01-26 | N/A | 7.5 HIGH |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.9 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to create a denial of service condition by sending crafted requests with malformed authentication data. | |||||