CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2025-2934 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-2934
09 Oct 2025 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 5.2 prior to 18.2.8, 18.3 prior to 18.3.4, and 18.4 prior to 18.4.2 that could have allowed an authenticated attacker to create a denial of service condition by configuring malicious webhook endpoints that send crafted HTTP responses. • https://about.gitlab.com/releases/2025/10/08/patch-release-gitlab-18-4-2-released • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-10858 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-10858
26 Sep 2025 — An issue was discovered in GitLab CE/EE affecting all versions before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that allows unauthenticated users to cause a Denial of Service (DoS) condition while uploading specifically crafted large JSON files. • https://gitlab.com/gitlab-org/gitlab/-/issues/570034 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.8EPSS: 0%CPEs: 6EXPL: 1CVE-2025-2246 – Missing Authorization in GitLab
https://notcve.org/view.php?id=CVE-2025-2246
27 Aug 2025 — An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have allowed unauthenticated users to access sensitive manual CI/CD variables by querying the GraphQL API. Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones anteriores a la 18.1.5, 18.2 anteriores a la 18.2.5 y 18.3 anteriores a la 18.3.1 que podría haber permitido a usuarios no autenticados acceder a variables manuales confidenciales de CI/CD ... • https://gitlab.com/gitlab-org/gitlab/-/issues/524592 • CWE-862: Missing Authorization •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 1CVE-2025-5101 – Improper Control of Generation of Code ('Code Injection') in GitLab
https://notcve.org/view.php?id=CVE-2025-5101
27 Aug 2025 — An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that under certain conditions could have allowed an authenticated attacker to distribute malicious code that appears harmless in the web interface by taking advantage of ambiguity between branches and tags during repository imports. Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones anteriores a la 18.1.5, 18.2 anteriores a la 18.2.5 y 18.3 anteriores a la... • https://gitlab.com/gitlab-org/gitlab/-/issues/545165 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 1CVE-2024-9512 – Time-of-check Time-of-use (TOCTOU) Race Condition in GitLab
https://notcve.org/view.php?id=CVE-2024-9512
12 Jun 2025 — An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync. • https://gitlab.com/gitlab-org/gitlab/-/issues/497748 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-5996 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-5996
12 Jun 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 2.1.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. A lack of input validation in HTTP responses could allow an authenticated user to cause denial of service. • https://gitlab.com/gitlab-org/gitlab/-/issues/476671 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2025-0993 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-0993
22 May 2025 — An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. This could allow an authenticated attacker to cause a denial of service condition by exhausting server resources. • https://gitlab.com/gitlab-org/gitlab/-/issues/516927 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2025-2853 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-2853
22 May 2025 — An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of proper validation in GitLab could allow an authenticated user to cause a denial of service condition. • https://gitlab.com/gitlab-org/gitlab/-/issues/527218 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-4979 – Insufficient Granularity of Access Control in GitLab
https://notcve.org/view.php?id=CVE-2025-4979
22 May 2025 — An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. An attacker may be able to reveal masked or hidden CI variables (that they did not author) in the WebUI, by simply creating their own variable and observing the HTTP response. • https://gitlab.com/gitlab-org/gitlab/-/issues/524455 • CWE-1220: Insufficient Granularity of Access Control •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2025-1677 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-1677
10 Apr 2025 — A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all up to 17.8.7, 17.9 prior to 17.9.6 and 17.10 prior to 17.10.4 A denial of service could occur upon injecting oversized payloads into CI pipeline exports. • https://gitlab.com/gitlab-org/gitlab/-/issues/521117 • CWE-770: Allocation of Resources Without Limits or Throttling •