CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2026-1659 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2026-1659
14 May 2026 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted requests due to insufficient input validation. • https://about.gitlab.com/releases/2026/05/13/patch-release-gitlab-18-11-3-released • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2025-0186 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-0186
22 Apr 2026 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause denial of service under certain conditions by exhausting server resources by making crafted requests to a discussions endpoint. • https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2025-6016 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-6016
22 Apr 2026 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause denial of service due to insufficient resource allocation limits when retrieving notes under certain conditions. • https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 2.7EPSS: 0%CPEs: 6EXPL: 1CVE-2025-9957 – Incorrect Authorization in GitLab
https://notcve.org/view.php?id=CVE-2025-9957
22 Apr 2026 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user with project owner permissions to bypass group fork prevention settings due to improper authorization checks. • https://about.gitlab.com/releases/2026/04/22/patch-release-gitlab-18-11-1-released • CWE-863: Incorrect Authorization •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2026-1752 – Incorrect Authorization in GitLab
https://notcve.org/view.php?id=CVE-2026-1752
08 Apr 2026 — GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with developer-role permissions to modify protected environment settings due to improper authorization checks in the API. • https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released • CWE-863: Incorrect Authorization •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2026-2745 – Authentication Bypass Using an Alternate Path or Channel in GitLab
https://notcve.org/view.php?id=CVE-2026-2745
25 Mar 2026 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to bypass WebAuthn two-factor authentication and gain unauthorized access to user accounts due to inconsistent input validation in the authentication process. • https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2026-1182 – Improper Removal of Sensitive Information Before Storage or Transfer in GitLab
https://notcve.org/view.php?id=CVE-2026-1182
12 Mar 2026 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.14 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to gain unauthorized access to confidential issue title created in public projects under certain circumstances. • https://gitlab.com/gitlab-org/gitlab/-/work_items/586613 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2025-12576 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-12576
11 Mar 2026 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that under certain conditions could have allowed an authenticated user to cause a denial of service due to improper handling of webhook response data. • https://about.gitlab.com/releases/2026/03/11/patch-release-gitlab-18-9-2-released • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2025-13929 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-13929
11 Mar 2026 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.0 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by issuing specially crafted requests to repository archive endpoints under certain conditions. • https://about.gitlab.com/releases/2026/03/11/patch-release-gitlab-18-9-2-released • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 1CVE-2026-1090 – Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
https://notcve.org/view.php?id=CVE-2026-1090
11 Mar 2026 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user, when the `markdown_placeholders` feature flag was enabled, to inject JavaScript in a browser due to improper sanitization of placeholder content in markdown processing. • https://about.gitlab.com/releases/2026/03/11/patch-release-gitlab-18-9-2-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •