CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2024-10307 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2024-10307
28 Mar 2025 — An issue has been discovered in GitLab EE/CE affecting all versions from 12.10 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A maliciously crafted file can cause uncontrolled CPU consumption when viewing the associated merge request. • https://gitlab.com/gitlab-org/gitlab/-/issues/500497 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 3.7EPSS: 0%CPEs: 3EXPL: 1CVE-2024-9773 – Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab
https://notcve.org/view.php?id=CVE-2024-9773
27 Mar 2025 — An issue was discovered in GitLab EE affecting all versions starting from 14.9 before 17.8.6, all versions starting from 17.9 before 17.8.3, all versions starting from 17.10 before 17.10.1. An input validation issue in the Harbor registry integration could have allowed a maintainer to add malicious code to the CLI commands shown in the UI. Se detectó un problema en GitLab EE que afectaba a todas las versiones (desde la 14.9 hasta la 17.8.6), a todas las versiones (desde la 17.9 hasta la 17.8.3) y a todas la... • https://gitlab.com/gitlab-org/gitlab/-/issues/498557 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 1CVE-2025-2255 – Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
https://notcve.org/view.php?id=CVE-2025-2255
27 Mar 2025 — An issue has been discovered in Gitlab EE/CE for AppSec affecting all versions from 13.5.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Certain error messages could allow Cross-Site Scripting attacks (XSS). for AppSec. Se ha detectado un problema en Gitlab EE/CE para AppSec que afecta a todas las versiones desde la 13.5.0 hasta la 17.8.6, la 17.9 hasta la 17.9.3 y la 17.10 hasta la 17.10.1. Algunos mensajes de error podrían permitir ataques de Cross-Site Scripting (XSS) para AppSec. • https://gitlab.com/gitlab-org/gitlab/-/issues/524635 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2025-1257 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-1257
13 Mar 2025 — An issue was discovered in GitLab EE affecting all versions starting with 12.3 before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2. A vulnerability in certain GitLab instances could allow an attacker to cause a denial of service condition by manipulating specific API inputs. • https://gitlab.com/gitlab-org/gitlab/-/issues/519348 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 1CVE-2024-12380 – Generation of Error Message Containing Sensitive Information in GitLab
https://notcve.org/view.php?id=CVE-2024-12380
13 Mar 2025 — An issue was discovered in GitLab EE/CE affecting all versions starting from 11.5 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. Certain user inputs in repository mirroring settings could potentially expose sensitive authentication information. • https://gitlab.com/gitlab-org/gitlab/-/issues/508557 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2024-13054 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2024-13054
13 Mar 2025 — An issue was discovered in GitLab CE/EE affecting all versions before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2. where a denial of service vulnerability could allow an attacker to cause a system reboot under certain conditions. • https://gitlab.com/gitlab-org/gitlab/-/issues/511004 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2024-12379 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2024-12379
12 Feb 2025 — A denial of service vulnerability in GitLab CE/EE affecting all versions from 14.1 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to impact the availability of GitLab via unbounded symbol creation via the scopes parameter in a Personal Access Token. • https://gitlab.com/gitlab-org/gitlab/-/issues/508559 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 1CVE-2025-0376 – Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
https://notcve.org/view.php?id=CVE-2025-0376
12 Feb 2025 — An XSS vulnerability exists in GitLab CE/EE affecting all versions from 13.3 prior to 17.6.5, 17.7 prior to 17.7.4 and 17.8 prior to 17.8.2 that allows an attacker to execute unauthorized actions via a change page. • https://gitlab.com/gitlab-org/gitlab/-/issues/512603 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-1212 – Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab
https://notcve.org/view.php?id=CVE-2025-1212
12 Feb 2025 — An information disclosure vulnerability in GitLab CE/EE affecting all versions from 8.3 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send a crafted request to a backend server to reveal sensitive information. • https://gitlab.com/gitlab-org/gitlab/-/issues/502196 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 1CVE-2025-1042 – Files or Directories Accessible to External Parties in GitLab
https://notcve.org/view.php?id=CVE-2025-1042
12 Feb 2025 — An insecure direct object reference vulnerability in GitLab EE affecting all versions from 15.7 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to view repositories in an unauthorized way. • https://gitlab.com/gitlab-org/gitlab/-/issues/50849943 • CWE-552: Files or Directories Accessible to External Parties •