CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2025-0673 – Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab
https://notcve.org/view.php?id=CVE-2025-0673
12 Jun 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2, allow an attacker to trigger an infinite redirect loop, potentially leading to a denial of service condition. • https://gitlab.com/gitlab-org/gitlab/-/issues/514732 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-5195 – Authorization Bypass Through User-Controlled Key in GitLab
https://notcve.org/view.php?id=CVE-2025-5195
12 Jun 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. It was possible for authenticated users to access arbitrary compliance frameworks, leading to unauthorized data disclosure. • https://gitlab.com/gitlab-org/gitlab/-/issues/534960 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2025-1478 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-1478
12 Jun 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in Board Names could be used to trigger a denial of service. • https://gitlab.com/gitlab-org/gitlab/-/issues/520354 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2025-1516 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-1516
12 Jun 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 8.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper input validation in Tokens Names could be used to trigger a denial of service. • https://gitlab.com/gitlab-org/gitlab/-/issues/520553 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 1CVE-2025-2254 – Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
https://notcve.org/view.php?id=CVE-2025-2254
12 Jun 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper output encoding in the snipper viewer functionality lead to Cross-Site scripting attacks. • https://gitlab.com/gitlab-org/gitlab/-/issues/524636 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-5996 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-5996
12 Jun 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 2.1.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. A lack of input validation in HTTP responses could allow an authenticated user to cause denial of service. • https://gitlab.com/gitlab-org/gitlab/-/issues/476671 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 1CVE-2025-1763 – Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
https://notcve.org/view.php?id=CVE-2025-1763
30 May 2025 — An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1. • https://gitlab.com/gitlab-org/gitlab/-/issues/521718 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2024-7803 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2024-7803
23 May 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A Discord webhook integration may cause DoS. • https://gitlab.com/gitlab-org/gitlab/-/issues/479168 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 1CVE-2024-9163 – User Interface (UI) Misrepresentation of Critical Information in GitLab
https://notcve.org/view.php?id=CVE-2024-9163
23 May 2025 — A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs. • https://gitlab.com/gitlab-org/gitlab/-/issues/493942 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2024-12093 – Improper Validation of Consistency within Input in GitLab
https://notcve.org/view.php?id=CVE-2024-12093
22 May 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Improper XPath validation allows modified SAML response to bypass 2FA requirement under specialized conditions. • https://gitlab.com/gitlab-org/gitlab/-/issues/507445 • CWE-1288: Improper Validation of Consistency within Input •