CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 1CVE-2024-9512 – Time-of-check Time-of-use (TOCTOU) Race Condition in GitLab
https://notcve.org/view.php?id=CVE-2024-9512
12 Jun 2025 — An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync. • https://gitlab.com/gitlab-org/gitlab/-/issues/497748 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2025-0673 – Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab
https://notcve.org/view.php?id=CVE-2025-0673
12 Jun 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2, allow an attacker to trigger an infinite redirect loop, potentially leading to a denial of service condition. • https://gitlab.com/gitlab-org/gitlab/-/issues/514732 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-5195 – Authorization Bypass Through User-Controlled Key in GitLab
https://notcve.org/view.php?id=CVE-2025-5195
12 Jun 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. It was possible for authenticated users to access arbitrary compliance frameworks, leading to unauthorized data disclosure. • https://gitlab.com/gitlab-org/gitlab/-/issues/534960 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2025-1478 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-1478
12 Jun 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in Board Names could be used to trigger a denial of service. • https://gitlab.com/gitlab-org/gitlab/-/issues/520354 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2025-1516 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-1516
12 Jun 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 8.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper input validation in Tokens Names could be used to trigger a denial of service. • https://gitlab.com/gitlab-org/gitlab/-/issues/520553 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 1CVE-2025-2254 – Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
https://notcve.org/view.php?id=CVE-2025-2254
12 Jun 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper output encoding in the snipper viewer functionality lead to Cross-Site scripting attacks. • https://gitlab.com/gitlab-org/gitlab/-/issues/524636 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 1CVE-2025-4278 – Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab
https://notcve.org/view.php?id=CVE-2025-4278
12 Jun 2025 — An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html injection in new search page could lead to account takeover. • https://gitlab.com/gitlab-org/gitlab/-/issues/539198 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-5996 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-5996
12 Jun 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 2.1.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. A lack of input validation in HTTP responses could allow an authenticated user to cause denial of service. • https://gitlab.com/gitlab-org/gitlab/-/issues/476671 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2024-7803 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2024-7803
23 May 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A Discord webhook integration may cause DoS. • https://gitlab.com/gitlab-org/gitlab/-/issues/479168 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 1CVE-2024-9163 – User Interface (UI) Misrepresentation of Critical Information in GitLab
https://notcve.org/view.php?id=CVE-2024-9163
23 May 2025 — A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs. • https://gitlab.com/gitlab-org/gitlab/-/issues/493942 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •