CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2025-0765 – Incorrect Authorization in GitLab
https://notcve.org/view.php?id=CVE-2025-0765
24 Jul 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed an unauthorized user to access custom service desk email addresses. • https://gitlab.com/gitlab-org/gitlab/-/issues/515381 • CWE-863: Incorrect Authorization •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2025-1299 – Missing Authorization in GitLab
https://notcve.org/view.php?id=CVE-2025-1299
24 Jul 2025 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 18.0.5, all versions starting from 18.1 before 18.1.3, all versions starting from 18.2 before 18.2.1 that, under circumstances, could have allowed an unauthorized user to read deployment job logs by sending a crafted request. • https://gitlab.com/gitlab-org/gitlab/-/issues/519696 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2025-4976 – Exposure of Sensitive Information Due to Incompatible Policies in GitLab
https://notcve.org/view.php?id=CVE-2025-4976
24 Jul 2025 — An issue has been discovered in GitLab EE affecting all versions from 17.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under certain circumstances, could have allowed an attacker to access internal notes in GitLab Duo responses. • https://gitlab.com/gitlab-org/gitlab/-/issues/543905 • CWE-213: Exposure of Sensitive Information Due to Incompatible Policies •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2025-7001 – Insufficient Granularity of Access Control in GitLab
https://notcve.org/view.php?id=CVE-2025-7001
24 Jul 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed priviledged users to access certain resource_group information through the API which should have been unavailable. • https://gitlab.com/gitlab-org/gitlab/-/issues/553163 • CWE-1220: Insufficient Granularity of Access Control •
CVSS: 7.7EPSS: 0%CPEs: 3EXPL: 1CVE-2025-4439 – Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
https://notcve.org/view.php?id=CVE-2025-4439
23 Jul 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed an authenticated user to perform cross-site scripting attacks when the instance is served through certain content delivery networks. • https://gitlab.com/gitlab-org/gitlab/-/issues/541177 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 1CVE-2025-4700 – Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
https://notcve.org/view.php?id=CVE-2025-4700
23 Jul 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under specific circumstances, could have potentially allowed a successful attacker to trigger unintended content rendering leading to XSS. • https://gitlab.com/gitlab-org/gitlab/-/issues/542915 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2025-3396 – Incorrect Authorization in GitLab
https://notcve.org/view.php?id=CVE-2025-3396
10 Jul 2025 — An issue has been discovered in GitLab EE affecting all versions from 13.3 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that could have allowed authenticated project owners to bypass group-level forking restrictions by manipulating API requests. • https://gitlab.com/gitlab-org/gitlab/-/issues/534636 • CWE-863: Incorrect Authorization •
CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 1CVE-2025-6948 – Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
https://notcve.org/view.php?id=CVE-2025-6948
10 Jul 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that, under certain conditions, could have allowed a successful attacker to execute actions on behalf of users by injecting malicious content. • https://gitlab.com/gitlab-org/gitlab/-/issues/552616 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 1CVE-2025-1754 – Missing Authentication for Critical Function in GitLab
https://notcve.org/view.php?id=CVE-2025-1754
26 Jun 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed unauthenticated attackers to upload arbitrary files to public projects by sending crafted API requests, potentially leading to resource abuse and unauthorized content storage. • https://gitlab.com/gitlab-org/gitlab/-/issues/521619 • CWE-306: Missing Authentication for Critical Function •
CVSS: 3.1EPSS: 0%CPEs: 3EXPL: 1CVE-2025-2938 – Business Logic Errors in GitLab
https://notcve.org/view.php?id=CVE-2025-2938
26 Jun 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to gain elevated project privileges by requesting access to projects where role modifications during the approval process resulted in unintended permission grants. • https://gitlab.com/gitlab-org/gitlab/-/issues/529006 • CWE-840: Business Logic Errors •