CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2024-10219 – Incorrect Authorization in GitLab
https://notcve.org/view.php?id=CVE-2024-10219
13 Aug 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 15.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users to bypass access controls and download private artifacts by accessing specific API endpoints. • https://gitlab.com/gitlab-org/gitlab/-/issues/500134 • CWE-863: Incorrect Authorization •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2025-1477 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-1477
13 Aug 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 8.14 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an unauthenticated user to create a denial of service condition by sending specially crafted payloads to specific integration API endpoints. • https://gitlab.com/gitlab-org/gitlab/-/issues/520353 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 3.1EPSS: 0%CPEs: 3EXPL: 1CVE-2025-2498 – Insufficient Granularity of Access Control in GitLab
https://notcve.org/view.php?id=CVE-2025-2498
13 Aug 2025 — An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that under certain conditions could have allowed users to view assigned issues from restricted groups by bypassing IP restrictions. • https://gitlab.com/gitlab-org/gitlab/-/issues/525515 • CWE-1220: Insufficient Granularity of Access Control •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2025-2614 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-2614
13 Aug 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an authenticated user to cause a denial of service condition by creating specially crafted content that consumes excessive server resources when processed. • https://gitlab.com/gitlab-org/gitlab/-/issues/526349 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2025-2937 – Inefficient Regular Expression Complexity in GitLab
https://notcve.org/view.php?id=CVE-2025-2937
13 Aug 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 13.2 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to create a denial of service condition by sending specially crafted markdown payloads to the Wiki feature. • https://gitlab.com/gitlab-org/gitlab/-/issues/528995 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 1CVE-2025-5819 – Incorrect Permission Assignment for Critical Resource in GitLab
https://notcve.org/view.php?id=CVE-2025-5819
13 Aug 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 15.7 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that could have allowed authenticated users with developer access to obtain ID tokens for protected branches under certain circumstances. • https://gitlab.com/gitlab-org/gitlab/-/issues/548165 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 1CVE-2025-7734 – Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
https://notcve.org/view.php?id=CVE-2025-7734
13 Aug 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 14.2 before 18.0.6, 18.1 before 18.1.4 and 18.2 before 18.2.2 that, under certain conditions, could have allowed a successful attacker to execute actions on behalf of users by injecting malicious content. • https://gitlab.com/gitlab-org/gitlab/-/issues/556090 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2025-1299 – Missing Authorization in GitLab
https://notcve.org/view.php?id=CVE-2025-1299
24 Jul 2025 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 18.0.5, all versions starting from 18.1 before 18.1.3, all versions starting from 18.2 before 18.2.1 that, under circumstances, could have allowed an unauthorized user to read deployment job logs by sending a crafted request. • https://gitlab.com/gitlab-org/gitlab/-/issues/519696 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2025-4976 – Exposure of Sensitive Information Due to Incompatible Policies in GitLab
https://notcve.org/view.php?id=CVE-2025-4976
24 Jul 2025 — An issue has been discovered in GitLab EE affecting all versions from 17.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under certain circumstances, could have allowed an attacker to access internal notes in GitLab Duo responses. • https://gitlab.com/gitlab-org/gitlab/-/issues/543905 • CWE-213: Exposure of Sensitive Information Due to Incompatible Policies •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2025-7001 – Insufficient Granularity of Access Control in GitLab
https://notcve.org/view.php?id=CVE-2025-7001
24 Jul 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed priviledged users to access certain resource_group information through the API which should have been unavailable. • https://gitlab.com/gitlab-org/gitlab/-/issues/553163 • CWE-1220: Insufficient Granularity of Access Control •