CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2024-10307 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2024-10307
28 Mar 2025 — An issue has been discovered in GitLab EE/CE affecting all versions from 12.10 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A maliciously crafted file can cause uncontrolled CPU consumption when viewing the associated merge request. • https://gitlab.com/gitlab-org/gitlab/-/issues/500497 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2024-12619 – Insufficient Granularity of Access Control in GitLab
https://notcve.org/view.php?id=CVE-2024-12619
28 Mar 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1, allowing internal users to gain unauthorized access to internal projects. • https://gitlab.com/gitlab-org/gitlab/-/issues/509324 • CWE-1220: Insufficient Granularity of Access Control •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2025-2867 – Improper Control of Generation of Code ('Code Injection') in GitLab
https://notcve.org/view.php?id=CVE-2025-2867
27 Mar 2025 — An issue has been discovered in the GitLab Duo with Amazon Q affecting all versions from 17.8 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A specifically crafted issue could manipulate AI-assisted development features to potentially expose sensitive project data to unauthorized users. • https://gitlab.com/gitlab-org/gitlab/-/issues/512509 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 3.7EPSS: 0%CPEs: 3EXPL: 1CVE-2024-9773 – Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab
https://notcve.org/view.php?id=CVE-2024-9773
27 Mar 2025 — An issue was discovered in GitLab EE affecting all versions starting from 14.9 before 17.8.6, all versions starting from 17.9 before 17.8.3, all versions starting from 17.10 before 17.10.1. An input validation issue in the Harbor registry integration could have allowed a maintainer to add malicious code to the CLI commands shown in the UI. Se detectó un problema en GitLab EE que afectaba a todas las versiones (desde la 14.9 hasta la 17.8.6), a todas las versiones (desde la 17.9 hasta la 17.8.3) y a todas la... • https://gitlab.com/gitlab-org/gitlab/-/issues/498557 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 1CVE-2025-0811 – Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
https://notcve.org/view.php?id=CVE-2025-0811
27 Mar 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Improper rendering of certain file types leads to cross-site scripting. Se ha detectado un problema en GitLab CE/EE que afecta a todas las versiones (desde la 17.7 hasta la 17.8.6), la 17.9 hasta la 17.9.3 y la 17.10 hasta la 17.10.1. La representación incorrecta de ciertos tipos de archivos provoca cross-site scripting. • https://gitlab.com/gitlab-org/gitlab/-/issues/515566 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-2242 – Incorrect Authorization in GitLab
https://notcve.org/view.php?id=CVE-2025-2242
27 Mar 2025 — An improper access control vulnerability in GitLab CE/EE affecting all versions from 17.4 prior to 17.8.6, 17.9 prior to 17.9.3, and 17.10 prior to 17.10.1 allows a user who was an instance admin before but has since been downgraded to a regular user to continue to maintain elevated privileges to groups and projects. Una vulnerabilidad de control de acceso inadecuado en GitLab CE/EE que afecta a todas las versiones desde la 17.4 anterior a la 17.8.6, la 17.9 anterior a la 17.9.3 y la 17.10 anterior a la 17.... • https://gitlab.com/gitlab-org/gitlab/-/issues/516271 • CWE-863: Incorrect Authorization •
CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 1CVE-2025-2255 – Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
https://notcve.org/view.php?id=CVE-2025-2255
27 Mar 2025 — An issue has been discovered in Gitlab EE/CE for AppSec affecting all versions from 13.5.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Certain error messages could allow Cross-Site Scripting attacks (XSS). for AppSec. Se ha detectado un problema en Gitlab EE/CE para AppSec que afecta a todas las versiones desde la 13.5.0 hasta la 17.8.6, la 17.9 hasta la 17.9.3 y la 17.10 hasta la 17.10.1. Algunos mensajes de error podrían permitir ataques de Cross-Site Scripting (XSS) para AppSec. • https://gitlab.com/gitlab-org/gitlab/-/issues/524635 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 1CVE-2024-7296 – Incorrect Authorization in GitLab
https://notcve.org/view.php?id=CVE-2024-7296
13 Mar 2025 — An issue was discovered in GitLab EE affecting all versions from 16.5 prior to 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2 which allowed a user with a custom permission to approve pending membership requests beyond the maximum number of allowed users. • https://gitlab.com/gitlab-org/gitlab/-/issues/475056 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2025-1257 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-1257
13 Mar 2025 — An issue was discovered in GitLab EE affecting all versions starting with 12.3 before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2. A vulnerability in certain GitLab instances could allow an attacker to cause a denial of service condition by manipulating specific API inputs. • https://gitlab.com/gitlab-org/gitlab/-/issues/519348 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 3.7EPSS: 0%CPEs: 3EXPL: 1CVE-2024-8402 – Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab
https://notcve.org/view.php?id=CVE-2024-8402
13 Mar 2025 — An issue was discovered in GitLab EE affecting all versions starting from 17.2 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. An input validation issue in the Google Cloud IAM integration feature could have enabled a Maintainer to introduce malicious code. • https://gitlab.com/gitlab-org/gitlab/-/issues/482813 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •