CVSS: 5.8EPSS: %CPEs: 3EXPL: 1CVE-2025-2246 – Missing Authorization in GitLab
https://notcve.org/view.php?id=CVE-2025-2246
27 Aug 2025 — An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have allowed unauthenticated users to access sensitive manual CI/CD variables by querying the GraphQL API. • https://gitlab.com/gitlab-org/gitlab/-/issues/524592 • CWE-862: Missing Authorization •
CVSS: 6.8EPSS: %CPEs: 3EXPL: 1CVE-2025-3601 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-3601
27 Aug 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 8.15 before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have could have allowed an authenticated user to cause a Denial of Service (DoS) condition by submitting URLs that generate excessively large responses. • https://gitlab.com/gitlab-org/gitlab/-/issues/536034 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.0EPSS: %CPEs: 3EXPL: 1CVE-2025-5101 – Improper Control of Generation of Code ('Code Injection') in GitLab
https://notcve.org/view.php?id=CVE-2025-5101
27 Aug 2025 — An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that under certain conditions could have allowed an authenticated attacker to distribute malicious code that appears harmless in the web interface by taking advantage of ambiguity between branches and tags during repository imports. • https://gitlab.com/gitlab-org/gitlab/-/issues/545165 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2025-1477 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-1477
13 Aug 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 8.14 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an unauthenticated user to create a denial of service condition by sending specially crafted payloads to specific integration API endpoints. • https://gitlab.com/gitlab-org/gitlab/-/issues/520353 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2025-3279 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-3279
26 Jun 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated attackers to create a DoS condition by sending crafted GraphQL requests. • https://gitlab.com/gitlab-org/gitlab/-/issues/534424 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 1CVE-2024-4025 – Inefficient Regular Expression Complexity in GitLab
https://notcve.org/view.php?id=CVE-2024-4025
20 Jun 2025 — A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions from 7.10 prior before 16.11.5, version 17.0 before 17.0.3, and 17.1 before 17.1.1. It is possible for an attacker to cause a denial of service using a crafted markdown page. • https://gitlab.com/gitlab-org/gitlab/-/issues/457474 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 1CVE-2024-9512 – Time-of-check Time-of-use (TOCTOU) Race Condition in GitLab
https://notcve.org/view.php?id=CVE-2024-9512
12 Jun 2025 — An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync. • https://gitlab.com/gitlab-org/gitlab/-/issues/497748 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2025-1478 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-1478
12 Jun 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in Board Names could be used to trigger a denial of service. • https://gitlab.com/gitlab-org/gitlab/-/issues/520354 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2025-1516 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-1516
12 Jun 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 8.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper input validation in Tokens Names could be used to trigger a denial of service. • https://gitlab.com/gitlab-org/gitlab/-/issues/520553 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-5996 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-5996
12 Jun 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 2.1.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. A lack of input validation in HTTP responses could allow an authenticated user to cause denial of service. • https://gitlab.com/gitlab-org/gitlab/-/issues/476671 • CWE-770: Allocation of Resources Without Limits or Throttling •