CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2025-1299 – Missing Authorization in GitLab
https://notcve.org/view.php?id=CVE-2025-1299
24 Jul 2025 — An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 18.0.5, all versions starting from 18.1 before 18.1.3, all versions starting from 18.2 before 18.2.1 that, under circumstances, could have allowed an unauthorized user to read deployment job logs by sending a crafted request. • https://gitlab.com/gitlab-org/gitlab/-/issues/519696 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2025-7001 – Insufficient Granularity of Access Control in GitLab
https://notcve.org/view.php?id=CVE-2025-7001
24 Jul 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed priviledged users to access certain resource_group information through the API which should have been unavailable. • https://gitlab.com/gitlab-org/gitlab/-/issues/553163 • CWE-1220: Insufficient Granularity of Access Control •
CVSS: 7.7EPSS: 0%CPEs: 3EXPL: 1CVE-2025-4439 – Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
https://notcve.org/view.php?id=CVE-2025-4439
23 Jul 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed an authenticated user to perform cross-site scripting attacks when the instance is served through certain content delivery networks. • https://gitlab.com/gitlab-org/gitlab/-/issues/541177 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 1CVE-2025-4700 – Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
https://notcve.org/view.php?id=CVE-2025-4700
23 Jul 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under specific circumstances, could have potentially allowed a successful attacker to trigger unintended content rendering leading to XSS. • https://gitlab.com/gitlab-org/gitlab/-/issues/542915 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2025-3396 – Incorrect Authorization in GitLab
https://notcve.org/view.php?id=CVE-2025-3396
10 Jul 2025 — An issue has been discovered in GitLab EE affecting all versions from 13.3 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that could have allowed authenticated project owners to bypass group-level forking restrictions by manipulating API requests. • https://gitlab.com/gitlab-org/gitlab/-/issues/534636 • CWE-863: Incorrect Authorization •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2025-3279 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-3279
26 Jun 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated attackers to create a DoS condition by sending crafted GraphQL requests. • https://gitlab.com/gitlab-org/gitlab/-/issues/534424 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 3.1EPSS: 0%CPEs: 3EXPL: 1CVE-2023-5600 – Missing Authorization in GitLab
https://notcve.org/view.php?id=CVE-2023-5600
20 Jun 2025 — An issue has been discovered in GitLab EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. Arbitrary access to the titles of an private specific references could be leaked through the service-desk custom email template. • https://gitlab.com/gitlab-org/gitlab/-/issues/428268 • CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 1CVE-2024-4025 – Inefficient Regular Expression Complexity in GitLab
https://notcve.org/view.php?id=CVE-2024-4025
20 Jun 2025 — A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions from 7.10 prior before 16.11.5, version 17.0 before 17.0.3, and 17.1 before 17.1.1. It is possible for an attacker to cause a denial of service using a crafted markdown page. • https://gitlab.com/gitlab-org/gitlab/-/issues/457474 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 3.7EPSS: 0%CPEs: 3EXPL: 0CVE-2025-5982 – Insufficient Granularity of Access Control in GitLab
https://notcve.org/view.php?id=CVE-2025-5982
12 Jun 2025 — An issue has been discovered in GitLab EE affecting all versions from 12.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Under certain conditions users could bypass IP access restrictions and view sensitive information. • https://gitlab.com/gitlab-org/gitlab/-/issues/514456 • CWE-1220: Insufficient Granularity of Access Control •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 1CVE-2024-9512 – Time-of-check Time-of-use (TOCTOU) Race Condition in GitLab
https://notcve.org/view.php?id=CVE-2024-9512
12 Jun 2025 — An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync. • https://gitlab.com/gitlab-org/gitlab/-/issues/497748 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •