CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 1CVE-2024-9512 – Time-of-check Time-of-use (TOCTOU) Race Condition in GitLab
https://notcve.org/view.php?id=CVE-2024-9512
12 Jun 2025 — An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync. • https://gitlab.com/gitlab-org/gitlab/-/issues/497748 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-5996 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-5996
12 Jun 2025 — An issue has been discovered in GitLab CE/EE affecting all versions from 2.1.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. A lack of input validation in HTTP responses could allow an authenticated user to cause denial of service. • https://gitlab.com/gitlab-org/gitlab/-/issues/476671 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2025-0993 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-0993
22 May 2025 — An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. This could allow an authenticated attacker to cause a denial of service condition by exhausting server resources. • https://gitlab.com/gitlab-org/gitlab/-/issues/516927 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2025-2853 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-2853
22 May 2025 — An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of proper validation in GitLab could allow an authenticated user to cause a denial of service condition. • https://gitlab.com/gitlab-org/gitlab/-/issues/527218 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-4979 – Insufficient Granularity of Access Control in GitLab
https://notcve.org/view.php?id=CVE-2025-4979
22 May 2025 — An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. An attacker may be able to reveal masked or hidden CI variables (that they did not author) in the WebUI, by simply creating their own variable and observing the HTTP response. • https://gitlab.com/gitlab-org/gitlab/-/issues/524455 • CWE-1220: Insufficient Granularity of Access Control •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2025-1677 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2025-1677
10 Apr 2025 — A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all up to 17.8.7, 17.9 prior to 17.9.6 and 17.10 prior to 17.10.4 A denial of service could occur upon injecting oversized payloads into CI pipeline exports. • https://gitlab.com/gitlab-org/gitlab/-/issues/521117 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2024-13054 – Allocation of Resources Without Limits or Throttling in GitLab
https://notcve.org/view.php?id=CVE-2024-13054
13 Mar 2025 — An issue was discovered in GitLab CE/EE affecting all versions before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2. where a denial of service vulnerability could allow an attacker to cause a system reboot under certain conditions. • https://gitlab.com/gitlab-org/gitlab/-/issues/511004 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2024-5528 – Incomplete Comparison with Missing Factors in GitLab
https://notcve.org/view.php?id=CVE-2024-5528
05 Feb 2025 — An issue was discovered in GitLab CE/EE affecting all versions prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows a subdomain takeover in GitLab Pages. • https://gitlab.com/gitlab-org/gitlab/-/issues/464558 • CWE-1023: Incomplete Comparison with Missing Factors •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5117 – Exposure of Sensitive Information Due to Incompatible Policies in GitLab
https://notcve.org/view.php?id=CVE-2023-5117
25 Dec 2024 — An issue was discovered in GitLab CE/EE affecting all versions before 17.6.0 in which users were unaware that files uploaded to comments on confidential issues and epics of public projects could be accessed without authentication via a direct link to the uploaded file URL. Se descubrió un problema en GitLab CE/EE que afectaba a todas las versiones anteriores a 17.6.0 en el que los usuarios no sabían que se podía acceder a los archivos cargados para comentarios sobre temas confidenciales y epopeyas de proyec... • https://gitlab.com/gitlab-org/gitlab/-/issues/398250 • CWE-213: Exposure of Sensitive Information Due to Incompatible Policies •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2024-8041 – Uncontrolled Resource Consumption in GitLab
https://notcve.org/view.php?id=CVE-2024-8041
22 Aug 2024 — A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1. A denial of service could occur upon importing a maliciously crafted repository using the GitHub importer. • https://gitlab.com/gitlab-org/gitlab/-/issues/463092 • CWE-400: Uncontrolled Resource Consumption •