Total CVEs

143,208

Critical Severity

4,054

High Severity

14,598

Last 7 Days

1,280
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1 - 20 of 166 CVEs
CVE-2026-8472 MEDIUM - 4.3

GitLab has remediated an issue in GitLab EE affecting all versions from 18.9 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with minimal access permissions to read work item metadata from private projects due to missi...

Published: Jul 08, 2026
Source: NVD
CVE-2026-7492 MEDIUM - 4.3

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an unauthenticated user to determine the existence of a private project due to improper authorization controls on...

Published: Jul 08, 2026
Source: NVD
CVE-2026-6896 HIGH - 8.7

GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with developer-role permissions to execute arbitrary scripts in another user's browser ...

Published: Jul 08, 2026
Source: NVD
CVE-2026-6352 LOW - 2.7

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with auditor-level access to modify compliance violation records due to improper authorizatio...

Published: Jul 08, 2026
Source: NVD
CVE-2026-13320 HIGH - 7.3

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.7 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to execute arbitrary scripts in another user's browser session due to improper saniti...

Vendor: GitLab
Product: GitLab
Published: Jul 08, 2026
Source: NVD

GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to modify group-level settings beyond their intended permissions due to improper authorizati...

Vendor: GitLab
Product: GitLab
Published: Jul 08, 2026
Source: NVD
CVE-2026-11827 MEDIUM - 4.9

GitLab has remediated an issue in GitLab EE affecting all versions from 9.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to obtain another user's stored credentials due to impro...

Vendor: GitLab
Product: GitLab
Published: Jul 08, 2026
Source: NVD

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to create a repository where the content displayed in the web interface differed from the ...

Vendor: GitLab
Product: GitLab
Published: Jul 08, 2026
Source: NVD

electron-updater allows for automatic updates for Electron apps. Prior to 9.7.0, the HTTP redirect handler (HttpExecutor.prepareRedirectUrlOptions) only stripped a credential header whose key string matched exactly lowercase "authorization", exposing credentials. Other credential-bearing h...

Vendor: electron-userland
Product: electron-builder, builder-util-runtime
Published: Jun 30, 2026
Source: NVD
CVE-2026-58370 HIGH - 8.1

Woodpecker before 3.15.0 matches the ApprovalAllowedUsers bypass list against pipeline.Author. For the GitLab forge driver, pipeline.Author is populated from the git commit author name (commit.author.name) carried in the webhook payload, which is attacker-controlled and not verified by GitLab. A use...

Vendor: woodpecker-ci
Product: woodpecker
Published: Jun 30, 2026
Source: NVD
CVE-2026-27882 MEDIUM - 4.8

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.461, the GitLab webhook endpoint uses a non-constant-time string comparison operator (!==) to validate the webhook secret token. This implementation is vulnerable to timing attacks...

Vendor: coollabsio
Product: coolify
Published: Jun 30, 2026
Source: NVD
CVE-2026-8330 MEDIUM - 4.4

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed sensitive information to be written to application logs due to insufficient filtering in a CI/CD API endpoint.

Vendor: gitlab
Product: gitlab
Published: Jun 25, 2026
Source: NVD
CVE-2026-5952 MEDIUM - 4.3

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to bypass package protection rules and overwrite protecte...

Vendor: gitlab
Product: gitlab
Published: Jun 25, 2026
Source: NVD
CVE-2026-5796 MEDIUM - 4.3

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with Reporter-level group permissions to view package metadata from projects with the Pack...

Vendor: gitlab
Product: gitlab
Published: Jun 25, 2026
Source: NVD
CVE-2026-5309 MEDIUM - 5.4

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user to read or modify another group's virtual registry cleanup policy settings without autho...

Vendor: gitlab
Product: gitlab
Published: Jun 25, 2026
Source: NVD
CVE-2026-3176 LOW - 3.1

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with limited permissions to access project information due to insufficient authorization chec...

Vendor: gitlab
Product: gitlab
Published: Jun 25, 2026
Source: NVD
CVE-2026-2238 MEDIUM - 5.3

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.5 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an unauthenticated user to view confidential issue references on public projects due to improper authorization c...

Vendor: gitlab
Product: gitlab
Published: Jun 25, 2026
Source: NVD
CVE-2026-1606 MEDIUM - 4.3

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.8 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user to conceal content within a Snippet due to improper input validation.

Vendor: gitlab
Product: gitlab
Published: Jun 25, 2026
Source: NVD

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to make requests to internal network resources through mir...

Vendor: GitLab
Product: GitLab
Published: Jun 25, 2026
Source: NVD
CVE-2026-12053 HIGH - 8.6

GitLab has remediated an issue in GitLab EE affecting all versions from 19.1 before 19.1.1 that under certain conditions could have allowed a user to access sensitive information that had already been committed to a project, due to insufficient output filtering in Duo Workflows.

Vendor: GitLab
Product: GitLab
Published: Jun 25, 2026
Source: NVD