Total CVEs

143,208

Critical Severity

4,054

High Severity

14,598

Last 7 Days

1,283
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 41 - 60 of 166 CVEs
CVE-2026-6713 MEDIUM - 5.3

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an unauthorized user to enumerate private projects due to incorrect authorization checks.

Vendor: gitlab
Product: gitlab
Published: May 27, 2026
Source: NVD
CVE-2026-5296 MEDIUM - 4.3

GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that when foundational flows were enabled at the group level, could have allowed an authenticated user with developer-role permissions to bypass flow restrictions...

Vendor: gitlab
Product: gitlab
Published: May 27, 2026
Source: NVD
CVE-2026-4868 HIGH - 8.2

GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that, under certain conditions, could have allowed an authenticated user to cause specific Duo AI workflows to run under another user's identity due to impro...

Vendor: gitlab
Product: gitlab
Published: May 27, 2026
Source: NVD
CVE-2026-2601 MEDIUM - 4.3

GitLab has remediated an issue in GitLab EE affecting all versions from 11.5 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to access sensitive deployment data on projects due to impr...

Vendor: gitlab
Product: gitlab
Published: May 27, 2026
Source: NVD
CVE-2026-1402 MEDIUM - 6.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authenticated user to cause denial of service due to insufficient validation.

Vendor: gitlab
Product: gitlab
Published: May 27, 2026
Source: NVD
CVE-2026-3515 HIGH - 8.5

A vulnerability in the `GitHubRepository` block of the `prefect-github` integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the `reference` field. The `reference` field is concatenated directly into a `git clone` command string without proper san...

Published: May 24, 2026
Source: NVD
CVE-2026-3117 MEDIUM - 6.5

Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to properly check for permissions when processing commands in the Gitlab plugin which allows normal users to uninstall instances or setup webhook connections via the {{gitlab instance {option}}} or the {{/gitlab webhook {option}}} c...

Published: May 18, 2026
Source: NVD
CVE-2026-8280 MEDIUM - 6.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to cause denial of service through excessive memory consumption due to improper input validation.

Vendor: gitlab
Product: gitlab
Published: May 14, 2026
Source: NVD
CVE-2026-8144 MEDIUM - 4.3

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with project membership to enumerate private group members due to missing authorization checks.

Vendor: gitlab
Product: gitlab
Published: May 14, 2026
Source: NVD
CVE-2026-7481 HIGH - 8.7

GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to execute arbitrary JavaScript in other users' browsers due to improper input...

Vendor: gitlab
Product: gitlab
Published: May 14, 2026
Source: NVD
CVE-2026-7471 LOW - 3.5

GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with control of a virtual registry upstream to make requests to internal hosts due to improper validation.

Vendor: gitlab
Product: gitlab
Published: May 14, 2026
Source: NVD
CVE-2026-7377 HIGH - 8.7

GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary JavaScript in the context of other users' browsers...

Vendor: gitlab
Product: gitlab
Published: May 14, 2026
Source: NVD
CVE-2026-6883 LOW - 2.6

GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to bypass merge request approval requirements due to improper cleanup of orphaned policy records.

Vendor: gitlab
Product: gitlab
Published: May 14, 2026
Source: NVD
CVE-2026-6335 MEDIUM - 5.4

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user to execute arbitrary code in another user's browser session due to improper sanitization.

Vendor: gitlab
Product: gitlab
Published: May 14, 2026
Source: NVD
CVE-2026-6073 HIGH - 8.7

GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to execute arbitrary JavaScript in other users' browsers due to improper input sanitization.

Vendor: gitlab
Product: gitlab
Published: May 14, 2026
Source: NVD
CVE-2026-6063 MEDIUM - 4.3

GitLab has remediated an issue in GitLab EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user with developer-role permissions to remove code owner approval rules from merge requests d...

Vendor: gitlab
Product: gitlab
Published: May 14, 2026
Source: NVD
CVE-2026-4527 MEDIUM - 6.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to create unauthorized Jira subscriptions for a targeted user's namespace via a specially crafted link d...

Vendor: gitlab
Product: gitlab
Published: May 14, 2026
Source: NVD
CVE-2026-4524 MEDIUM - 6.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to access confidential issue content in public projects without proper authorization due to improper authoriza...

Vendor: gitlab
Product: gitlab
Published: May 14, 2026
Source: NVD
CVE-2026-3607 MEDIUM - 4.3

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to bypass package protection rules due to improper access control.

Vendor: gitlab
Product: gitlab
Published: May 14, 2026
Source: NVD
CVE-2026-3160 MEDIUM - 5.8

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user to view Jira issues outside the configured project scope due to an integration filter functioning only as a disp...

Vendor: gitlab
Product: gitlab
Published: May 14, 2026
Source: NVD