Total CVEs

143,208

Critical Severity

4,054

High Severity

14,598

Last 7 Days

1,280
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 81 - 100 of 166 CVEs
CVE-2026-3254 LOW - 3.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to load unauthorized content into another user's browser due to improper input validation in the Mermaid sandbox.

Vendor: gitlab
Product: gitlab
Published: Apr 22, 2026
Source: NVD
CVE-2026-1660 MEDIUM - 6.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to cause denial of service when importing issues due to improper input validation.

Vendor: gitlab
Product: gitlab
Published: Apr 22, 2026
Source: NVD
CVE-2025-9957 LOW - 2.7

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user with project owner permissions to bypass group fork prevention settings due to improper...

Vendor: gitlab
Product: gitlab
Published: Apr 22, 2026
Source: NVD
CVE-2025-6016 MEDIUM - 6.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause denial of service due to insufficient resource allocation limits when retrieving notes under certain con...

Vendor: gitlab
Product: gitlab
Published: Apr 22, 2026
Source: NVD
CVE-2025-3922 MEDIUM - 6.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.4 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause denial of service by overwhelming system resources under certain conditions due to insufficient resourc...

Vendor: gitlab
Product: gitlab
Published: Apr 22, 2026
Source: NVD
CVE-2025-0186 MEDIUM - 6.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an authenticated user to cause denial of service under certain conditions by exhausting server resources by making crafted requests to...

Vendor: gitlab
Product: gitlab
Published: Apr 22, 2026
Source: NVD
CVE-2026-40161 HIGH - 7.7

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0.0 to 1.10.0, the Tekton Pipelines git resolver in API mode sends the system-configured Git API token to a user-controlled serverURL when the user omits the token parameter. A tenant with TaskRun or Pi...

Vendor: tektoncd
Product: pipeline
Published: Apr 21, 2026
Source: NVD
CVE-2026-5173 HIGH - 8.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to invoke unintended server-side methods through websocket connections due to improper access control.

Published: Apr 08, 2026
Source: NVD
CVE-2026-4916 LOW - 2.7

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with custom role permissions to demote or remove higher-privileged group members due to improper authorization che...

Published: Apr 08, 2026
Source: NVD
CVE-2026-4332 MEDIUM - 5.4

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary JavaScript in the context of other users' browsers d...

Published: Apr 08, 2026
Source: NVD
CVE-2026-2619 MEDIUM - 4.3

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that under certain circumstances could have allowed an authenticated user with auditor privileges to modify vulnerability flag data in private projects due to inco...

Vendor: gitlab
Product: gitlab
Published: Apr 08, 2026
Source: NVD
CVE-2026-2104 MEDIUM - 4.3

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to access confidential issues assigned to other users via CSV export due to insufficient authorization checks.

Vendor: gitlab
Product: gitlab
Published: Apr 08, 2026
Source: NVD
CVE-2026-1752 MEDIUM - 4.3

GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with developer-role permissions to modify protected environment settings due to improper authorization checks in the ...

Vendor: gitlab
Product: gitlab
Published: Apr 08, 2026
Source: NVD
CVE-2026-1516 MEDIUM - 5.7

GitLab has remediated an issue in GitLab EE affecting all versions from 18.0.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that in Code Quality reports could have allowed an authenticated user to leak IP addresses of users viewing the report via specially crafted content.

Vendor: gitlab
Product: gitlab
Published: Apr 08, 2026
Source: NVD
CVE-2026-1101 MEDIUM - 6.5

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to cause denial of service to the GitLab instance due to improper input validation in GraphQL queries.

Vendor: gitlab
Product: gitlab
Published: Apr 08, 2026
Source: NVD
CVE-2026-1092 HIGH - 7.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service due to improper input validation of JSON payloads.

Vendor: gitlab
Product: gitlab
Published: Apr 08, 2026
Source: NVD
CVE-2025-9484 MEDIUM - 4.3

GitLab has remediated an issue in GitLab EE affecting all versions from 16.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that under certain circumstances could have allowed an authenticated user to have access to other users' email addresses via certain GraphQL queries.

Vendor: gitlab
Product: gitlab
Published: Apr 08, 2026
Source: NVD
CVE-2025-12664 HIGH - 7.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service by sending repeated GraphQL queries.

Vendor: GitLab
Product: GitLab
Published: Apr 08, 2026
Source: NVD
CVE-2026-2370 HIGH - 8.1

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 affecting Jira Connect installations that could have allowed an authenticated user with minimal workspace permissions to obtain installation credentials and imp...

Vendor: gitlab
Product: gitlab
Published: Mar 30, 2026
Source: NVD
CVE-2026-3988 HIGH - 7.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to cause a denial of service by making the GitLab instance unresponsive due to improper input validation in Grap...

Vendor: gitlab
Product: gitlab
Published: Mar 25, 2026
Source: NVD