Total CVEs

143,208

Critical Severity

4,054

High Severity

14,598

Last 7 Days

1,275
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 101 - 120 of 166 CVEs
CVE-2026-3857 HIGH - 8.1

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to execute arbitrary GraphQL mutations on behalf of authenticated users due to insufficient CSRF protection.

Vendor: gitlab
Product: gitlab
Published: Mar 25, 2026
Source: NVD
CVE-2026-2995 HIGH - 7.7

GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to add email addresses to targeted user accounts due to improper sanitization of HTML content.

Vendor: gitlab
Product: gitlab
Published: Mar 25, 2026
Source: NVD
CVE-2026-2973 MEDIUM - 5.4

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to execute arbitrary JavaScript in a user's browser due to improper sanitization of entity-encoded content in...

Vendor: gitlab
Product: gitlab
Published: Mar 25, 2026
Source: NVD
CVE-2026-2745 MEDIUM - 6.8

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to bypass WebAuthn two-factor authentication and gain unauthorized access to user accounts due to inconsistent i...

Vendor: gitlab
Product: gitlab
Published: Mar 25, 2026
Source: NVD
CVE-2026-2726 MEDIUM - 4.3

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to perform unauthorized actions on merge requests in other projects due to improper access control during cross-r...

Vendor: gitlab
Product: gitlab
Published: Mar 25, 2026
Source: NVD
CVE-2026-1724 MEDIUM - 6.8

GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to access API tokens of self-hosted AI models due to improper access control.

Vendor: gitlab
Product: gitlab
Published: Mar 25, 2026
Source: NVD
CVE-2025-14595 MEDIUM - 4.3

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user with Planner role to view security category metadata and attributes in group security config...

Vendor: GitLab
Product: GitLab
Published: Mar 25, 2026
Source: NVD
CVE-2025-13436 MEDIUM - 6.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when handling certain CI-related inputs.

Vendor: GitLab
Product: GitLab
Published: Mar 25, 2026
Source: NVD
CVE-2025-13078 MEDIUM - 6.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when processing certain webhook configuration ...

Vendor: GitLab
Product: GitLab
Published: Mar 25, 2026
Source: NVD
CVE-2026-4363 LOW - 3.7

GitLab has remediated an issue in GitLab EE affecting all versions from 18.1 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user to gain unauthorized access to resources due to improper caching of authorization decisions.

Vendor: gitlab
Product: gitlab
Published: Mar 25, 2026
Source: NVD
CVE-2026-1182 MEDIUM - 4.3

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.14 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to gain unauthorized access to confidential issue title created in public projects under certain circumstances.

Vendor: gitlab
Product: gitlab
Published: Mar 12, 2026
Source: NVD
CVE-2025-12555 MEDIUM - 4.3

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that, under certain conditions, could have allowed an authenticated user to access previous pipeline job information on projects with repository and CI/CD disable...

Vendor: GitLab
Product: GitLab
Published: Mar 11, 2026
Source: NVD
CVE-2026-3848 MEDIUM - 5.0

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to make unintended internal requests through proxy environments under certain conditions due to improper input valid...

Published: Mar 11, 2026
Source: NVD
CVE-2026-1732 MEDIUM - 4.3

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose confidential issue titles due to improper filtering under certain circumstances.

Vendor: gitlab
Product: gitlab
Published: Mar 11, 2026
Source: NVD
CVE-2026-1663 MEDIUM - 4.3

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user with group import permissions to create labels in private projects due to improper authorization validation in the g...

Vendor: gitlab
Product: gitlab
Published: Mar 11, 2026
Source: NVD
CVE-2026-1230 MEDIUM - 4.1

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 1.0 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to cause repository downloads to contain different code than displayed in the web interface due to incorrect validati...

Vendor: gitlab
Product: gitlab
Published: Mar 11, 2026
Source: NVD
CVE-2026-1090 HIGH - 8.7

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user, when the `markdown_placeholders` feature flag was enabled, to inject JavaScript in a browser due to improper saniti...

Vendor: gitlab
Product: gitlab
Published: Mar 11, 2026
Source: NVD
CVE-2026-1069 HIGH - 7.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by sending specially crafted GraphQL requests due to uncontrolled recursion under certain circumstances.

Vendor: gitlab
Product: gitlab
Published: Mar 11, 2026
Source: NVD
CVE-2026-0602 MEDIUM - 4.3

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose metadata from private issues, merge requests, epics, milestones, or commits due to improper filtering in...

Vendor: gitlab
Product: gitlab
Published: Mar 11, 2026
Source: NVD
CVE-2025-14513 HIGH - 7.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service condition due to improper input validation when processing specially crafted JSON pa...

Vendor: GitLab
Product: GitLab
Published: Mar 11, 2026
Source: NVD