Total CVEs

143,208

Critical Severity

4,054

High Severity

14,598

Last 7 Days

1,275
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 121 - 140 of 166 CVEs
CVE-2025-13929 HIGH - 7.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.0 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by issuing specially crafted requests to repository archive endpoints under certain c...

Vendor: GitLab
Product: GitLab
Published: Mar 11, 2026
Source: NVD
CVE-2025-13690 MEDIUM - 6.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to cause a denial of service condition due to improper input validation on webhook custom header names under certai...

Vendor: GitLab
Product: GitLab
Published: Mar 11, 2026
Source: NVD

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to access Virtual Registry data in groups where they are not members due to improper authorization under certain condit...

Vendor: GitLab
Product: GitLab
Published: Mar 11, 2026
Source: NVD

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.5 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user with maintainer-role permissions to reveal Datadog API credentials under certain conditions.

Vendor: GitLab
Product: GitLab
Published: Mar 11, 2026
Source: NVD
CVE-2025-12576 MEDIUM - 6.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that under certain conditions could have allowed an authenticated user to cause a denial of service due to improper handling of webhook response data.

Vendor: GitLab
Product: GitLab
Published: Mar 11, 2026
Source: NVD
CVE-2026-2845 MEDIUM - 6.5

An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an authenticated user to cause denial of service by exploiting a Bitbucket Server import endpoint via repeatedly sending large responses.

Vendor: gitlab
Product: gitlab
Published: Feb 25, 2026
Source: NVD
CVE-2026-1747 MEDIUM - 4.3

GitLab has remediated an issue in GitLab EE affecting all versions from 17.11 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that, under certain conditions, could have allowed Developer-role users with insufficient privileges to make unauthorized modifications to protected Conan packages.

Vendor: gitlab
Product: gitlab
Published: Feb 25, 2026
Source: NVD
CVE-2026-1725 MEDIUM - 5.3

GitLab has remediated an issue in GitLab CE/EE affecting versions from 18.9 before 18.9.1 that could have under certain conditions, allowed an unauthenticated user to cause denial of service by sending specially crafted requests to a CI jobs API endpoint.

Vendor: gitlab
Product: gitlab
Published: Feb 25, 2026
Source: NVD
CVE-2026-1662 HIGH - 7.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause Denial of Service by sending specially crafted requests to the Jira events endpoint.

Vendor: gitlab
Product: gitlab
Published: Feb 25, 2026
Source: NVD
CVE-2026-1388 HIGH - 7.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause regular expression denial of service by sending specially crafted input to a merge request endpoint under ...

Vendor: gitlab
Product: gitlab
Published: Feb 25, 2026
Source: NVD
CVE-2026-0752 HIGH - 8.0

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that under certain circumstances, could have allowed an unauthenticated user to inject arbitrary scripts into the Mermaid sandbox UI.

Vendor: gitlab
Product: gitlab
Published: Feb 25, 2026
Source: NVD
CVE-2025-14511 HIGH - 7.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted files to the container registry event endpoint under certa...

Vendor: GitLab
Product: GitLab
Published: Feb 25, 2026
Source: NVD
CVE-2025-3525 MEDIUM - 6.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.0 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have, under certain circumstances, allowed an authenticated user with certain access to cause Denial of Service by creating specially crafted CI trigger...

Vendor: gitlab
Product: gitlab
Published: Feb 25, 2026
Source: NVD
CVE-2025-14103 MEDIUM - 4.3

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthorized user with Developer-role permissions to set pipeline variables for manually triggered jobs under certain conditions.

Vendor: GitLab
Product: GitLab
Published: Feb 25, 2026
Source: NVD
CVE-2026-1458 MEDIUM - 6.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an unauthenticated user to cause denial of service by uploading malicious files.

Vendor: gitlab
Product: gitlab
Published: Feb 11, 2026
Source: NVD
CVE-2026-1456 MEDIUM - 6.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through CPU exhaustion by submitting specially crafted markdown files that trigger exponential processing i...

Vendor: gitlab
Product: gitlab
Published: Feb 11, 2026
Source: NVD
CVE-2026-1387 MEDIUM - 6.5

GitLab has remediated an issue in GitLab EE affecting all versions from 15.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to cause Denial of Service by uploading a malicious file and repeatedly querying it through GraphQl.

Vendor: gitlab
Product: gitlab
Published: Feb 11, 2026
Source: NVD
CVE-2026-1282 LOW - 3.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to inject malicious content into project labels titles.

Vendor: gitlab
Product: gitlab
Published: Feb 11, 2026
Source: NVD
CVE-2026-1094 MEDIUM - 4.6

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI.

Vendor: gitlab
Product: gitlab
Published: Feb 11, 2026
Source: NVD
CVE-2026-1080 MEDIUM - 4.3

GitLab has remediated an issue in GitLab EE affecting all versions from 16.7 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to access iteration data from private descendant groups by querying the iterations API endpoi...

Vendor: gitlab
Product: gitlab
Published: Feb 11, 2026
Source: NVD