Total CVEs

143,226

Critical Severity

4,056

High Severity

14,605

Last 7 Days

1,273
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 141 - 160 of 166 CVEs
CVE-2026-0958 HIGH - 7.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through memory or CPU exhaustion by bypassing JSON validation middleware limits.

Vendor: gitlab
Product: gitlab
Published: Feb 11, 2026
Source: NVD
CVE-2026-0595 HIGH - 7.3

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.9 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to add unauthorized email addresses to victim accounts through HTML injection in test case...

Vendor: gitlab
Product: gitlab
Published: Feb 11, 2026
Source: NVD
CVE-2025-8099 HIGH - 7.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.8 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an unauthenticated user to cause denial of service by sending repeated GraphQL queries.

Vendor: gitlab
Product: gitlab
Published: Feb 11, 2026
Source: NVD
CVE-2025-7659 HIGH - 8.0

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to steal tokens and access private repositories by abusing incomplete validation in the Web IDE.

Vendor: gitlab
Product: gitlab
Published: Feb 11, 2026
Source: NVD

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to view certain pipeline values by querying the API.

Vendor: GitLab
Product: GitLab
Published: Feb 11, 2026
Source: NVD

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized operations by submitting GraphQL mutations through the GLQL API en...

Vendor: GitLab
Product: GitLab
Published: Feb 11, 2026
Source: NVD
CVE-2025-14560 HIGH - 7.3

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized actions on behalf of another user by injecting malicious content i...

Vendor: GitLab
Product: GitLab
Published: Feb 11, 2026
Source: NVD
CVE-2025-12575 MEDIUM - 5.4

GitLab has remediated an issue in GitLab EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user with certain permissions to make unauthorized requests to internal network services through t...

Vendor: GitLab
Product: GitLab
Published: Feb 11, 2026
Source: NVD
CVE-2025-12073 MEDIUM - 4.3

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an authenticated user to perform server-side request forgery against internal services by bypassing protections...

Vendor: GitLab
Product: GitLab
Published: Feb 11, 2026
Source: NVD
CVE-2026-1868 CRITICAL - 9.9

GitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway affecting all versions of the AI Gateway from 18.1.6, 18.2.6, 18.3.1 to 18.6.1, 18.7.0, and 18.8.0 in which AI Gateway was vulnerable to insecure template expansion of user supplied data via crafted Duo ...

Published: Feb 09, 2026
Source: NVD
CVE-2026-1751 LOW - 3.1

A vulnerability has been discovered in GitLab CE/EE affecting all versions starting with 16.8 before 18.5.0 that could have allowed unauthorized edits to merge request approval rules under certain conditions.

Vendor: gitlab
Product: gitlab
Published: Feb 02, 2026
Source: NVD
CVE-2026-1102 MEDIUM - 5.3

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to create a denial of service condition by sending repeated malformed SSH authentication requests.

Vendor: gitlab
Product: gitlab
Published: Jan 22, 2026
Source: NVD
CVE-2026-0723 HIGH - 7.4

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an individual with existing knowledge of a victim's credential ID to bypass two-factor authentication by submitting forged device res...

Vendor: gitlab
Product: gitlab
Published: Jan 22, 2026
Source: NVD
CVE-2025-13928 HIGH - 7.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to cause a denial of service condition by exploiting incorrect authorization validation in API endpoints.

Vendor: GitLab
Product: GitLab
Published: Jan 22, 2026
Source: NVD
CVE-2025-13927 HIGH - 7.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.9 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to create a denial of service condition by sending crafted requests with malformed authentication data.

Vendor: GitLab
Product: GitLab
Published: Jan 22, 2026
Source: NVD
CVE-2025-13335 MEDIUM - 6.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that under certain circumstances could have allowed an authenticated user to create a denial of service condition by configuring malformed Wiki documents that byp...

Vendor: GitLab
Product: GitLab
Published: Jan 22, 2026
Source: NVD
CVE-2025-11224 MEDIUM - 5.4

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to execute stored cross-site scripting through improper input validation in the Kubernetes proxy functionality.

Vendor: gitlab
Product: gitlab
Published: Jan 14, 2026
Source: NVD
CVE-2026-0830 HIGH - 7.8

Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper in Kiro IDE before version 0.6.18 when opening maliciously crafted workspaces. To mitigate, users should update to the latest version.

Published: Jan 09, 2026
Source: NVD
CVE-2025-9222 MEDIUM - 5.4

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2.2 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to achieve stored cross-site scripting by exploiting GitLab Flavored Markdown.

Vendor: gitlab
Product: gitlab
Published: Jan 09, 2026
Source: NVD
CVE-2025-3950 LOW - 3.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed a user to leak certain information by referencing specially crafted images that bypass asset proxy protection.

Vendor: gitlab
Product: gitlab
Published: Jan 09, 2026
Source: NVD