Total CVEs

143,226

Critical Severity

4,056

High Severity

14,605

Last 7 Days

1,273
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 161 - 166 of 166 CVEs
CVE-2025-13781 MEDIUM - 6.5

GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to modify instance-wide AI feature provider settings by exploiting missing authorization checks in GraphQL mutations.

Vendor: gitlab
Product: gitlab
Published: Jan 09, 2026
Source: NVD
CVE-2025-13772 MEDIUM - 4.3

GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to access and utilize AI model settings from unauthorized namespaces by manipulating namespace identifiers in API reque...

Vendor: gitlab
Product: gitlab
Published: Jan 09, 2026
Source: NVD
CVE-2025-13761 CRITICAL - 9.6

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an unauthenticated user to execute arbitrary code in the context of an authenticated user's browser by convincing the legitimate user to visit a special...

Vendor: gitlab
Product: gitlab
Published: Jan 09, 2026
Source: NVD
CVE-2025-11246 MEDIUM - 5.4

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user with specific permissions to remove all project runners from unrelated projects by manipulating GraphQL runner assoc...

Vendor: gitlab
Product: gitlab
Published: Jan 09, 2026
Source: NVD
CVE-2025-10569 MEDIUM - 6.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to create a denial of service condition by providing crafted responses to external API calls.

Vendor: gitlab
Product: gitlab
Published: Jan 09, 2026
Source: NVD
CVE-2025-61916 HIGH - 7.9

Spinnaker is an open source, multi-cloud continuous delivery platform. Versions prior to 2025.1.6, 2025.2.3, and 2025.3.0 are vulnerable to server-side request forgery. The primary impact is allowing users to fetch data from a remote URL. This data can be then injected into spinnaker pipelines via h...

Published: Jan 05, 2026
Source: NVD