GCVE - cpe:2.3:a:gitlab:gitlab:18.0.0:*:*:*:community:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:gitlab:gitlab:18.0.0:*:*:*:community:*:*:*

part: a version: 18.0.0 update: *

Vendor	Gitlab (`57573e99-56e6-5fad-895e-0ce7fffc5b90`)
Product	Gitlab (`5414fcda-a172-5f72-b6e4-b415a19d21eb`)
Edition	*
Language	*
Software edition	community
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:gitlab/gitlab-org/gitlab`	purl2cpe	2026-06-01 10:14:46.352353

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-5195`	vulnerable	2026-06-03 15:06:27.222141	Authorization Bypass Through User-Controlled Key in GitLab MEDIUM (4.3) An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. It was possible for authenticated users to access arbitrary compliance frameworks, leading to unauthorized data disclosure. Published: 2025-06-12T10:31:00.372Z Updated: 2025-06-12T13:25:45.847Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/534960	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-4979`	vulnerable	2026-06-03 15:01:49.118140	Insufficient Granularity of Access Control in GitLab MEDIUM (4.9) An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. An attacker may be able to reveal masked or hidden CI variables (that they did not author) in the WebUI, by simply creating their own variable and observing the HTTP response. Published: 2025-05-22T13:30:28.496Z Updated: 2025-05-22T14:21:32.253Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/524455	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-3111`	vulnerable	2026-06-03 15:01:03.677391	Allocation of Resources Without Limits or Throttling in GitLab MEDIUM (6.5) An issue has been discovered in GitLab CE/EE affecting all versions from 10.2 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in the Kubernetes integration could allow an authenticated user to cause denial of service.. Published: 2025-05-22T13:30:43.544Z Updated: 2025-05-22T14:51:11.125Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/533313 https://hackerone.com/reports/3045424	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-2853`	vulnerable	2026-06-03 15:00:26.677907	Allocation of Resources Without Limits or Throttling in GitLab MEDIUM (6.5) An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of proper validation in GitLab could allow an authenticated user to cause a denial of service condition. Published: 2025-05-22T13:30:48.335Z Updated: 2025-05-22T14:50:36.079Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/527218 https://hackerone.com/reports/3015673	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-1478`	vulnerable	2026-06-03 14:59:05.562366	Allocation of Resources Without Limits or Throttling in GitLab MEDIUM (6.5) An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in Board Names could be used to trigger a denial of service. Published: 2025-06-12T10:02:49.998Z Updated: 2025-06-12T13:30:42.186Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/520354 https://hackerone.com/reports/2987444	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-1110`	vulnerable	2026-06-03 14:58:57.831289	Insufficient Granularity of Access Control in GitLab LOW (2.7) An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 before 18.0.1. In certain circumstances, a user with limited permissions could access Job Data via a crafted GraphQL query. Published: 2025-05-22T14:02:31.385Z Updated: 2025-05-22T14:17:44.379Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/517693 https://hackerone.com/reports/2972576	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-0993`	vulnerable	2026-06-03 14:58:33.374715	Allocation of Resources Without Limits or Throttling in GitLab HIGH (7.5) An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. This could allow an authenticated attacker to cause a denial of service condition by exhausting server resources. Published: 2025-05-22T14:31:34.239Z Updated: 2025-05-22T14:46:54.356Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/516927 https://hackerone.com/reports/2967771	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-0679`	vulnerable	2026-06-03 14:58:32.646986	Exposure of Private Personal Information to an Unauthorized Actor in GitLab MEDIUM (4.3) An issue has been discovered in GitLab CE/EE affecting all versions from 17.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Under certain conditions un-authorised users can view full email addresses that should be partially obscured. Published: 2025-05-22T14:31:44.104Z Updated: 2025-05-22T14:46:00.223Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/514751 https://hackerone.com/reports/2952536	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-0605`	vulnerable	2026-06-03 14:58:32.484726	Weak Authentication in GitLab MEDIUM (4.6) An issue has been discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Group access controls could allow certain users to bypass two-factor authentication requirements. Published: 2025-05-22T14:31:54.105Z Updated: 2025-05-22T14:45:03.172Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/514204 https://hackerone.com/reports/2919391	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-9163`	vulnerable	2026-06-03 14:58:20.655948	User Interface (UI) Misrepresentation of Critical Information in GitLab LOW (3.5) A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs. Published: 2025-05-23T12:31:11.192Z Updated: 2025-05-27T14:40:36.623Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/493942 https://hackerone.com/reports/2705566	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-7803`	vulnerable	2026-06-03 14:58:07.200235	Allocation of Resources Without Limits or Throttling in GitLab MEDIUM (6.5) An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A Discord webhook integration may cause DoS. Published: 2025-05-23T12:31:21.008Z Updated: 2025-05-27T14:40:07.374Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/479168 https://hackerone.com/reports/2648631	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-12093`	vulnerable	2026-06-03 14:54:15.619593	Improper Validation of Consistency within Input in GitLab MEDIUM (6.8) An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Improper XPath validation allows modified SAML response to bypass 2FA requirement under specialized conditions. Published: 2025-05-22T14:32:04.147Z Updated: 2025-05-22T14:44:03.881Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/507445 https://hackerone.com/reports/2851261	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.