GCVE - cpe:2.3:a:gitlab:gitlab:18.1.0:*:*:*:enterprise:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:gitlab:gitlab:18.1.0:*:*:*:enterprise:*:*:*

part: a version: 18.1.0 update: *

Vendor	Gitlab (`57573e99-56e6-5fad-895e-0ce7fffc5b90`)
Product	Gitlab (`5414fcda-a172-5f72-b6e4-b415a19d21eb`)
Edition	*
Language	*
Software edition	enterprise
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:gitlab/gitlab-org/gitlab`	purl2cpe	2026-06-01 10:14:46.352387

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-5846`	vulnerable	2026-06-03 15:07:54.828235	Missing Authorization in GitLab LOW (2.7) An issue has been discovered in GitLab EE affecting all versions from 16.10 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to assign unrelated compliance frameworks to projects by sending crafted GraphQL mutations that bypassed framework-specific permission checks. Published: 2025-06-26T05:31:05.956Z Updated: 2025-06-26T13:22:59.788Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/546435	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-5315`	vulnerable	2026-06-03 15:06:27.514828	Missing Authorization in GitLab MEDIUM (4.3) An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users with Guest role permissions to add child items to incident work items by sending crafted API requests that bypassed UI-enforced role restrictions. Published: 2025-06-26T05:31:15.850Z Updated: 2025-06-26T13:22:43.572Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/546282 https://hackerone.com/reports/3163037	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-3279`	vulnerable	2026-06-03 15:01:04.140649	Allocation of Resources Without Limits or Throttling in GitLab MEDIUM (6.5) An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated attackers to create a DoS condition by sending crafted GraphQL requests. Published: 2025-06-26T05:31:25.858Z Updated: 2025-06-26T13:22:27.886Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/534424 https://hackerone.com/reports/3067111	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-2938`	vulnerable	2026-06-03 15:00:26.889939	Business Logic Errors in GitLab LOW (3.1) An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to gain elevated project privileges by requesting access to projects where role modifications during the approval process resulted in unintended permission grants. Published: 2025-06-26T05:31:30.851Z Updated: 2026-02-26T17:50:22.974Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/529006 https://hackerone.com/reports/3063091	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-1754`	vulnerable	2026-06-03 14:59:06.360148	Missing Authentication for Critical Function in GitLab MEDIUM (5.3) An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed unauthenticated attackers to upload arbitrary files to public projects by sending crafted API requests, potentially leading to resource abuse and unauthorized content storage. Published: 2025-06-26T05:31:40.856Z Updated: 2025-06-26T13:19:41.870Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/521619 https://hackerone.com/reports/3009067	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.