GCVE - cpe:2.3:a:gitlab:gitlab:18.1.0:*:*:*:community:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:gitlab:gitlab:18.1.0:*:*:*:community:*:*:*

part: a version: 18.1.0 update: *

Vendor	Gitlab (`57573e99-56e6-5fad-895e-0ce7fffc5b90`)
Product	Gitlab (`5414fcda-a172-5f72-b6e4-b415a19d21eb`)
Edition	*
Language	*
Software edition	community
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:gitlab/gitlab-org/gitlab`	purl2cpe	2026-06-01 10:14:46.352386

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-5315`	vulnerable	2026-06-03 15:06:27.514030	Missing Authorization in GitLab MEDIUM (4.3) An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users with Guest role permissions to add child items to incident work items by sending crafted API requests that bypassed UI-enforced role restrictions. Published: 2025-06-26T05:31:15.850Z Updated: 2025-06-26T13:22:43.572Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/546282 https://hackerone.com/reports/3163037	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-3279`	vulnerable	2026-06-03 15:01:04.139767	Allocation of Resources Without Limits or Throttling in GitLab MEDIUM (6.5) An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated attackers to create a DoS condition by sending crafted GraphQL requests. Published: 2025-06-26T05:31:25.858Z Updated: 2025-06-26T13:22:27.886Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/534424 https://hackerone.com/reports/3067111	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-2938`	vulnerable	2026-06-03 15:00:26.889142	Business Logic Errors in GitLab LOW (3.1) An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to gain elevated project privileges by requesting access to projects where role modifications during the approval process resulted in unintended permission grants. Published: 2025-06-26T05:31:30.851Z Updated: 2026-02-26T17:50:22.974Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/529006 https://hackerone.com/reports/3063091	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-1754`	vulnerable	2026-06-03 14:59:06.359237	Missing Authentication for Critical Function in GitLab MEDIUM (5.3) An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed unauthenticated attackers to upload arbitrary files to public projects by sending crafted API requests, potentially leading to resource abuse and unauthorized content storage. Published: 2025-06-26T05:31:40.856Z Updated: 2025-06-26T13:19:41.870Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/521619 https://hackerone.com/reports/3009067	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.