GCVE - cpe:2.3:a:gitlab:gitlab:18.3.0:*:*:*:community:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:gitlab:gitlab:18.3.0:*:*:*:community:*:*:*

part: a version: 18.3.0 update: *

Vendor	Gitlab (`57573e99-56e6-5fad-895e-0ce7fffc5b90`)
Product	Gitlab (`5414fcda-a172-5f72-b6e4-b415a19d21eb`)
Edition	*
Language	*
Software edition	community
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:gitlab/gitlab-org/gitlab`	purl2cpe	2026-06-01 10:14:46.352433

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-5101`	vulnerable	2026-06-03 15:06:26.991514	Improper Control of Generation of Code ('Code Injection') in GitLab MEDIUM (5) An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that under certain conditions could have allowed an authenticated attacker to distribute malicious code that appears harmless in the web interface by taking advantage of ambiguity between branches and tags during repository imports. Published: 2025-08-27T19:33:36.040Z Updated: 2025-08-27T19:53:36.682Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/545165 https://hackerone.com/reports/3124199	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-4225`	vulnerable	2026-06-03 15:01:46.983350	Allocation of Resources Without Limits or Throttling in GitLab MEDIUM (5.3) An issue has been discovered in GitLab CE/EE affecting all versions from 14.1 before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that that under certain conditions could have allowed an unauthenticated attacker to cause a denial-of-service condition affecting all users by sending specially crafted GraphQL requests. Published: 2025-08-27T19:33:45.928Z Updated: 2025-08-27T19:52:40.877Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/538983 https://hackerone.com/reports/3100624	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-3601`	vulnerable	2026-06-03 15:01:05.034445	Allocation of Resources Without Limits or Throttling in GitLab MEDIUM (6.5) An issue has been discovered in GitLab CE/EE affecting all versions from 8.15 before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have could have allowed an authenticated user to cause a Denial of Service (DoS) condition by submitting URLs that generate excessively large responses. Published: 2025-08-27T19:33:50.920Z Updated: 2025-08-27T19:54:21.123Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/536034 https://hackerone.com/reports/3050155	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-2246`	vulnerable	2026-06-03 15:00:25.017954	Missing Authorization in GitLab MEDIUM (5.8) An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have allowed unauthenticated users to access sensitive manual CI/CD variables by querying the GraphQL API. Published: 2025-08-27T19:34:00.919Z Updated: 2025-08-27T19:49:56.554Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/524592 https://hackerone.com/reports/3026559	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.