GitLab 18.4.0 Enterprise Edition
Approved changes feed: RSS · Atom
cpe:2.3:a:gitlab:gitlab:18.4.0:*:*:*:enterprise:*:*:*
part: a version: 18.4.0 update: *
| Vendor | Gitlab (57573e99-56e6-5fad-895e-0ce7fffc5b90) |
|---|---|
| Product | Gitlab (5414fcda-a172-5f72-b6e4-b415a19d21eb) |
| Edition | * |
| Language | * |
| Software edition | enterprise |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:gitlab/gitlab-org/gitlab |
purl2cpe | 2026-06-01 10:14:46.352450 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-9958 |
vulnerable | 2026-06-03 15:14:40.216359 |
Insertion of Sensitive Information Into Sent Data in GitLab
HIGH (7.7)
An issue has been discovered in GitLab CE/EE affecting all versions from 14.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1, that could have allowed Guest users to access sensitive information stored in virtual registry configurations.
Published: 2025-09-26T09:04:41.537Z
Updated: 2025-11-06T17:30:27.285Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-9642 |
vulnerable | 2026-06-03 15:13:46.947484 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
HIGH (8.7)
An issue has been discovered in GitLab CE/EE affecting all versions from 14.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could allow an attacker to inject malicious content that may lead to account takeover.
Published: 2025-09-26T09:04:51.532Z
Updated: 2025-09-26T13:15:17.950Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-8014 |
vulnerable | 2026-06-03 15:13:42.031095 |
Allocation of Resources Without Limits or Throttling in GitLab
HIGH (7.5)
Denial of Service issue in GraphQL endpoints in Gitlab EE/CE affecting all versions from 11.10 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 allows unauthenticated users to potentially bypass query complexity limits leading to resource exhaustion and service disruption.
Published: 2025-09-27T16:33:32.601Z
Updated: 2025-09-30T17:27:13.696Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-7691 |
vulnerable | 2026-06-03 15:13:41.126784 |
Privilege Defined With Unsafe Actions in GitLab
MEDIUM (6.5)
A privilege escalation issue has been discovered in GitLab EE affecting all versions from 16.6 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 that could have allowed a developer with specific group management permissions to escalate their privileges and obtain unauthorized access to additional system capabilities.
Published: 2025-09-26T09:05:06.532Z
Updated: 2026-02-26T17:47:53.973Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-5069 |
vulnerable | 2026-06-03 15:06:26.924796 |
Incorrect Ownership Assignment in GitLab
LOW (3.5)
An issue has been discovered in GitLab CE/EE affecting all versions from 17.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could have allowed an authenticated user to gain unauthorized access to confidential issues by creating a project with an identical name to the victim's project.
Published: 2025-09-26T09:11:09.636Z
Updated: 2025-09-26T13:12:27.389Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-11042 |
vulnerable | 2026-06-03 14:58:35.293093 |
Allocation of Resources Without Limits or Throttling in GitLab
MEDIUM (4.3)
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.2 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service (DoS) condition while using specific GraphQL queries.
Published: 2025-09-26T09:18:31.712Z
Updated: 2025-09-26T13:10:33.841Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-10871 |
vulnerable | 2026-06-03 14:58:34.934971 |
Missing Authorization in GitLab
LOW (3.8)
An issue has been discovered in GitLab EE affecting all versions from 16.6 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1. Project Maintainers can exploit a vulnerability where they can assign custom roles to users with permissions exceeding their own, effectively granting themselves elevated privileges.
Published: 2025-09-26T09:04:21.687Z
Updated: 2026-02-26T17:47:54.446Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-10868 |
vulnerable | 2026-06-03 14:58:34.927965 |
Business Logic Errors in GitLab
LOW (3.5)
An issue has been discovered in GitLab CE/EE affecting all versions from 17.4 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 where certain string conversion methods exhibit performance degradation with large inputs.
Published: 2025-09-26T09:10:49.812Z
Updated: 2025-09-26T13:13:02.624Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-10867 |
vulnerable | 2026-06-03 14:58:34.927372 |
Allocation of Resources Without Limits or Throttling in GitLab
LOW (3.5)
An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could have allowed an authenticated user to create a denial-of-service condition by exploiting an unprotected GraphQL API through repeated requests.
Published: 2025-09-26T09:04:26.530Z
Updated: 2025-09-26T15:33:34.488Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-10858 |
vulnerable | 2026-06-03 14:58:34.922556 |
Allocation of Resources Without Limits or Throttling in GitLab
HIGH (7.5)
An issue was discovered in GitLab CE/EE affecting all versions before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that allows unauthenticated users to cause a Denial of Service (DoS) condition while uploading specifically crafted large JSON files.
Published: 2025-09-26T09:04:31.555Z
Updated: 2025-09-26T15:32:55.310Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.