GCVE - cpe:2.3:a:gitlab:gitlab:18.5.0:*:*:*:enterprise:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:gitlab:gitlab:18.5.0:*:*:*:enterprise:*:*:*

part: a version: 18.5.0 update: *

Vendor	Gitlab (`57573e99-56e6-5fad-895e-0ce7fffc5b90`)
Product	Gitlab (`5414fcda-a172-5f72-b6e4-b415a19d21eb`)
Edition	*
Language	*
Software edition	enterprise
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:gitlab/gitlab-org/gitlab`	purl2cpe	2026-06-01 10:14:46.352470

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-6601`	vulnerable	2026-06-03 15:12:28.285406	Business Logic Errors in GitLab LOW (2.7) GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.3, and 18.5 before 18.5.1 that under certain conditions could have allowed authenticated users to gain unauthorized project access by exploiting the access request approval workflow. Published: 2025-10-27T00:06:04.304Z Updated: 2025-11-24T07:26:31.684Z Open on db.gcve.eu Reference links https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/ https://gitlab.com/gitlab-org/gitlab/-/issues/551267 https://hackerone.com/reports/3209641	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-11989`	vulnerable	2026-06-03 14:58:43.596432	Missing Authorization in GitLab LOW (3.7) GitLab has remediated an issue in GitLab EE affecting all versions from 17.6.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker to execute unauthorized quick actions by including malicious commands in specific descriptions. Published: 2025-10-26T23:33:50.230Z Updated: 2025-10-28T14:44:46.810Z Open on db.gcve.eu Reference links https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/ https://gitlab.com/gitlab-org/security/gitlab/-/issues/1426	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-11974`	vulnerable	2026-06-03 14:58:43.579057	Allocation of Resources Without Limits or Throttling in GitLab MEDIUM (6.5) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.7 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to create a denial of service condition by uploading large files to specific API endpoints. Published: 2025-10-27T00:05:24.332Z Updated: 2025-10-28T14:59:56.029Z Open on db.gcve.eu Reference links https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/ https://gitlab.com/gitlab-org/gitlab/-/issues/571761	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-11971`	vulnerable	2026-06-03 14:58:43.573960	Incorrect Authorization in GitLab MEDIUM (6.5) GitLab has remediated an issue in GitLab EE affecting all versions from 10.6 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker to trigger unauthorized pipeline executions by manipulating commits. Published: 2025-10-27T00:05:34.305Z Updated: 2025-10-28T15:00:45.588Z Open on db.gcve.eu Reference links https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/ https://gitlab.com/gitlab-org/gitlab/-/issues/566587	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-11702`	vulnerable	2026-06-03 14:58:42.926335	Missing Authorization in GitLab HIGH (8.5) GitLab has remediated an issue in EE affecting all versions from 17.1 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker with specific permissions to hijack project runners from other projects. Published: 2025-10-29T07:04:52.286Z Updated: 2026-02-26T16:57:01.903Z Open on db.gcve.eu Reference links https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/ https://gitlab.com/gitlab-org/gitlab/-/issues/576900 https://hackerone.com/reports/3356284	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-11447`	vulnerable	2026-06-03 14:58:36.072146	Allocation of Resources Without Limits or Throttling in GitLab HIGH (7.5) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause a denial of service condition by sending GraphQL requests with crafted JSON payloads. Published: 2025-10-27T00:05:19.810Z Updated: 2025-10-28T14:58:37.798Z Open on db.gcve.eu Reference links https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/ https://gitlab.com/gitlab-org/gitlab/-/issues/574858 https://hackerone.com/reports/3367019	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-10497`	vulnerable	2026-06-03 14:58:34.243600	Allocation of Resources Without Limits or Throttling in GitLab HIGH (7.5) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause a denial of service condition by sending specially crafted payloads. Published: 2025-10-27T00:05:39.306Z Updated: 2025-10-28T15:02:48.809Z Open on db.gcve.eu Reference links https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/ https://gitlab.com/gitlab-org/gitlab/-/issues/570336 https://hackerone.com/reports/3338151	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.