GCVE - cpe:2.3:a:gitlab:gitlab:18.5.0:*:*:*:community:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:gitlab:gitlab:18.5.0:*:*:*:community:*:*:*

part: a version: 18.5.0 update: *

Vendor	Gitlab (`57573e99-56e6-5fad-895e-0ce7fffc5b90`)
Product	Gitlab (`5414fcda-a172-5f72-b6e4-b415a19d21eb`)
Edition	*
Language	*
Software edition	community
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:gitlab/gitlab-org/gitlab`	purl2cpe	2026-06-01 10:14:46.352468

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-11974`	vulnerable	2026-06-03 14:58:43.579015	Allocation of Resources Without Limits or Throttling in GitLab MEDIUM (6.5) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.7 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to create a denial of service condition by uploading large files to specific API endpoints. Published: 2025-10-27T00:05:24.332Z Updated: 2025-10-28T14:59:56.029Z Open on db.gcve.eu Reference links https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/ https://gitlab.com/gitlab-org/gitlab/-/issues/571761	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-11447`	vulnerable	2026-06-03 14:58:36.072126	Allocation of Resources Without Limits or Throttling in GitLab HIGH (7.5) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause a denial of service condition by sending GraphQL requests with crafted JSON payloads. Published: 2025-10-27T00:05:19.810Z Updated: 2025-10-28T14:58:37.798Z Open on db.gcve.eu Reference links https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/ https://gitlab.com/gitlab-org/gitlab/-/issues/574858 https://hackerone.com/reports/3367019	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-10497`	vulnerable	2026-06-03 14:58:34.242930	Allocation of Resources Without Limits or Throttling in GitLab HIGH (7.5) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause a denial of service condition by sending specially crafted payloads. Published: 2025-10-27T00:05:39.306Z Updated: 2025-10-28T15:02:48.809Z Open on db.gcve.eu Reference links https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/ https://gitlab.com/gitlab-org/gitlab/-/issues/570336 https://hackerone.com/reports/3338151	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.