GCVE - cpe:2.3:a:gitlab:gitlab:18.6.0:*:*:*:community:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:gitlab:gitlab:18.6.0:*:*:*:community:*:*:*

part: a version: 18.6.0 update: *

Vendor	Gitlab (`57573e99-56e6-5fad-895e-0ce7fffc5b90`)
Product	Gitlab (`5414fcda-a172-5f72-b6e4-b415a19d21eb`)
Edition	*
Language	*
Software edition	community
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:gitlab/gitlab-org/gitlab`	purl2cpe	2026-06-01 10:14:46.352485

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-7449`	vulnerable	2026-06-03 15:12:31.287779	Allocation of Resources Without Limits or Throttling in GitLab MEDIUM (6.5) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user with specific permissions to cause a denial of service condition through HTTP response processing. Published: 2025-11-26T19:46:32.641Z Updated: 2025-12-10T23:01:24.555Z Open on db.gcve.eu Reference links https://about.gitlab.com/releases/2025/11/26/patch-release-gitlab-18-6-1-released/ https://gitlab.com/gitlab-org/gitlab/-/issues/554938 https://hackerone.com/reports/3215054	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-13611`	vulnerable	2026-06-03 14:58:46.578038	Insertion of Sensitive Information into Log File in GitLab LOW (2) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.5.5 and 18.6 before 18.6.3 that could have allowed an authenticated user with access to certain logs to obtain sensitive tokens under specific conditions. Published: 2025-11-26T19:45:57.778Z Updated: 2026-03-31T11:46:48.585Z Open on db.gcve.eu Reference links https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/ https://gitlab.com/gitlab-org/gitlab/-/issues/545947	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-12653`	vulnerable	2026-06-03 14:58:44.676525	Authentication Bypass by Spoofing in GitLab MEDIUM (6.5) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that under specific conditions could have allowed an unauthenticated user to join arbitrary organizations by changing headers on some requests. Published: 2025-11-26T19:46:12.641Z Updated: 2025-12-10T23:01:24.241Z Open on db.gcve.eu Reference links https://about.gitlab.com/releases/2025/11/26/patch-release-gitlab-18-6-1-released/ https://gitlab.com/gitlab-org/gitlab/-/issues/579372 https://hackerone.com/reports/3370245	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-12571`	vulnerable	2026-06-03 14:58:44.546739	Allocation of Resources Without Limits or Throttling in GitLab HIGH (7.5) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an unauthenticated user to cause a Denial of Service condition by sending specifically crafted requests containing malicious JSON payloads. Published: 2025-11-26T19:46:17.647Z Updated: 2025-12-10T23:01:24.090Z Open on db.gcve.eu Reference links https://about.gitlab.com/releases/2025/11/26/patch-release-gitlab-18-6-1-released/ https://gitlab.com/gitlab-org/gitlab/-/issues/579168 https://hackerone.com/reports/3362239	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.