GCVE - cpe:2.3:a:gitlab:gitlab:18.7.0:*:*:*:enterprise:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:gitlab:gitlab:18.7.0:*:*:*:enterprise:*:*:*

part: a version: 18.7.0 update: *

Vendor	Gitlab (`57573e99-56e6-5fad-895e-0ce7fffc5b90`)
Product	Gitlab (`5414fcda-a172-5f72-b6e4-b415a19d21eb`)
Edition	*
Language	*
Software edition	enterprise
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:gitlab/gitlab-org/gitlab`	purl2cpe	2026-06-01 10:14:46.352505

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-9222`	vulnerable	2026-06-03 15:13:45.723379	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab HIGH (8.7) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2.2 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to achieve stored cross-site scripting by exploiting GitLab Flavored Markdown. Published: 2026-01-09T10:04:36.272Z Updated: 2026-02-26T15:04:51.985Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/562561 https://hackerone.com/reports/3297483 https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-13781`	vulnerable	2026-06-03 14:58:53.654656	Missing Authorization in GitLab MEDIUM (6.5) GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to modify instance-wide AI feature provider settings by exploiting missing authorization checks in GraphQL mutations. Published: 2026-01-09T10:03:51.554Z Updated: 2026-01-09T19:14:05.513Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/578756 https://hackerone.com/reports/3400940 https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-13772`	vulnerable	2026-06-03 14:58:53.617875	Missing Authorization in GitLab HIGH (7.1) GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to access and utilize AI model settings from unauthorized namespaces by manipulating namespace identifiers in API requests. Published: 2026-01-09T10:04:06.293Z Updated: 2026-01-09T19:13:28.846Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/581268 https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-13761`	vulnerable	2026-06-03 14:58:53.601977	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab HIGH (8) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an unauthenticated user to execute arbitrary code in the context of an authenticated user's browser by convincing the legitimate user to visit a specially crafted webpage. Published: 2026-01-09T10:04:01.331Z Updated: 2026-02-26T15:04:52.291Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/582237 https://hackerone.com/reports/3441368 https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-11246`	vulnerable	2026-06-03 14:58:35.797829	Insufficient Granularity of Access Control in GitLab MEDIUM (5.4) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user with specific permissions to remove all project runners from unrelated projects by manipulating GraphQL runner associations. Published: 2026-01-09T10:04:21.283Z Updated: 2026-01-09T19:13:17.900Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/573728 https://hackerone.com/reports/3292475 https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-10569`	vulnerable	2026-06-03 14:58:34.341732	Allocation of Resources Without Limits or Throttling in GitLab MEDIUM (6.5) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to create a denial of service condition by providing crafted responses to external API calls. Published: 2026-01-09T10:04:26.275Z Updated: 2026-01-09T19:12:12.768Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/570528 https://hackerone.com/reports/3284689 https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.