GCVE - cpe:2.3:a:gitlab:gitlab:18.7.0:*:*:*:community:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:gitlab:gitlab:18.7.0:*:*:*:community:*:*:*

part: a version: 18.7.0 update: *

Vendor	Gitlab (`57573e99-56e6-5fad-895e-0ce7fffc5b90`)
Product	Gitlab (`5414fcda-a172-5f72-b6e4-b415a19d21eb`)
Edition	*
Language	*
Software edition	community
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:gitlab/gitlab-org/gitlab`	purl2cpe	2026-06-01 10:14:46.352504

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-9222`	vulnerable	2026-06-03 15:13:45.722531	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab HIGH (8.7) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2.2 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to achieve stored cross-site scripting by exploiting GitLab Flavored Markdown. Published: 2026-01-09T10:04:36.272Z Updated: 2026-02-26T15:04:51.985Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/562561 https://hackerone.com/reports/3297483 https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-13761`	vulnerable	2026-06-03 14:58:53.601244	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab HIGH (8) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an unauthenticated user to execute arbitrary code in the context of an authenticated user's browser by convincing the legitimate user to visit a specially crafted webpage. Published: 2026-01-09T10:04:01.331Z Updated: 2026-02-26T15:04:52.291Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/582237 https://hackerone.com/reports/3441368 https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-11246`	vulnerable	2026-06-03 14:58:35.797729	Insufficient Granularity of Access Control in GitLab MEDIUM (5.4) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user with specific permissions to remove all project runners from unrelated projects by manipulating GraphQL runner associations. Published: 2026-01-09T10:04:21.283Z Updated: 2026-01-09T19:13:17.900Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/573728 https://hackerone.com/reports/3292475 https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-10569`	vulnerable	2026-06-03 14:58:34.340988	Allocation of Resources Without Limits or Throttling in GitLab MEDIUM (6.5) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to create a denial of service condition by providing crafted responses to external API calls. Published: 2026-01-09T10:04:26.275Z Updated: 2026-01-09T19:12:12.768Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/570528 https://hackerone.com/reports/3284689 https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.