GitLab 18.9.0 Community Edition
Approved changes feed: RSS · Atom
cpe:2.3:a:gitlab:gitlab:18.9.0:*:*:*:community:*:*:*
part: a version: 18.9.0 update: *
| Vendor | Gitlab (57573e99-56e6-5fad-895e-0ce7fffc5b90) |
|---|---|
| Product | Gitlab (5414fcda-a172-5f72-b6e4-b415a19d21eb) |
| Edition | * |
| Language | * |
| Software edition | community |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:gitlab/gitlab-org/gitlab |
purl2cpe | 2026-06-01 10:14:46.352549 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-2845 |
vulnerable | 2026-06-03 15:19:25.108599 |
Allocation of Resources Without Limits or Throttling in GitLab
MEDIUM (6.5)
An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an authenticated user to cause denial of service by exploiting a Bitbucket Server import endpoint via repeatedly sending large responses.
Published: 2026-02-25T20:04:35.210Z
Updated: 2026-02-26T15:45:14.406Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-1747 |
vulnerable | 2026-06-03 15:14:45.254533 |
Authentication Bypass Using an Alternate Path or Channel in GitLab
MEDIUM (4.3)
GitLab has remediated an issue in GitLab EE affecting all versions from 17.11 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that, under certain conditions, could have allowed Developer-role users with insufficient privileges to make unauthorized modifications to protected Conan packages.
Published: 2026-02-25T20:04:49.893Z
Updated: 2026-02-26T15:39:03.951Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-1725 |
vulnerable | 2026-06-03 15:14:45.202852 |
Allocation of Resources Without Limits or Throttling in GitLab
MEDIUM (5.3)
GitLab has remediated an issue in GitLab CE/EE affecting versions from 18.9 before 18.9.1 that could have under certain conditions, allowed an unauthenticated user to cause denial of service by sending specially crafted requests to a CI jobs API endpoint.
Published: 2026-02-25T20:04:44.830Z
Updated: 2026-02-26T15:42:29.688Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-1662 |
vulnerable | 2026-06-03 15:14:44.892024 |
Allocation of Resources Without Limits or Throttling in GitLab
HIGH (7.5)
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause Denial of Service by sending specially crafted requests to the Jira events endpoint.
Published: 2026-02-25T20:04:59.913Z
Updated: 2026-02-26T15:10:46.924Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-1388 |
vulnerable | 2026-06-03 15:14:44.288219 |
Inefficient Regular Expression Complexity in GitLab
HIGH (7.5)
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause regular expression denial of service by sending specially crafted input to a merge request endpoint under certain conditions.
Published: 2026-02-25T20:05:05.289Z
Updated: 2026-02-26T15:07:56.004Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-0752 |
vulnerable | 2026-06-03 15:14:42.787323 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
HIGH (8)
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that under certain circumstances, could have allowed an unauthenticated user to inject arbitrary scripts into the Mermaid sandbox UI.
Published: 2026-02-25T20:05:19.818Z
Updated: 2026-02-26T14:44:05.136Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-3525 |
vulnerable | 2026-06-03 15:01:04.795622 |
Allocation of Resources Without Limits or Throttling in GitLab
MEDIUM (6.5)
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.0 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have, under certain circumstances, allowed an authenticated user with certain access to cause Denial of Service by creating specially crafted CI triggers via the API.
Published: 2026-02-25T19:33:56.609Z
Updated: 2026-02-25T20:51:14.590Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-14511 |
vulnerable | 2026-06-03 14:58:55.462864 |
Improper Validation of Specified Quantity in Input in GitLab
HIGH (7.5)
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted files to the container registry event endpoint under certain conditions.
Published: 2026-02-25T20:05:24.799Z
Updated: 2026-02-26T15:57:25.416Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-14103 |
vulnerable | 2026-06-03 14:58:54.528266 |
Missing Authorization in GitLab
MEDIUM (4.3)
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthorized user with Developer-role permissions to set pipeline variables for manually triggered jobs under certain conditions.
Published: 2026-02-25T19:33:35.698Z
Updated: 2026-02-25T20:52:22.958Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.