GCVE - cpe:2.3:a:gitlab:gitlab:18.10.0:*:*:*:community:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:gitlab:gitlab:18.10.0:*:*:*:community:*:*:*

part: a version: 18.10.0 update: *

Vendor	Gitlab (`57573e99-56e6-5fad-895e-0ce7fffc5b90`)
Product	Gitlab (`5414fcda-a172-5f72-b6e4-b415a19d21eb`)
Edition	*
Language	*
Software edition	community
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:gitlab/gitlab-org/gitlab`	purl2cpe	2026-06-01 10:14:46.352372

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-3988`	vulnerable	2026-06-03 15:23:33.844217	Inefficient Algorithmic Complexity in GitLab HIGH (7.5) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to cause a denial of service by making the GitLab instance unresponsive due to improper input validation in GraphQL request processing. Published: 2026-03-25T16:33:43.952Z Updated: 2026-03-25T17:21:53.191Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/work_items/593140 https://hackerone.com/reports/3597342 https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-3857`	vulnerable	2026-06-03 15:23:33.630511	Cross-Site Request Forgery (CSRF) in GitLab HIGH (8.1) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to execute arbitrary GraphQL mutations on behalf of authenticated users due to insufficient CSRF protection. Published: 2026-03-25T16:33:53.854Z Updated: 2026-03-26T13:20:03.781Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/work_items/592828 https://hackerone.com/reports/3584382 https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-2973`	vulnerable	2026-06-03 15:19:25.515764	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab MEDIUM (5.4) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to execute arbitrary JavaScript in a user's browser due to improper sanitization of entity-encoded content in Mermaid diagrams. Published: 2026-03-25T16:34:03.852Z Updated: 2026-03-26T17:24:32.440Z Open on db.gcve.eu Reference links https://hackerone.com/reports/3566802 https://gitlab.com/gitlab-org/gitlab/-/work_items/591049 https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-2745`	vulnerable	2026-06-03 15:19:24.908708	Authentication Bypass Using an Alternate Path or Channel in GitLab MEDIUM (6.8) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to bypass WebAuthn two-factor authentication and gain unauthorized access to user accounts due to inconsistent input validation in the authentication process. Published: 2026-03-25T16:34:18.860Z Updated: 2026-03-26T03:55:31.559Z Open on db.gcve.eu Reference links https://hackerone.com/reports/3557844 https://gitlab.com/gitlab-org/gitlab/-/work_items/590810 https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-2726`	vulnerable	2026-06-03 15:19:24.868811	Incorrect Authorization in GitLab MEDIUM (4.3) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to perform unauthorized actions on merge requests in other projects due to improper access control during cross-repository operations. Published: 2026-03-25T16:34:13.838Z Updated: 2026-03-25T17:14:34.612Z Open on db.gcve.eu Reference links https://hackerone.com/reports/3543886 https://gitlab.com/gitlab-org/gitlab/-/work_items/590717 https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-2370`	vulnerable	2026-06-03 15:19:24.124324	Improper Handling of Parameters in GitLab HIGH (8.1) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 affecting Jira Connect installations that could have allowed an authenticated user with minimal workspace permissions to obtain installation credentials and impersonate the GitLab app due to improper authorization checks. Published: 2026-03-29T23:33:44.410Z Updated: 2026-03-30T15:02:06.576Z Open on db.gcve.eu Reference links https://hackerone.com/reports/3522829 https://gitlab.com/gitlab-org/gitlab/-/work_items/589635 https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-14595`	vulnerable	2026-06-03 14:58:55.646534	Missing Authorization in GitLab MEDIUM (4.3) GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that under certain conditions could have allowed an authenticated user with Planner role to view security category metadata and attributes in group security configuration due to improper access control Published: 2026-03-25T16:34:43.856Z Updated: 2026-03-27T14:58:40.717Z Open on db.gcve.eu Reference links https://hackerone.com/reports/3457779 https://gitlab.com/gitlab-org/gitlab/-/work_items/583971 https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-13436`	vulnerable	2026-06-03 14:58:46.064928	Allocation of Resources Without Limits or Throttling in GitLab MEDIUM (6.5) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when handling certain CI-related inputs. Published: 2026-03-25T16:34:53.851Z Updated: 2026-03-25T17:03:54.631Z Open on db.gcve.eu Reference links https://hackerone.com/reports/3418149 https://gitlab.com/gitlab-org/gitlab/-/work_items/581372 https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-13078`	vulnerable	2026-06-03 14:58:45.486251	Improper Validation of Specified Quantity in Input in GitLab MEDIUM (6.5) GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when processing certain webhook configuration inputs. Published: 2026-03-25T16:35:03.858Z Updated: 2026-03-25T17:02:57.718Z Open on db.gcve.eu Reference links https://hackerone.com/reports/3413704 https://gitlab.com/gitlab-org/gitlab/-/work_items/580488 https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.