Gitlab — веб-платформа для управления проектами и репозиториями программного кода, работа которой основана на популярной системе контроля версий Git.
Релизный цикл, информация об уязвимостях
График релизов
Количество 4 556
BDU:2025-06728
Уязвимость инструмента просмотра параметров контента программной платформы на базе git для совместной работы над кодом GitLab, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)
BDU:2025-06611
Уязвимость программной платформы на базе git для совместной работы над кодом GitLab EE/ CE, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)
GHSA-v9g5-36x8-7xmx
An issue has been discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Group access controls could allow certain users to bypass two-factor authentication requirements.
GHSA-g93f-rhw4-8mj3
An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. This could allow an authenticated attacker to cause a denial of service condition by exhausting server resources.
GHSA-4x77-62h7-m5pj
An issue has been discovered in GitLab CE/EE affecting all versions from 17.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Under certain conditions un-authorised users can view full email addresses that should be partially obscured.
GHSA-crr3-cvh5-8wfr
An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of proper validation in GitLab could allow an authenticated user to cause a denial of service condition.
GHSA-r3m4-8xwf-9fpp
An issue has been discovered in GitLab CE/EE affecting all versions from 10.2 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in the Kubernetes integration could allow an authenticated user to cause denial of service..
GHSA-jqqw-x8w5-v4hh
An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 before 18.0.1. In certain circumstances, a user with limited permissions could access Job Data via a crafted GraphQL query.
CVE-2025-0993
An issue has been discovered in GitLab CE/EE affecting all versions be ...
CVE-2025-0993
An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. This could allow an authenticated attacker to cause a denial of service condition by exhausting server resources.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | BDU:2025-06728 Уязвимость инструмента просмотра параметров контента программной платформы на базе git для совместной работы над кодом GitLab, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS) | CVSS3: 8.7 | 0% Низкий | 8 дней назад |
| BDU:2025-06611 Уязвимость программной платформы на базе git для совместной работы над кодом GitLab EE/ CE, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS) | CVSS3: 8.7 | 0% Низкий | 20 дней назад |
| GHSA-v9g5-36x8-7xmx An issue has been discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Group access controls could allow certain users to bypass two-factor authentication requirements. | CVSS3: 4.6 | 0% Низкий | 27 дней назад |
| GHSA-g93f-rhw4-8mj3 An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. This could allow an authenticated attacker to cause a denial of service condition by exhausting server resources. | CVSS3: 7.5 | 0% Низкий | 27 дней назад |
| GHSA-4x77-62h7-m5pj An issue has been discovered in GitLab CE/EE affecting all versions from 17.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Under certain conditions un-authorised users can view full email addresses that should be partially obscured. | CVSS3: 4.3 | 0% Низкий | 27 дней назад |
| GHSA-crr3-cvh5-8wfr An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of proper validation in GitLab could allow an authenticated user to cause a denial of service condition. | CVSS3: 6.5 | 0% Низкий | 27 дней назад |
| GHSA-r3m4-8xwf-9fpp An issue has been discovered in GitLab CE/EE affecting all versions from 10.2 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in the Kubernetes integration could allow an authenticated user to cause denial of service.. | CVSS3: 6.5 | 0% Низкий | 27 дней назад |
| GHSA-jqqw-x8w5-v4hh An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 before 18.0.1. In certain circumstances, a user with limited permissions could access Job Data via a crafted GraphQL query. | CVSS3: 2.7 | 0% Низкий | 27 дней назад |
| CVE-2025-0993 An issue has been discovered in GitLab CE/EE affecting all versions be ... | CVSS3: 7.5 | 0% Низкий | 27 дней назад |
 | CVE-2025-0993 An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. This could allow an authenticated attacker to cause a denial of service condition by exhausting server resources. | CVSS3: 7.5 | 0% Низкий | 27 дней назад |
Уязвимостей на страницу