Gitlab — веб-платформа для управления проектами и репозиториями программного кода, работа которой основана на популярной системе контроля версий Git.
Релизный цикл, информация об уязвимостях
График релизов
Количество 5 102
GHSA-mqc7-7g5h-6j4r
An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could have allowed an authenticated user to create a denial-of-service condition by exploiting an unprotected GraphQL API through repeated requests.
GHSA-g349-hgx7-9cj9
An issue was discovered in GitLab CE/EE affecting all versions before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that allows unauthenticated users to cause a Denial of Service (DoS) condition while uploading specifically crafted large JSON files.
CVE-2025-9958
An issue has been discovered in GitLab CE/EE affecting all versions fr ...
CVE-2025-9958
An issue has been discovered in GitLab CE/EE affecting all versions from 14.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1, that could have allowed Guest users to access sensitive information stored in virtual registry configurations.
CVE-2025-9642
An issue has been discovered in GitLab CE/EE affecting all versions fr ...
CVE-2025-9642
An issue has been discovered in GitLab CE/EE affecting all versions from 14.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could allow an attacker to inject malicious content that may lead to account takeover.
CVE-2025-7691
A privilege escalation issue has been discovered in GitLab EE affecting all versions from 16.6 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 that could have allowed a developer with specific group management permissions to escalate their privileges and obtain unauthorized access to additional system capabilities.
CVE-2025-7691
A privilege escalation issue has been discovered in GitLab EE affectin ...
CVE-2025-10871
An issue has been discovered in GitLab EE affecting all versions from 16.6 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1. Project Maintainers can exploit a vulnerability where they can assign custom roles to users with permissions exceeding their own, effectively granting themselves elevated privileges.
CVE-2025-10871
An issue has been discovered in GitLab EE affecting all versions from ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-mqc7-7g5h-6j4r An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could have allowed an authenticated user to create a denial-of-service condition by exploiting an unprotected GraphQL API through repeated requests. | CVSS3: 3.5 | 0% Низкий | около 1 месяца назад |
| GHSA-g349-hgx7-9cj9 An issue was discovered in GitLab CE/EE affecting all versions before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that allows unauthenticated users to cause a Denial of Service (DoS) condition while uploading specifically crafted large JSON files. | CVSS3: 7.5 | 0% Низкий | около 1 месяца назад |
| CVE-2025-9958 An issue has been discovered in GitLab CE/EE affecting all versions fr ... | CVSS3: 6.5 | 0% Низкий | около 1 месяца назад |
 | CVE-2025-9958 An issue has been discovered in GitLab CE/EE affecting all versions from 14.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1, that could have allowed Guest users to access sensitive information stored in virtual registry configurations. | CVSS3: 6.5 | 0% Низкий | около 1 месяца назад |
| CVE-2025-9642 An issue has been discovered in GitLab CE/EE affecting all versions fr ... | CVSS3: 8.7 | 0% Низкий | около 1 месяца назад |
| CVE-2025-9642 An issue has been discovered in GitLab CE/EE affecting all versions from 14.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could allow an attacker to inject malicious content that may lead to account takeover. | CVSS3: 8.7 | 0% Низкий | около 1 месяца назад |
| CVE-2025-7691 A privilege escalation issue has been discovered in GitLab EE affecting all versions from 16.6 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 that could have allowed a developer with specific group management permissions to escalate their privileges and obtain unauthorized access to additional system capabilities. | CVSS3: 6.5 | 0% Низкий | около 1 месяца назад |
| CVE-2025-7691 A privilege escalation issue has been discovered in GitLab EE affectin ... | CVSS3: 6.5 | 0% Низкий | около 1 месяца назад |
| CVE-2025-10871 An issue has been discovered in GitLab EE affecting all versions from 16.6 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1. Project Maintainers can exploit a vulnerability where they can assign custom roles to users with permissions exceeding their own, effectively granting themselves elevated privileges. | CVSS3: 3.8 | 0% Низкий | около 1 месяца назад |
| CVE-2025-10871 An issue has been discovered in GitLab EE affecting all versions from ... | CVSS3: 3.8 | 0% Низкий | около 1 месяца назад |
Уязвимостей на страницу