Gitlab — веб-платформа для управления проектами и репозиториями программного кода, работа которой основана на популярной системе контроля версий Git.
Релизный цикл, информация об уязвимостях
График релизов
Количество 5 336
CVE-2025-9222
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2.2 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to achieve stored cross-site scripting by exploiting GitLab Flavored Markdown.
CVE-2025-3950
GitLab has remediated an issue in GitLab CE/EE affecting all versions ...
CVE-2025-3950
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed a user to leak certain information by referencing specially crafted images that bypass asset proxy protection.
CVE-2025-13781
GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to modify instance-wide AI feature provider settings by exploiting missing authorization checks in GraphQL mutations.
CVE-2025-13781
GitLab has remediated an issue in GitLab EE affecting all versions fro ...
CVE-2025-13772
GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to access and utilize AI model settings from unauthorized namespaces by manipulating namespace identifiers in API requests.
CVE-2025-13772
GitLab has remediated an issue in GitLab EE affecting all versions fro ...
CVE-2025-13761
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an unauthenticated user to execute arbitrary code in the context of an authenticated user's browser by convincing the legitimate user to visit a specially crafted webpage.
CVE-2025-13761
GitLab has remediated an issue in GitLab CE/EE affecting all versions ...
CVE-2025-11246
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user with specific permissions to remove all project runners from unrelated projects by manipulating GraphQL runner associations.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2025-9222 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2.2 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to achieve stored cross-site scripting by exploiting GitLab Flavored Markdown. | CVSS3: 8.7 | 0% Низкий | около 1 месяца назад |
| CVE-2025-3950 GitLab has remediated an issue in GitLab CE/EE affecting all versions ... | CVSS3: 3.5 | 0% Низкий | около 1 месяца назад |
| CVE-2025-3950 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed a user to leak certain information by referencing specially crafted images that bypass asset proxy protection. | CVSS3: 3.5 | 0% Низкий | около 1 месяца назад |
| CVE-2025-13781 GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to modify instance-wide AI feature provider settings by exploiting missing authorization checks in GraphQL mutations. | CVSS3: 6.5 | 0% Низкий | около 1 месяца назад |
| CVE-2025-13781 GitLab has remediated an issue in GitLab EE affecting all versions fro ... | CVSS3: 6.5 | 0% Низкий | около 1 месяца назад |
| CVE-2025-13772 GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to access and utilize AI model settings from unauthorized namespaces by manipulating namespace identifiers in API requests. | CVSS3: 7.1 | 0% Низкий | около 1 месяца назад |
| CVE-2025-13772 GitLab has remediated an issue in GitLab EE affecting all versions fro ... | CVSS3: 7.1 | 0% Низкий | около 1 месяца назад |
| CVE-2025-13761 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an unauthenticated user to execute arbitrary code in the context of an authenticated user's browser by convincing the legitimate user to visit a specially crafted webpage. | CVSS3: 8 | 0% Низкий | около 1 месяца назад |
| CVE-2025-13761 GitLab has remediated an issue in GitLab CE/EE affecting all versions ... | CVSS3: 8 | 0% Низкий | около 1 месяца назад |
| CVE-2025-11246 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user with specific permissions to remove all project runners from unrelated projects by manipulating GraphQL runner associations. | CVSS3: 5.4 | 0% Низкий | около 1 месяца назад |
Уязвимостей на страницу