Gitlab — веб-платформа для управления проектами и репозиториями программного кода, работа которой основана на популярной системе контроля версий Git.
Релизный цикл, информация об уязвимостях
График релизов
Количество 5 237
GHSA-cf8f-2f35-r5wx
GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to gain CSRF tokens by exploiting improper input validation in repository references combined with redirect handling weaknesses.
CVE-2025-12983
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to cause a denial of service condition by submitting specially crafted markdown content with nested formatting patterns.
CVE-2025-12983
GitLab has remediated an issue in GitLab CE/EE affecting all versions ...
CVE-2025-12983
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to cause a denial of service condition by submitting specially crafted markdown content with nested formatting patterns.
CVE-2025-7736
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to bypass access control restrictions and view GitLab Pages content intended only for project members by authenticating through OAuth providers.
CVE-2025-7736
GitLab has remediated an issue in GitLab CE/EE affecting all versions ...
CVE-2025-7000
An issue has been discovered in GitLab CE/EE affecting all versions from 17.6 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that, under specific conditions, could have allowed unauthorized users to view confidential branch names by accessing project issues with related merge requests.
CVE-2025-7000
An issue has been discovered in GitLab CE/EE affecting all versions f ...
CVE-2025-6945
GitLab has remediated an issue in GitLab EE affecting all versions from 17.8 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to leak sensitive information from confidential issues by injecting hidden prompts into merge request comments.
CVE-2025-6945
GitLab has remediated an issue in GitLab EE affecting all versions fro ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-cf8f-2f35-r5wx GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to gain CSRF tokens by exploiting improper input validation in repository references combined with redirect handling weaknesses. | CVSS3: 3.1 | 0% Низкий | около 1 месяца назад |
 | CVE-2025-12983 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to cause a denial of service condition by submitting specially crafted markdown content with nested formatting patterns. | CVSS3: 3.5 | 0% Низкий | около 1 месяца назад |
| CVE-2025-12983 GitLab has remediated an issue in GitLab CE/EE affecting all versions ... | CVSS3: 3.5 | 0% Низкий | около 1 месяца назад |
 | CVE-2025-12983 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to cause a denial of service condition by submitting specially crafted markdown content with nested formatting patterns. | CVSS3: 3.5 | 0% Низкий | около 1 месяца назад |
| CVE-2025-7736 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to bypass access control restrictions and view GitLab Pages content intended only for project members by authenticating through OAuth providers. | CVSS3: 3.1 | 0% Низкий | около 1 месяца назад |
| CVE-2025-7736 GitLab has remediated an issue in GitLab CE/EE affecting all versions ... | CVSS3: 3.1 | 0% Низкий | около 1 месяца назад |
| CVE-2025-7000 An issue has been discovered in GitLab CE/EE affecting all versions from 17.6 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that, under specific conditions, could have allowed unauthorized users to view confidential branch names by accessing project issues with related merge requests. | CVSS3: 4.3 | 0% Низкий | около 1 месяца назад |
| CVE-2025-7000 An issue has been discovered in GitLab CE/EE affecting all versions f ... | CVSS3: 4.3 | 0% Низкий | около 1 месяца назад |
| CVE-2025-6945 GitLab has remediated an issue in GitLab EE affecting all versions from 17.8 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to leak sensitive information from confidential issues by injecting hidden prompts into merge request comments. | CVSS3: 3.5 | 0% Низкий | около 1 месяца назад |
| CVE-2025-6945 GitLab has remediated an issue in GitLab EE affecting all versions fro ... | CVSS3: 3.5 | 0% Низкий | около 1 месяца назад |
Уязвимостей на страницу