Gitlab — веб-платформа для управления проектами и репозиториями программного кода, работа которой основана на популярной системе контроля версий Git.
Релизный цикл, информация об уязвимостях
График релизов
Количество 5 336
CVE-2025-3111
An issue has been discovered in GitLab CE/EE affecting all versions from 10.2 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in the Kubernetes integration could allow an authenticated user to cause denial of service..
CVE-2025-2853
An issue has been discovered in GitLab CE/EE affecting all versions be ...
CVE-2025-2853
An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of proper validation in GitLab could allow an authenticated user to cause a denial of service condition.
CVE-2025-1110
An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 before 18.0.1. In certain circumstances, a user with limited permissions could access Job Data via a crafted GraphQL query.
CVE-2025-1110
An issue has been discovered in GitLab CE/EE affecting all versions fr ...
CVE-2025-4979
An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. An attacker may be able to reveal masked or hidden CI variables (that they did not author) in the WebUI, by simply creating their own variable and observing the HTTP response.
CVE-2025-2853
An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of proper validation in GitLab could allow an authenticated user to cause a denial of service condition.
CVE-2025-1110
An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 before 18.0.1. In certain circumstances, a user with limited permissions could access Job Data via a crafted GraphQL query.
CVE-2025-3111
An issue has been discovered in GitLab CE/EE affecting all versions from 10.2 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in the Kubernetes integration could allow an authenticated user to cause denial of service..
BDU:2025-06006
Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связанная с распределением ресурсов без ограничений или регулирования, позволяющая нарушителю вызвать отказ в обслуживании
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2025-3111 An issue has been discovered in GitLab CE/EE affecting all versions from 10.2 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in the Kubernetes integration could allow an authenticated user to cause denial of service.. | CVSS3: 6.5 | 0% Низкий | 9 месяцев назад |
| CVE-2025-2853 An issue has been discovered in GitLab CE/EE affecting all versions be ... | CVSS3: 6.5 | 0% Низкий | 9 месяцев назад |
| CVE-2025-2853 An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of proper validation in GitLab could allow an authenticated user to cause a denial of service condition. | CVSS3: 6.5 | 0% Низкий | 9 месяцев назад |
| CVE-2025-1110 An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 before 18.0.1. In certain circumstances, a user with limited permissions could access Job Data via a crafted GraphQL query. | CVSS3: 2.7 | 0% Низкий | 9 месяцев назад |
| CVE-2025-1110 An issue has been discovered in GitLab CE/EE affecting all versions fr ... | CVSS3: 2.7 | 0% Низкий | 9 месяцев назад |
 | CVE-2025-4979 An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. An attacker may be able to reveal masked or hidden CI variables (that they did not author) in the WebUI, by simply creating their own variable and observing the HTTP response. | CVSS3: 4.9 | 0% Низкий | 9 месяцев назад |
| CVE-2025-2853 An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of proper validation in GitLab could allow an authenticated user to cause a denial of service condition. | CVSS3: 6.5 | 0% Низкий | 9 месяцев назад |
| CVE-2025-1110 An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 before 18.0.1. In certain circumstances, a user with limited permissions could access Job Data via a crafted GraphQL query. | CVSS3: 2.7 | 0% Низкий | 9 месяцев назад |
| CVE-2025-3111 An issue has been discovered in GitLab CE/EE affecting all versions from 10.2 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in the Kubernetes integration could allow an authenticated user to cause denial of service.. | CVSS3: 6.5 | 0% Низкий | 9 месяцев назад |
 | BDU:2025-06006 Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связанная с распределением ресурсов без ограничений или регулирования, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 7.5 | 0% Низкий | 9 месяцев назад |
Уязвимостей на страницу