Gitlab — веб-платформа для управления проектами и репозиториями программного кода, работа которой основана на популярной системе контроля версий Git.
Релизный цикл, информация об уязвимостях
График релизов
Количество 5 336
BDU:2025-09558
Уязвимость программной платформы на базе git для совместной работы над кодом GitLab EE/ CE, связанная с неограниченным распределением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2025-06414
Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связанная с ошибками представления информации пользовательским интерфейсом, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
GHSA-q768-3m4h-qj2j
An issue has been discovered in GitLab CE/EE affecting all versions from 12.0 before 17.9.8, 17.10 before 17.10.6, and 17.11 before 17.11.2. Under certain conditions users could bypass IP access restrictions and view sensitive information.
GHSA-q656-cxxx-f8h7
An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. It was possible to cause a DoS condition via GitHub import requests using a malicious crafted payload.
GHSA-q8cg-g95p-qfr2
An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.3 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. A security vulnerability allows attackers to bypass Device OAuth flow protections, enabling authorization form submission through minimal user interaction.
CVE-2025-1278
An issue has been discovered in GitLab CE/EE affecting all versions from 12.0 before 17.9.8, 17.10 before 17.10.6, and 17.11 before 17.11.2. Under certain conditions users could bypass IP access restrictions and view sensitive information.
CVE-2025-1278
An issue has been discovered in GitLab CE/EE affecting all versions fr ...
CVE-2025-0549
An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.3 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. A security vulnerability allows attackers to bypass Device OAuth flow protections, enabling authorization form submission through minimal user interaction.
CVE-2025-0549
An issue has been discovered in GitLab CE/EE affecting all versions st ...
CVE-2024-8973
An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. It was possible to cause a DoS condition via GitHub import requests using a malicious crafted payload.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | BDU:2025-09558 Уязвимость программной платформы на базе git для совместной работы над кодом GitLab EE/ CE, связанная с неограниченным распределением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 6.5 | 0% Низкий | 9 месяцев назад |
| BDU:2025-06414 Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связанная с ошибками представления информации пользовательским интерфейсом, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации | CVSS3: 3.5 | 0% Низкий | 9 месяцев назад |
| GHSA-q768-3m4h-qj2j An issue has been discovered in GitLab CE/EE affecting all versions from 12.0 before 17.9.8, 17.10 before 17.10.6, and 17.11 before 17.11.2. Under certain conditions users could bypass IP access restrictions and view sensitive information. | CVSS3: 5.3 | 0% Низкий | 9 месяцев назад |
| GHSA-q656-cxxx-f8h7 An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. It was possible to cause a DoS condition via GitHub import requests using a malicious crafted payload. | CVSS3: 6.5 | 0% Низкий | 9 месяцев назад |
| GHSA-q8cg-g95p-qfr2 An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.3 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. A security vulnerability allows attackers to bypass Device OAuth flow protections, enabling authorization form submission through minimal user interaction. | CVSS3: 6.8 | 0% Низкий | 9 месяцев назад |
 | CVE-2025-1278 An issue has been discovered in GitLab CE/EE affecting all versions from 12.0 before 17.9.8, 17.10 before 17.10.6, and 17.11 before 17.11.2. Under certain conditions users could bypass IP access restrictions and view sensitive information. | CVSS3: 5.3 | 0% Низкий | 9 месяцев назад |
| CVE-2025-1278 An issue has been discovered in GitLab CE/EE affecting all versions fr ... | CVSS3: 5.3 | 0% Низкий | 9 месяцев назад |
| CVE-2025-0549 An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.3 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. A security vulnerability allows attackers to bypass Device OAuth flow protections, enabling authorization form submission through minimal user interaction. | CVSS3: 6.8 | 0% Низкий | 9 месяцев назад |
| CVE-2025-0549 An issue has been discovered in GitLab CE/EE affecting all versions st ... | CVSS3: 6.8 | 0% Низкий | 9 месяцев назад |
| CVE-2024-8973 An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. It was possible to cause a DoS condition via GitHub import requests using a malicious crafted payload. | CVSS3: 6.5 | 0% Низкий | 9 месяцев назад |
Уязвимостей на страницу