Gitlab — веб-платформа для управления проектами и репозиториями программного кода, работа которой основана на популярной системе контроля версий Git.
Релизный цикл, информация об уязвимостях
График релизов
Количество 5 332
CVE-2025-8405
GitLab has remediated a security issue in GitLab CE/EE affecting all v ...
CVE-2025-8405
GitLab has remediated a security issue in GitLab CE/EE affecting all versions from 17.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to perform unauthorized actions on behalf of other users by injecting malicious HTML into vulnerability code flow displays.
CVE-2025-4097
GitLab has remediated an issue in GitLab CE/EE affecting all versions ...
CVE-2025-4097
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to cause a denial of service condition by uploading specially crafted images.
CVE-2025-11984
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to bypass WebAuthn two-factor authentication by manipulating the session state under certain conditions.
CVE-2025-11984
GitLab has remediated an issue in GitLab CE/EE affecting all versions ...
CVE-2025-11247
GitLab has remediated an issue in GitLab EE affecting all versions from 13.2 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to disclose sensitive information from private projects by executing specifically crafted GraphQL queries.
CVE-2025-11247
GitLab has remediated an issue in GitLab EE affecting all versions fro ...
CVE-2025-8405
GitLab has remediated a security issue in GitLab CE/EE affecting all versions from 17.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to perform unauthorized actions on behalf of other users by injecting malicious HTML into vulnerability code flow displays.
CVE-2025-11984
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to bypass WebAuthn two-factor authentication by manipulating the session state under certain conditions.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2025-8405 GitLab has remediated a security issue in GitLab CE/EE affecting all v ... | CVSS3: 7.7 | 0% Низкий | около 2 месяцев назад |
 | CVE-2025-8405 GitLab has remediated a security issue in GitLab CE/EE affecting all versions from 17.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to perform unauthorized actions on behalf of other users by injecting malicious HTML into vulnerability code flow displays. | CVSS3: 7.7 | 0% Низкий | около 2 месяцев назад |
| CVE-2025-4097 GitLab has remediated an issue in GitLab CE/EE affecting all versions ... | CVSS3: 6.5 | 0% Низкий | около 2 месяцев назад |
| CVE-2025-4097 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to cause a denial of service condition by uploading specially crafted images. | CVSS3: 6.5 | 0% Низкий | около 2 месяцев назад |
| CVE-2025-11984 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to bypass WebAuthn two-factor authentication by manipulating the session state under certain conditions. | CVSS3: 6.8 | 0% Низкий | около 2 месяцев назад |
| CVE-2025-11984 GitLab has remediated an issue in GitLab CE/EE affecting all versions ... | CVSS3: 6.8 | 0% Низкий | около 2 месяцев назад |
| CVE-2025-11247 GitLab has remediated an issue in GitLab EE affecting all versions from 13.2 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to disclose sensitive information from private projects by executing specifically crafted GraphQL queries. | CVSS3: 4.3 | 0% Низкий | около 2 месяцев назад |
| CVE-2025-11247 GitLab has remediated an issue in GitLab EE affecting all versions fro ... | CVSS3: 4.3 | 0% Низкий | около 2 месяцев назад |
 | CVE-2025-8405 GitLab has remediated a security issue in GitLab CE/EE affecting all versions from 17.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to perform unauthorized actions on behalf of other users by injecting malicious HTML into vulnerability code flow displays. | CVSS3: 7.7 | 0% Низкий | около 2 месяцев назад |
| CVE-2025-11984 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to bypass WebAuthn two-factor authentication by manipulating the session state under certain conditions. | CVSS3: 6.8 | 0% Низкий | около 2 месяцев назад |
Уязвимостей на страницу