Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Tag: gitlab Clear
ID Title
CVE-2026-10712 Cross-Site Scripting (XSS) in gitlab (CVE-2026-10712)
cross-site scripting in gitlab (CVE-2026-10712). Confidential information can be exposed externally.
CVE-2026-0934 Authorization Flaw in gitlab (CVE-2026-0934)
vulnerability in gitlab (CVE-2026-0934). Risk of unauthorized operations or information disclosure.
CVE-2026-12053 Vulnerability in gitlab (CVE-2026-12053)
vulnerability in gitlab (CVE-2026-12053). Confidential information can be exposed externally.
CVE-2026-11379 Authorization Flaw in gitlab (CVE-2026-11379)
vulnerability in gitlab (CVE-2026-11379). Confidential information can be exposed externally.
CVE-2026-1606 Code Injection in gitlab (CVE-2026-1606)
code injection in gitlab (CVE-2026-1606). Risk of unauthorized operations or information disclosure.
CVE-2026-10086 Cross-Site Scripting (XSS) in gitlab (CVE-2026-10086)
cross-site scripting in gitlab (CVE-2026-10086). Confidential information can be exposed externally.
CVE-2026-5796 Authorization Flaw in gitlab (CVE-2026-5796)
vulnerability in gitlab (CVE-2026-5796). Risk of unauthorized operations or information disclosure.
CVE-2026-8330 Vulnerability in gitlab (CVE-2026-8330)
vulnerability in gitlab (CVE-2026-8330). Confidential information can be exposed externally.
CVE-2026-3176 Vulnerability in gitlab (CVE-2026-3176)
vulnerability in gitlab (CVE-2026-3176). Risk of unauthorized operations or information disclosure.
CVE-2026-2238 Vulnerability in gitlab (CVE-2026-2238)
vulnerability in gitlab (CVE-2026-2238). Risk of unauthorized operations or information disclosure.
CVE-2026-5952 Authorization Flaw in gitlab (CVE-2026-5952)
vulnerability in gitlab (CVE-2026-5952). Risk of unauthorized operations or information disclosure.
CVE-2026-9204 SSRF (Server-Side Request Forgery) in gitlab (CVE-2026-9204)
SSRF in gitlab (CVE-2026-9204). Confidential information can be exposed externally. Mitigation: upgrade to `18.10.8, 18.11.5, 19.0.2` or later.
CVE-2026-7250 Vulnerability in gitlab (CVE-2026-7250)
vulnerability in gitlab (CVE-2026-7250). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.10.8, 18.11.5, 19.0.2` or later.
CVE-2026-6277 Authorization Flaw in gitlab (CVE-2026-6277)
vulnerability in gitlab (CVE-2026-6277). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.10.8, 18.11.5, 19.0.2` or later.
CVE-2026-8589 Cross-Site Scripting (XSS) in gitlab (CVE-2026-8589)
cross-site scripting in gitlab (CVE-2026-8589). Confidential information can be exposed externally. Mitigation: upgrade to `18.10.8, 18.11.5, 19.0.2` or later.
CVE-2026-6269 Authorization Flaw in gitlab (CVE-2026-6269)
vulnerability in gitlab (CVE-2026-6269). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.10.8, 18.11.5, 19.0.2` or later.
CVE-2026-3553 Authorization Flaw in gitlab (CVE-2026-3553)
vulnerability in gitlab (CVE-2026-3553). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.10.8, 18.11.5, 19.0.2` or later.
CVE-2026-10087 Cross-Site Scripting (XSS) in gitlab (CVE-2026-10087)
cross-site scripting in gitlab (CVE-2026-10087). Confidential information can be exposed externally. Mitigation: upgrade to `18.10.8, 18.11.5, 19.0.2` or later.
CVE-2026-1500 Vulnerability in gitlab (CVE-2026-1500)
vulnerability in gitlab (CVE-2026-1500). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.10.8, 18.11.5, 19.0.2` or later.
CVE-2026-9807 Authorization Flaw in gitlab (CVE-2026-9807)
vulnerability in gitlab (CVE-2026-9807). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.10.7, 18.11.4, 19.0.1` or later.
CVE-2026-8716 Vulnerability in gitlab (CVE-2026-8716)
vulnerability in gitlab (CVE-2026-8716). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.10.7, 18.11.4, 19.0.2` or later.
CVE-2026-6713 Authorization Flaw in gitlab (CVE-2026-6713)
vulnerability in gitlab (CVE-2026-6713). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.10.7, 18.11.4, 19.0.2` or later.
CVE-2026-5296 Vulnerability in gitlab (CVE-2026-5296)
vulnerability in gitlab (CVE-2026-5296). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.10.7, 18.11.4, 19.0.2` or later.
CVE-2026-2601 Vulnerability in gitlab (CVE-2026-2601)
vulnerability in gitlab (CVE-2026-2601). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.10.7, 18.11.4, 19.0.2` or later.
CVE-2026-1402 Vulnerability in gitlab (CVE-2026-1402)
vulnerability in gitlab (CVE-2026-1402). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.10.7, 18.11.4, 19.0.2` or later.
CVE-2026-7377 Cross-Site Scripting (XSS) in gitlab (CVE-2026-7377)
cross-site scripting in gitlab (CVE-2026-7377). Confidential information can be exposed externally. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
CVE-2026-8280 Vulnerability in gitlab (CVE-2026-8280)
vulnerability in gitlab (CVE-2026-8280). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
CVE-2026-6883 Vulnerability in gitlab (CVE-2026-6883)
vulnerability in gitlab (CVE-2026-6883). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
CVE-2026-7471 SSRF (Server-Side Request Forgery) in gitlab (CVE-2026-7471)
SSRF in gitlab (CVE-2026-7471). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
CVE-2026-8144 Vulnerability in gitlab (CVE-2026-8144)
vulnerability in gitlab (CVE-2026-8144). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
CVE-2026-6335 Cross-Site Scripting (XSS) in gitlab (CVE-2026-6335)
cross-site scripting in gitlab (CVE-2026-6335). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.11.3` or later.
CVE-2026-7481 Cross-Site Scripting (XSS) in gitlab (CVE-2026-7481)
cross-site scripting in gitlab (CVE-2026-7481). Confidential information can be exposed externally. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
CVE-2026-6073 Cross-Site Scripting (XSS) in gitlab (CVE-2026-6073)
cross-site scripting in gitlab (CVE-2026-6073). Confidential information can be exposed externally. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
CVE-2026-3160 Vulnerability in gitlab (CVE-2026-3160)
vulnerability in gitlab (CVE-2026-3160). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
CVE-2026-4524 Vulnerability in gitlab (CVE-2026-4524)
vulnerability in gitlab (CVE-2026-4524). Confidential information can be exposed externally. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
CVE-2026-1184 Unsafe Deserialization in gitlab (CVE-2026-1184)
vulnerability in gitlab (CVE-2026-1184). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
CVE-2026-1659 Vulnerability in gitlab (CVE-2026-1659)
vulnerability in gitlab (CVE-2026-1659). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
CVE-2026-4527 Cross-Site Request Forgery (CSRF) in gitlab (CVE-2026-4527)
vulnerability in gitlab (CVE-2026-4527). Confidential information can be exposed externally. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
CVE-2026-2900 Vulnerability in gitlab (CVE-2026-2900)
vulnerability in gitlab (CVE-2026-2900). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
CVE-2025-14870 Vulnerability in gitlab (CVE-2025-14870)
vulnerability in gitlab (CVE-2025-14870). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
CVE-2025-12669 Code Injection in gitlab (CVE-2025-12669)
code injection in gitlab (CVE-2025-12669). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
CVE-2021-22175 KEV [KEV] SSRF (Server-Side Request Forgery) in gitlab (CVE-2021-22175)
SSRF in gitlab (CVE-2021-22175). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-39935 KEV [KEV] SSRF (Server-Side Request Forgery) in Gitlab community-and-enterprise-editions (CVE-2021-39935)
SSRF in Gitlab community-and-enterprise-editions (CVE-2021-39935). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-9222 Cross-Site Scripting (XSS) in gitlab (CVE-2025-9222)
cross-site scripting in gitlab (CVE-2025-9222). Confidential information can be exposed externally.
CVE-2025-13761 Cross-Site Scripting (XSS) in c (CVE-2025-13761)
cross-site scripting in c (CVE-2025-13761). Confidential information can be exposed externally.
CVE-2025-13772 Vulnerability in gitlab (CVE-2025-13772)
vulnerability in gitlab (CVE-2025-13772). Confidential information can be exposed externally.
CVE-2023-7028 KEV [KEV] Vulnerability in gitlab (CVE-2023-7028)
vulnerability in gitlab (CVE-2023-7028). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-39913 Privilege Escalation in gitlab (CVE-2021-39913)
vulnerability in gitlab (CVE-2021-39913). Confidential information can be exposed externally.
CVE-2021-39904 Authorization Flaw in gitlab (CVE-2021-39904)
vulnerability in gitlab (CVE-2021-39904). Risk of unauthorized operations or information disclosure.
CVE-2021-22205 KEV [KEV] Vulnerability in Gitlab community-and-enterprise-editions (CVE-2021-22205)
vulnerability in Gitlab community-and-enterprise-editions (CVE-2021-22205). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →