Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

GitLab — Vulnerabilities & Security Advisories 1012

Browse all 1012 CVE security advisories affecting GitLab. AI-powered Chinese analysis, POCs, and references for each vulnerability.

GitLab operates as a comprehensive DevOps platform, providing version control, continuous integration, and deployment capabilities primarily for software development teams. With over one thousand recorded CVEs, the software has historically been susceptible to critical vulnerability classes, including remote code execution, cross-site scripting, and privilege escalation attacks. These flaws often stem from complex integrations and API endpoints, allowing attackers to bypass authentication or execute arbitrary commands on affected servers. Notable incidents have included unauthorized access to private repositories and data exfiltration due to improper access controls. The high volume of vulnerabilities reflects the platform’s extensive feature set and frequent updates, necessitating rigorous patch management. Security assessments consistently highlight the importance of configuring secure defaults and monitoring for known exploit patterns to mitigate risks associated with its broad attack surface.

Top products by GitLab: GitLab GitLab CE/EE GitLab Community and Enterprise Editions GitLab EE GitLab Runner gitlab-vscode-extension DAST GitLab Community Edition and GitLab Enterprise Edition Gitaly GitLab Pages DAST API scanner GitLab DAST API scanner GitLab VSCode Fork GitLab Language Server GitLab AI Gateway
CVE IDTitleCVSSSeverityPublished
CVE-2026-2995 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab — GitLabCWE-80 7.7 High2026-03-25
CVE-2026-3857 Cross-Site Request Forgery (CSRF) in GitLab — GitLabCWE-352 8.1 High2026-03-25
CVE-2026-3988 Inefficient Algorithmic Complexity in GitLab — GitLabCWE-407 7.5 High2026-03-25
CVE-2026-4363 Incorrect Authorization in GitLab — GitLabCWE-863 3.7 Low2026-03-25
CVE-2026-1182 Improper Removal of Sensitive Information Before Storage or Transfer in GitLab — GitLabCWE-212 4.3 Medium2026-03-12
CVE-2025-12555 Incorrect Authorization in GitLab — GitLabCWE-863 4.3 Medium2026-03-11
CVE-2025-12576 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 6.5 Medium2026-03-11
CVE-2025-12697 Improper Encoding or Escaping of Output in GitLab — GitLabCWE-116 2.2 Low2026-03-11
CVE-2025-12704 Missing Authorization in GitLab — GitLabCWE-862 3.5 Low2026-03-11
CVE-2025-13690 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 6.5 Medium2026-03-11
CVE-2025-13929 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 7.5 High2026-03-11
CVE-2025-14513 Improper Validation of Specified Quantity in Input in GitLab — GitLabCWE-1284 7.5 High2026-03-11
CVE-2026-0602 Authentication Bypass Using an Alternate Path or Channel in GitLab — GitLabCWE-288 4.3 Medium2026-03-11
CVE-2026-1069 Uncontrolled Recursion in GitLab — GitLabCWE-674 7.5 High2026-03-11
CVE-2026-1090 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLabCWE-79 8.7 High2026-03-11
CVE-2026-1230 Use of Incorrectly-Resolved Name or Reference in GitLab — GitLabCWE-706 4.1 Medium2026-03-11
CVE-2026-1663 Missing Authorization in GitLab — GitLabCWE-862 4.3 Medium2026-03-11
CVE-2026-1732 Improper Removal of Sensitive Information Before Storage or Transfer in GitLab — GitLabCWE-212 4.3 Medium2026-03-11
CVE-2026-3848 Improper Neutralization of CRLF Sequences ('CRLF Injection') in GitLab — GitLabCWE-93 5.0 Medium2026-03-11
CVE-2025-14511 Improper Validation of Specified Quantity in Input in GitLab — GitLabCWE-1284 7.5 High2026-02-25
CVE-2026-0752 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLabCWE-79 8.0 High2026-02-25
CVE-2026-1388 Inefficient Regular Expression Complexity in GitLab — GitLabCWE-1333 7.5 High2026-02-25
CVE-2026-1662 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 7.5 High2026-02-25
CVE-2026-1747 Authentication Bypass Using an Alternate Path or Channel in GitLab — GitLabCWE-288 4.3 Medium2026-02-25
CVE-2026-1725 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 5.3 Medium2026-02-25
CVE-2026-2845 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 6.5 Medium2026-02-25
CVE-2025-3525 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 6.5 Medium2026-02-25
CVE-2025-14103 Missing Authorization in GitLab — GitLabCWE-862 4.3 Medium2026-02-25
CVE-2025-7659 Origin Validation Error in GitLab — GitLabCWE-346 8.0 High2026-02-11
CVE-2025-8099 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 7.5 High2026-02-11

This page lists every published CVE security advisory associated with GitLab. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.