Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

GitLab — Vulnerabilities & Security Advisories 1012

Browse all 1012 CVE security advisories affecting GitLab. AI-powered Chinese analysis, POCs, and references for each vulnerability.

GitLab operates as a comprehensive DevOps platform, providing version control, continuous integration, and deployment capabilities primarily for software development teams. With over one thousand recorded CVEs, the software has historically been susceptible to critical vulnerability classes, including remote code execution, cross-site scripting, and privilege escalation attacks. These flaws often stem from complex integrations and API endpoints, allowing attackers to bypass authentication or execute arbitrary commands on affected servers. Notable incidents have included unauthorized access to private repositories and data exfiltration due to improper access controls. The high volume of vulnerabilities reflects the platform’s extensive feature set and frequent updates, necessitating rigorous patch management. Security assessments consistently highlight the importance of configuring secure defaults and monitoring for known exploit patterns to mitigate risks associated with its broad attack surface.

Top products by GitLab: GitLab GitLab CE/EE GitLab Community and Enterprise Editions GitLab EE GitLab Runner gitlab-vscode-extension DAST GitLab Community Edition and GitLab Enterprise Edition Gitaly GitLab Pages DAST API scanner GitLab DAST API scanner GitLab VSCode Fork GitLab Language Server GitLab AI Gateway
CVE IDTitleCVSSSeverityPublished
CVE-2025-12073 Server-Side Request Forgery (SSRF) in GitLab — GitLabCWE-918 4.3 Medium2026-02-11
CVE-2025-12575 Server-Side Request Forgery (SSRF) in GitLab — GitLabCWE-918 5.4 Medium2026-02-11
CVE-2025-14560 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLabCWE-79 7.3 High2026-02-11
CVE-2025-14594 Authorization Bypass Through User-Controlled Key in GitLab — GitLabCWE-639 3.5 Low2026-02-11
CVE-2025-14592 Missing Authorization in GitLab — GitLabCWE-862 3.7 Low2026-02-11
CVE-2026-0595 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLabCWE-79 7.3 High2026-02-11
CVE-2026-0958 Interpretation Conflict in GitLab — GitLabCWE-436 7.5 High2026-02-11
CVE-2026-1080 Authorization Bypass Through User-Controlled Key in GitLab — GitLabCWE-639 4.3 Medium2026-02-11
CVE-2026-1094 Improper Validation of Unsafe Equivalence in Input in GitLab — GitLabCWE-1289 4.6 Medium2026-02-11
CVE-2026-1282 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab — GitLabCWE-80 3.5 Low2026-02-11
CVE-2026-1387 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 6.5 Medium2026-02-11
CVE-2026-1456 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 6.5 Medium2026-02-11
CVE-2026-1458 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 6.5 Medium2026-02-11
CVE-2026-1868 Improper Neutralization of Special Elements Used in a Template Engine in GitLab AI Gateway — GitLab AI GatewayCWE-1336 9.9 Critical2026-02-09
CVE-2026-1751 Missing Authorization in GitLab — GitLabCWE-862 3.1 Low2026-02-02
CVE-2025-13928 Incorrect Authorization in GitLab — GitLabCWE-863 7.5 High2026-01-22
CVE-2025-13927 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 7.5 High2026-01-22
CVE-2026-0723 Unchecked Return Value in GitLab — GitLabCWE-252 7.4 High2026-01-22
CVE-2026-1102 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 5.3 Medium2026-01-22
CVE-2025-13335 Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab — GitLabCWE-835 6.5 Medium2026-01-22
CVE-2025-11224 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLabCWE-79 7.7 High2026-01-14
CVE-2025-3950 Exposure of Private Personal Information to an Unauthorized Actor in GitLab — GitLabCWE-359 3.5 Low2026-01-09
CVE-2025-9222 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLabCWE-79 8.7 High2026-01-09
CVE-2025-10569 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 6.5 Medium2026-01-09
CVE-2025-11246 Insufficient Granularity of Access Control in GitLab — GitLabCWE-1220 5.4 Medium2026-01-09
CVE-2025-13772 Missing Authorization in GitLab — GitLabCWE-862 7.1 High2026-01-09
CVE-2025-13761 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLabCWE-79 8.0 High2026-01-09
CVE-2025-13781 Missing Authorization in GitLab — GitLabCWE-862 6.5 Medium2026-01-09
CVE-2025-12029 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLabCWE-79 8.0 High2025-12-11
CVE-2025-12734 Improper Encoding or Escaping of Output in GitLab — GitLabCWE-116 3.5 Low2025-12-11

This page lists every published CVE security advisory associated with GitLab. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.