Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

GitLab — Vulnerabilities & Security Advisories 1012

Browse all 1012 CVE security advisories affecting GitLab. AI-powered Chinese analysis, POCs, and references for each vulnerability.

GitLab operates as a comprehensive DevOps platform, providing version control, continuous integration, and deployment capabilities primarily for software development teams. With over one thousand recorded CVEs, the software has historically been susceptible to critical vulnerability classes, including remote code execution, cross-site scripting, and privilege escalation attacks. These flaws often stem from complex integrations and API endpoints, allowing attackers to bypass authentication or execute arbitrary commands on affected servers. Notable incidents have included unauthorized access to private repositories and data exfiltration due to improper access controls. The high volume of vulnerabilities reflects the platform’s extensive feature set and frequent updates, necessitating rigorous patch management. Security assessments consistently highlight the importance of configuring secure defaults and monitoring for known exploit patterns to mitigate risks associated with its broad attack surface.

Top products by GitLab: GitLab GitLab CE/EE GitLab Community and Enterprise Editions GitLab EE GitLab Runner gitlab-vscode-extension DAST GitLab Community Edition and GitLab Enterprise Edition Gitaly GitLab Pages DAST API scanner GitLab DAST API scanner GitLab VSCode Fork GitLab Language Server GitLab AI Gateway
CVE IDTitleCVSSSeverityPublished
CVE-2025-10004 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 7.5 High2025-10-09
CVE-2025-11340 Incorrect Authorization in GitLab — GitLabCWE-863 7.7 High2025-10-09
CVE-2025-2934 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 4.3 Medium2025-10-09
CVE-2025-8014 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 7.5 High2025-09-27
CVE-2025-11042 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 4.3 Medium2025-09-26
CVE-2025-5069 Incorrect Ownership Assignment in GitLab — GitLabCWE-708 3.5 Low2025-09-26
CVE-2025-10868 Business Logic Errors in GitLab — GitLabCWE-840 3.5 Low2025-09-26
CVE-2025-7691 Privilege Defined With Unsafe Actions in GitLab — GitLabCWE-267 6.5 Medium2025-09-26
CVE-2025-9642 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLabCWE-79 8.7 High2025-09-26
CVE-2025-9958 Insertion of Sensitive Information Into Sent Data in GitLab — GitLabCWE-201 7.7 High2025-09-26
CVE-2025-10858 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 7.5 High2025-09-26
CVE-2025-10867 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 3.5 Low2025-09-26
CVE-2025-10871 Missing Authorization in GitLab — GitLabCWE-862 3.8 Low2025-09-26
CVE-2025-1250 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 6.5 Medium2025-09-12
CVE-2025-2256 Improper Validation of Specified Quantity in Input in GitLab — GitLabCWE-1284 7.5 High2025-09-12
CVE-2025-6454 Server-Side Request Forgery (SSRF) in GitLab — GitLabCWE-918 8.5 High2025-09-12
CVE-2025-6769 Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab — GitLabCWE-497 4.3 Medium2025-09-12
CVE-2025-7337 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 6.5 Medium2025-09-12
CVE-2025-10094 Improper Validation of Specified Quantity in Input in GitLab — GitLabCWE-1284 6.5 Medium2025-09-12
CVE-2025-2246 Missing Authorization in GitLab — GitLabCWE-862 5.8 Medium2025-08-27
CVE-2025-3601 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 6.5 Medium2025-08-27
CVE-2025-4225 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 5.3 Medium2025-08-27
CVE-2025-5101 Improper Control of Generation of Code ('Code Injection') in GitLab — GitLabCWE-94 5.0 Medium2025-08-27
CVE-2024-10219 Incorrect Authorization in GitLab — GitLabCWE-863 6.5 Medium2025-08-13
CVE-2024-12303 Incorrect Privilege Assignment in GitLab — GitLabCWE-266 6.7 Medium2025-08-13
CVE-2025-1477 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 6.5 Medium2025-08-13
CVE-2025-2498 Insufficient Granularity of Access Control in GitLab — GitLabCWE-1220 3.1 Low2025-08-13
CVE-2025-2614 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 6.5 Medium2025-08-13
CVE-2025-2937 Inefficient Regular Expression Complexity in GitLab — GitLabCWE-1333 6.5 Medium2025-08-13
CVE-2025-5819 Incorrect Permission Assignment for Critical Resource in GitLab — GitLabCWE-732 5.0 Medium2025-08-13

This page lists every published CVE security advisory associated with GitLab. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.