Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

GitLab — Vulnerabilities & Security Advisories 1012

Browse all 1012 CVE security advisories affecting GitLab. AI-powered Chinese analysis, POCs, and references for each vulnerability.

GitLab operates as a comprehensive DevOps platform, providing version control, continuous integration, and deployment capabilities primarily for software development teams. With over one thousand recorded CVEs, the software has historically been susceptible to critical vulnerability classes, including remote code execution, cross-site scripting, and privilege escalation attacks. These flaws often stem from complex integrations and API endpoints, allowing attackers to bypass authentication or execute arbitrary commands on affected servers. Notable incidents have included unauthorized access to private repositories and data exfiltration due to improper access controls. The high volume of vulnerabilities reflects the platform’s extensive feature set and frequent updates, necessitating rigorous patch management. Security assessments consistently highlight the importance of configuring secure defaults and monitoring for known exploit patterns to mitigate risks associated with its broad attack surface.

Top products by GitLab: GitLab GitLab CE/EE GitLab Community and Enterprise Editions GitLab EE GitLab Runner gitlab-vscode-extension DAST GitLab Community Edition and GitLab Enterprise Edition Gitaly GitLab Pages DAST API scanner GitLab DAST API scanner GitLab VSCode Fork GitLab Language Server GitLab AI Gateway
CVE IDTitleCVSSSeverityPublished
CVE-2025-1478 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 6.5 Medium2025-06-12
CVE-2025-1516 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 6.5 Medium2025-06-12
CVE-2025-2254 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLabCWE-79 8.7 High2025-06-12
CVE-2025-4278 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab — GitLabCWE-80 8.7 High2025-06-12
CVE-2025-5996 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 6.5 Medium2025-06-12
CVE-2025-1763 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLabCWE-79 8.7 High2025-05-30
CVE-2024-7803 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 6.5 Medium2025-05-23
CVE-2024-9163 User Interface (UI) Misrepresentation of Critical Information in GitLab — GitLabCWE-451 3.5 Low2025-05-23
CVE-2024-12093 Improper Validation of Consistency within Input in GitLab — GitLabCWE-1288 6.8 Medium2025-05-22
CVE-2025-0605 Weak Authentication in GitLab — GitLabCWE-1390 4.6 Medium2025-05-22
CVE-2025-0679 Exposure of Private Personal Information to an Unauthorized Actor in GitLab — GitLabCWE-359 4.3 Medium2025-05-22
CVE-2025-0993 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 7.5 High2025-05-22
CVE-2025-1110 Insufficient Granularity of Access Control in GitLab — GitLabCWE-1220 2.7 Low2025-05-22
CVE-2025-2853 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 6.5 Medium2025-05-22
CVE-2025-3111 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 6.5 Medium2025-05-22
CVE-2025-4979 Insufficient Granularity of Access Control in GitLab — GitLabCWE-1220 4.9 Medium2025-05-22
CVE-2024-8973 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 6.5 Medium2025-05-09
CVE-2025-0549 Authentication Bypass Using an Alternate Path or Channel in GitLab — GitLabCWE-288 6.8 Medium2025-05-09
CVE-2025-1278 Insufficient Granularity of Access Control in GitLab — GitLabCWE-1220 5.3 Medium2025-05-09
CVE-2024-12244 Missing Authorization in GitLab — GitLabCWE-862 4.3 Medium2025-04-24
CVE-2025-0639 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 6.5 Medium2025-04-24
CVE-2025-1908 Business Logic Errors in GitLab — GitLabCWE-840 7.7 High2025-04-24
CVE-2025-0362 Improper Restriction of Rendered UI Layers or Frames in GitLab — GitLabCWE-1021 6.4 Medium2025-04-10
CVE-2025-2469 Debug Messages Revealing Unnecessary Information in GitLab — GitLabCWE-1295 3.7 Low2025-04-10
CVE-2024-11129 Generation of Error Message Containing Sensitive Information in GitLab — GitLabCWE-209 6.3 Medium2025-04-10
CVE-2025-1677 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 6.5 Medium2025-04-10
CVE-2025-2408 Insufficient Granularity of Access Control in GitLab — GitLabCWE-1220 5.3 Medium2025-04-10
CVE-2024-10307 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 4.3 Medium2025-03-28
CVE-2024-12619 Insufficient Granularity of Access Control in GitLab — GitLabCWE-1220 5.2 Medium2025-03-28
CVE-2025-2867 Improper Control of Generation of Code ('Code Injection') in GitLab — GitLabCWE-94 4.4 Medium2025-03-27

This page lists every published CVE security advisory associated with GitLab. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.