Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

GitLab — Vulnerabilities & Security Advisories 1012

Browse all 1012 CVE security advisories affecting GitLab. AI-powered Chinese analysis, POCs, and references for each vulnerability.

GitLab operates as a comprehensive DevOps platform, providing version control, continuous integration, and deployment capabilities primarily for software development teams. With over one thousand recorded CVEs, the software has historically been susceptible to critical vulnerability classes, including remote code execution, cross-site scripting, and privilege escalation attacks. These flaws often stem from complex integrations and API endpoints, allowing attackers to bypass authentication or execute arbitrary commands on affected servers. Notable incidents have included unauthorized access to private repositories and data exfiltration due to improper access controls. The high volume of vulnerabilities reflects the platform’s extensive feature set and frequent updates, necessitating rigorous patch management. Security assessments consistently highlight the importance of configuring secure defaults and monitoring for known exploit patterns to mitigate risks associated with its broad attack surface.

Top products by GitLab: GitLab GitLab CE/EE GitLab Community and Enterprise Editions GitLab EE GitLab Runner gitlab-vscode-extension DAST GitLab Community Edition and GitLab Enterprise Edition Gitaly GitLab Pages DAST API scanner GitLab DAST API scanner GitLab VSCode Fork GitLab Language Server GitLab AI Gateway
CVE IDTitleCVSSSeverityPublished
CVE-2024-9773 Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab — GitLabCWE-77 3.7 Low2025-03-27
CVE-2025-0811 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLabCWE-79 8.7 High2025-03-27
CVE-2025-2242 Incorrect Authorization in GitLab — GitLabCWE-863 7.5 High2025-03-27
CVE-2025-2255 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLabCWE-79 8.7 High2025-03-27
CVE-2024-7296 Incorrect Authorization in GitLab — GitLabCWE-863 2.7 Low2025-03-13
CVE-2025-1257 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 6.5 Medium2025-03-13
CVE-2024-8402 Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab — GitLabCWE-77 3.7 Low2025-03-13
CVE-2024-12380 Generation of Error Message Containing Sensitive Information in GitLab — GitLabCWE-209 4.4 Medium2025-03-13
CVE-2024-13054 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 6.5 Medium2025-03-13
CVE-2025-0652 Incorrect Authorization in GitLab — GitLabCWE-863 4.3 Medium2025-03-13
CVE-2025-2045 Incorrect Authorization in GitLab — GitLabCWE-863 4.3 Medium2025-03-06
CVE-2025-1540 Incorrect Authorization in GitLab — GitLabCWE-863 3.1 Low2025-03-06
CVE-2025-0555 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLabCWE-79 7.7 High2025-03-03
CVE-2024-10925 Authorization Bypass Through User-Controlled Key in GitLab — GitLabCWE-639 5.3 Medium2025-03-03
CVE-2025-0475 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLabCWE-79 8.7 High2025-03-03
CVE-2024-8186 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLabCWE-79 5.4 Medium2025-03-03
CVE-2024-3303 Improper Neutralization of Input Used for LLM Prompting in GitLab — GitLabCWE-1427 6.4 Medium2025-02-13
CVE-2025-1198 Insufficient Session Expiration in GitLab — GitLabCWE-613 4.2 Medium2025-02-13
CVE-2024-7102 Execution with Unnecessary Privileges in GitLab — GitLabCWE-250 9.6 Critical2025-02-13
CVE-2024-8266 Execution with Unnecessary Privileges in GitLab — GitLabCWE-250 4.4 Medium2025-02-13
CVE-2024-9870 Unintended Proxy or Intermediary ('Confused Deputy') in GitLab — GitLabCWE-441 4.3 Medium2025-02-12
CVE-2025-0516 Incorrect Authorization in GitLab — GitLabCWE-863 4.3 Medium2025-02-12
CVE-2024-12379 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 6.5 Medium2025-02-12
CVE-2025-0376 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLabCWE-79 8.7 High2025-02-12
CVE-2025-1212 Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab — GitLabCWE-497 4.3 Medium2025-02-12
CVE-2025-1042 Files or Directories Accessible to External Parties in GitLab — GitLabCWE-552 4.9 Medium2025-02-12
CVE-2024-10383 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab VSCode Fork — GitLab VSCode ForkCWE-79 8.7 High2025-02-07
CVE-2025-1072 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 6.5 Medium2025-02-07
CVE-2024-2878 Allocation of Resources Without Limits or Throttling in GitLab — GitLabCWE-770 7.5 High2025-02-05
CVE-2024-3976 Missing Authorization in GitLab — GitLabCWE-862 6.5 Medium2025-02-05

This page lists every published CVE security advisory associated with GitLab. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.