Where
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how gitlab compares to other vendors in security performance

View Risk Score →

GitLab GitLab 19.0End of life details

EOL
Aug 20, 2026
Support Ends
Jun 18, 2026
First published (updated )
EOL-gitlab-19.0

GitLab GitLabImproper Control of Generation of Code ('Code Injection') in GitLab

Risk 34
Severity
5.4
First published (updated )
CVE-2025-12669

GitLab GitLabAuthorization Bypass Through User-Controlled Key in GitLab

Risk 22
Severity
4.3
First published (updated )
CVE-2025-13874

GitLab GitLabImproper Validation of Specified Quantity in Input in GitLab

Risk 43
Severity
7.5
First published (updated )
CVE-2025-14869

GitLab GitLabAllocation of Resources Without Limits or Throttling in GitLab

Risk 43
Severity
7.5
First published (updated )
CVE-2025-14870
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

GitLab GitLabDeserialization of Untrusted Data in GitLab

Risk 43
Severity
7.5
First published (updated )
CVE-2026-1184

GitLab GitLabBusiness Logic Errors in GitLab

Risk 60
Severity
8.1
First published (updated )
CVE-2026-1322

GitLab GitLabAuthorization Bypass Through User-Controlled Key in GitLab

Risk 22
Severity
4.3
First published (updated )
CVE-2026-1338

GitLab GitLabAllocation of Resources Without Limits or Throttling in GitLab

Risk 43
Severity
7.5
First published (updated )
CVE-2026-1659

GitLab GitLabMissing Authorization in GitLab

Risk 16
Severity
2.7
First published (updated )
CVE-2026-2900
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

GitLab GitLabAuthorization Bypass Through User-Controlled Key in GitLab

Risk 22
Severity
4.3
First published (updated )
CVE-2026-3073

GitLab GitLabAuthorization Bypass Through User-Controlled Key in GitLab

Risk 22
Severity
4.3
First published (updated )
CVE-2026-3074

GitLab GitLabUnintended Proxy or Intermediary ('Confused Deputy') in GitLab

Risk 30
Severity
5.8
First published (updated )
CVE-2026-3160

GitLab GitLabAccess Control Check Implemented After Asset is Accessed in GitLab

Risk 22
Severity
4.3
First published (updated )
CVE-2026-3607

GitLab GitLabAuthentication Bypass Using an Alternate Path or Channel in GitLab

Risk 38
Severity
6.5
First published (updated )
CVE-2026-4524
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

GitLab GitLabCross-Site Request Forgery (CSRF) in GitLab

Risk 37
Severity
6.5
First published (updated )
CVE-2026-4527

GitLab GitLabAuthorization Bypass Through User-Controlled Key in GitLab

Risk 22
Severity
4.3
First published (updated )
CVE-2026-6063

GitLab GitLabImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

Risk 61
Severity
8.7
First published (updated )
CVE-2026-6073

GitLab GitLabImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

Risk 34
Severity
5.4
First published (updated )
CVE-2026-6335

GitLab GitLabMissing Authorization in GitLab

Risk 16
Severity
4.3
EPSS
0.01%
First published (updated )
CVE-2026-6883
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

GitLab GitLabImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

Risk 45
Severity
8.7
EPSS
0.06%
First published (updated )
CVE-2026-7377

GitLab GitLabServer-Side Request Forgery (SSRF) in GitLab

Risk 14
Severity
3.5
EPSS
0.01%
First published (updated )
CVE-2026-7471

GitLab GitLabImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

Risk 45
Severity
8.7
EPSS
0.05%
First published (updated )
CVE-2026-7481

GitLab GitLabAllocation of Resources Without Limits or Throttling in GitLab

Risk 27
Severity
6.5
EPSS
0.06%
First published (updated )
CVE-2026-8280

GitLab GitLabMissing Authorization in GitLab

Risk 16
Severity
4.3
EPSS
0.01%
First published (updated )
CVE-2026-8144
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

GitLab GitLabImproper Restriction of Rendered UI Layers or Frames issue in Mermaid sandbox impacts GitLab CE/EE

Risk 19
Severity
3.5
First published (updated )
CVE-2026-3254

GitLab GitLabCross-Site Request Forgery issue in GraphQL API impacts GitLab CE/EE

Risk 59
Severity
8.1
First published (updated )
CVE-2026-4922

GitLab GitLabDenial of Service issue in discussions endpoint impacts GitLab CE/EE

Risk 38
Severity
6.5
First published (updated )
CVE-2025-0186

GitLab GitLabDenial of Service issue in GraphQL API impacts GitLab CE/EE

Risk 38
Severity
6.5
First published (updated )
CVE-2025-3922

GitLab GitLabDenial of Service issue in notes endpoint impacts GitLab CE/EE

Risk 38
Severity
6.5
First published (updated )
CVE-2025-6016
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203