VYPR

Bitnami package

gitlab

pkg:bitnami/gitlab

Vulnerabilities (1,073)

  • CVE-2025-14103Feb 25, 2026
    affected >= 17.7.0, < 18.7.5fixed 18.7.5

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthorized user with Developer-role permissions to set pipeline variables for manually triggered jobs under certa

  • CVE-2025-7659Feb 11, 2026
    affected >= 18.2.0, < 18.6.6fixed 18.6.6

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to steal tokens and access private repositories by abusing incomplete validation in the Web ID

  • CVE-2025-8099Feb 11, 2026
    affected >= 10.8.0, < 18.6.6fixed 18.6.6

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.8 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an unauthenticated user to cause denial of service by sending repeated GraphQL queries.

  • CVE-2025-12073Feb 11, 2026
    affected >= 18.0.0, < 18.6.6fixed 18.6.6

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an authenticated user to perform server-side request forgery against internal services by b

  • CVE-2025-14560Feb 11, 2026
    affected >= 17.1.0, < 18.6.6fixed 18.6.6

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized actions on behalf of another user by injecting

  • CVE-2025-14594Feb 11, 2026
    affected >= 17.11.0, < 18.6.6fixed 18.6.6

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to view certain pipeline values by querying the API.

  • CVE-2025-14592Feb 11, 2026
    affected >= 18.6.0, < 18.6.6fixed 18.6.6

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized operations by submitting GraphQL mutations thr

  • CVE-2026-0595Feb 11, 2026
    affected >= 13.9.0, < 18.6.6fixed 18.6.6

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.9 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to add unauthorized email addresses to victim accounts through HTML in

  • CVE-2026-0958Feb 11, 2026
    affected >= 18.4.0, < 18.6.6fixed 18.6.6

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through memory or CPU exhaustion by bypassing JSON validation middl

  • CVE-2026-1094Feb 11, 2026
    affected >= 18.8.0, < 18.8.4fixed 18.8.4

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI.

  • CVE-2026-1282Feb 11, 2026
    affected >= 18.6.0, < 18.6.6fixed 18.6.6

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to inject malicious content into project labels titles.

  • CVE-2026-1456Feb 11, 2026
    affected >= 18.7.0, < 18.7.4fixed 18.7.4

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through CPU exhaustion by submitting specially crafted markdown files that trigger expo

  • CVE-2026-1458Feb 11, 2026
    affected >= 8.0.0, < 18.6.6fixed 18.6.6

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an unauthenticated user to cause denial of service by uploading malicious files.

  • CVE-2026-1751Feb 2, 2026
    affected >= 16.8.0, < 18.5.0fixed 18.5.0

    A vulnerability has been discovered in GitLab CE/EE affecting all versions starting with 16.8 before 18.5.0 that could have allowed unauthorized edits to merge request approval rules under certain conditions.

  • CVE-2025-13928Jan 22, 2026
    affected >= 17.7.0, < 18.6.4fixed 18.6.4

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to cause a denial of service condition by exploiting incorrect authorization validation in API

  • CVE-2025-13927Jan 22, 2026
    affected >= 11.9.0, < 18.6.4fixed 18.6.4

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.9 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to create a denial of service condition by sending crafted requests with malformed authenticat

  • CVE-2026-0723Jan 22, 2026
    affected >= 18.6.0, < 18.6.4fixed 18.6.4

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an individual with existing knowledge of a victim's credential ID to bypass two-factor authentication by submitting fo

  • CVE-2026-1102Jan 22, 2026
    affected >= 12.3.0, < 18.6.4fixed 18.6.4

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to create a denial of service condition by sending repeated malformed SSH authentication reque

  • CVE-2025-13335Jan 22, 2026
    affected >= 17.1.0, < 18.6.4fixed 18.6.4

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that under certain circumstances could have allowed an authenticated user to create a denial of service condition by configuring malformed Wik

  • CVE-2025-11224Jan 14, 2026
    affected >= 15.10.0, < 18.3.6fixed 18.3.6

    GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to execute stored cross-site scripting through improper input validation in the Kubernetes prox

Page 6 of 54