Developer Tools

In GitLab CE/EE versions from 17.11 before 17.11.4 and 18.0 before 18.0.2 a high severity vulnerability CVE-2025-5121 was detected. This vulnerability allows attackers to apply compliance frameworks to projects outside of the intended compliance framework’s group due to a missing authorization check. To address this issue, users should upgrade GitLab CE/EE to versions 17.11.4 or 18.0.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5121.

In GitLab EE versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1 a high severity vulnerability CVE-2025-2443 was detected. This vulnerability allows attackers to perform cross-site scripting (XSS) attacks and bypass content security policy (CSP) protections in the user’s browser under specific conditions. To address this issue, users should upgrade GitLab EE to versions 17.9.7, 17.10.5 or 17.11.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2443.

In GitLab EE versions from 17.0 prior to 17.0.6, 17.1 prior to 17.1.4 and 17.2 prior to 17.2.2 a medium severity vulnerability CVE-2024-7586 was detected. This vulnerability allows authentication credentials to be preserved in the audit logs when webhooks are deleted, potentially exposing sensitive information. To address this issue, users should upgrade GitLab EE to versions 17.0.6, 17.1.4 or 17.2.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-7586.

In GitLab CE/EE versions from 16.1.0 before 16.11.5, 17.0 before 17.0.3 and 17.1.0 before 17.1.1 a high severity vulnerability CVE-2024-4994 was detected. This vulnerability allows attackers to perform Cross-Site Request Forgery (CSRF) attacks against GitLab’s GraphQL API, enabling the execution of arbitrary GraphQL mutations. To address this issue, users should upgrade GitLab CE/EE to versions 16.11.5, 17.0.3 or 17.1.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-4994.

In GitLab CE/EE versions from 7.10 before 16.11.5, 17.0 before 17.0.3 and 17.1 before 17.1.1 a medium severity vulnerability CVE-2024-4025 was detected. This vulnerability allows attackers to trigger a Denial of Service (DoS) condition by using a crafted markdown page. To address this issue, users should upgrade GitLab CE/EE to versions 16.11.5, 17.0.3 or 17.1.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-4025.

In Portainer Community Edition versions prior to STS 2.31.0 and LTS 2.27.7 a medium severity vulnerability CVE-2025-49593 was detected. This vulnerability allows HTTP headers – including registry authentication credentials or Portainer session tokens – to be leaked if a Portainer administrator registers a malicious container registry or if an existing registry is compromised. To address this issue, users should upgrade Portainer CE or BE version 2.31.0 or later for STS, or version 2.27.7 or later for LTS. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-49593.

In GitLab CE/EE versions from 8.7 before 17.10.8, 17.11 before 17.11.4 and 18.0 before 18.0.2 a medium severity vulnerability CVE-2025-1516 was detected. This vulnerability allows attackers to trigger a denial of service due to improper input validation in token names. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.8, 17.11.4 or 18.0.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1516.

In GitLab CE/EE versions from 8.13 before 17.10.7, 17.11 before 17.11.3 and 18.0 before 18.0.1 a medium severity vulnerability CVE-2025-1478 was detected. This vulnerability allows attackers to trigger a denial of service due to lack of input validation in board names. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.7, 17.11.3 or 18.0.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1478.

In GitLab CE/EE versions from 17.7 before 17.10.8, 17.11 before 17.11.4 and 18.0 before 18.0.2 a high severity vulnerability CVE-2025-0673 was detected. This vulnerability allows attackers to trigger an infinite redirect loop, potentially leading to a denial of service condition. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.8, 17.11.4 or 18.0.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0673.