Developer Tools

In GitLab CE/EE versions from 2.1.0 up to and including 17.10.7, 17.11.0 to 17.11.3 and 18.0.0 to 18.0.1 a medium severity vulnerability CVE-2025-5996 was detected. This vulnerability allows authenticated attackers to cause a denial of service due to insufficient input validation in HTTP responses. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.8, 17.11.4 or 18.0.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5996.

In GitLab EE versions from 12.0 up to and including 17.10.7, 17.11.0 to 17.11.3 and 18.0.0 to 18.0.1 a low severity vulnerability CVE-2025-5982 was detected. This vulnerability allows attackers to bypass IP access restrictions and view sensitive information under certain conditions. To address this issue, users should upgrade GitLab EE to versions 17.10.8, 17.11.4 or 18.0.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5982.

In GitLab CE/EE versions from 17.9 up to and including 17.10.6, 17.11.0 to 17.11.2 and 18.0.0 a medium severity vulnerability CVE-2025-5195 was detected. This vulnerability allows authenticated users to access arbitrary compliance frameworks, leading to unauthorized data disclosure. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.7, 17.11.3 or 18.0.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5195.

In GitLab CE/EE versions starting from 18.0 before 18.0.2 a high severity vulnerability CVE-2025-4278 was detected. This vulnerability allows attackers to perform HTML injection in the new search page, which under certain conditions could lead to account takeover. To address this issue, users should upgrade GitLab CE/EE to version 18.0.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4278.

In Argo CD versions prior to 2.13.8, 2.14.13 and 3.0.4 a critical severity vulnerability CVE-2025-47933 was detected. This vulnerability allows attackers with repository edit permissions to perform arbitrary actions on behalf of victims through a cross-site scripting (XSS) flaw caused by improper filtering of URL protocols on the repository page. To address this issue, users should upgrade Argo CD to versions 2.13.8, 2.14.13, 3.0.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-47933.

In GitLab EE versions from 16.6 before 17.9.7, 17.10 before 17.10.5 and 17.11 before 17.11.1 a high severity vulnerability CVE-2025-1763 was detected. This vulnerability allows attackers to perform cross-site scripting (XSS) attacks and bypass content security policies in a user’s browser under specific conditions. To address this issue, users should upgrade GitLab EE to versions 17.9.7, 17.10.5, 17.11.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1763.

In GitLab CE/EE versions from 17.1 before 17.10.7, 17.11 before 17.11.3 and 18.0 before 18.0.1 a medium severity vulnerability CVE-2025-0679 was detected. This issue allows unauthorized users to view full email addresses that should be partially obscured under certain conditions. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.7, 17.11.3, 18.0.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0679.

In GitLab CE/EE versions from 16.8 before 17.10.7, 17.11 before 17.11.3 and 18.0 before 18.0.1 a medium severity vulnerability CVE-2025-0605 was detected. This issue allows certain users to bypass two-factor authentication requirements due to improper group access controls. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.7, 17.11.3, 18.0.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0605.

In GitLab CE/EE versions from 11.1 before 17.10.7, 17.11 before 17.11.3 and 18.0 before 18.0.1 a medium severity vulnerability CVE-2024-12093 was detected. This issue allows a modified SAML response to bypass two-factor authentication requirements under specific conditions due to improper XPath validation. To address this issue, users should upgrade GitLab CE/EE to versions 17.10.7, 17.11.3, 18.0.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12093.