In GitLab EE versions 16.6 prior to 16.7.6, 17.8 prior to 17.8.4 and 17.9 prior to 17.9.1 a high severity vulnerability CVE-2025-0555 was detected. This vulnerability allows attackers to bypass security controls and execute arbitrary scripts in a user’s browser under specific conditions. To address this issue, users should upgrade GitLab EE to versions 17.9.1, 17.8.4 or 17.7.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0555.
Read more Developer ToolsIn GitLab CE/EE versions 15.10 prior to 17.7.6, 17.8 prior to 17.8.4 and 17.9 prior to 17.9.1 a high severity vulnerability CVE-2025-0475 was detected. This vulnerability allows attackers to exploit the proxy feature, potentially leading to unintended content rendering and cross-site scripting (XSS) under specific circumstances. To address this issue, users should upgrade GitLab CE/EE to versions 17.9.1, 17.8.4 or 17.7.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0475.
Read more Developer ToolsIn GitLab EE versions 16.2 prior to 17.7.6, 17.8 prior to 17.8.4 and 17.9 prior to 17.9.1 a medium severity vulnerability CVE-2024-10925 was detected. This vulnerability allows attackers to access and view sensitive security configurations in the system. To fix this issue, users should upgrade GitLab EE to versions 17.7.6, 17.8.4 or 17.9.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10925.
Read more Developer ToolsIn GitLab CE/EE versions 16.6 before 17.7.6, 17.8 before 17.8.4 and 17.9 before 17.9.1 a medium severity vulnerability CVE-2024-8186 was detected. This vulnerability allows attackers to inject HTML into the child item search, potentially leading to cross-site scripting (XSS) in certain situations. To address this issue, users should upgrade GitLab CE/EE to versions 17.9.1, 17.8.4 or 17.7.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8186.
Read more Developer ToolsIn GitLab EE versions 15.7 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 a medium severity vulnerability CVE-2025-1042 was detected. This vulnerability allows attackers to view repositories in an unauthorized way due to an insecure direct object reference. To address this issue, users should upgrade GitLab CE/EE to versions 17.8.2, 17.7.4, 17.6.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1042.
Read more Developer ToolsIn GitLab CE/EE versions 16.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 a medium severity vulnerability CVE-2025-1198 was detected. This vulnerability allows revoked Personal Access Tokens to maintain access to streaming results due to long-lived connections in ActionCable. To address this issue, users should upgrade GitLab CE/EE to versions 17.8.2, 17.7.4, 17.6.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1198.
Read more Developer ToolsIn GitLab CE/EE versions 8.3 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 a medium severity vulnerability CVE-2025-1212 was detected. This vulnerability allows attackers to send crafted requests to a backend server to reveal sensitive information. To address this issue, users should upgrade GitLab CE/EE to versions 17.8.2, 17.7.4, 17.6.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1212.
Read more Developer ToolsIn GitLab EE versions starting from 16.0 prior to 17.6.5, starting from 17.7 prior to 17.7.4, and starting from 17.8 prior to 17.8.2 a medium severity vulnerability CVE-2024-3303 was detected. This vulnerability allows attackers to exfiltrate the contents of a private issue using prompt injection. To address this issue, users should upgrade GitLab EE to versions 17.8.2, 17.7.4, 17.6.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-3303.
Read more Developer ToolsIn GitLab CE/EE versions starting from 16.4 prior to 17.5.0 a critical severity vulnerability CVE-2024-7102 was detected. This vulnerability allows attackers to trigger a pipeline as another user under certain circumstances. Currently, there is no fix version for that issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-7102.
Read more Developer Tools