Shodan
Vulnerabilities
Vulnerable Software
Gitlab:  >> Gitlab  >> 17.11.1  Security Vulnerabilities
CVE-2025-5996
An issue has been discovered in GitLab CE/EE affecting all versions from 2.1.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. A lack of input validation in HTTP responses could allow an authenticated user to cause denial of service.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-06-12
CVE-2025-1516
An issue has been discovered in GitLab CE/EE affecting all versions from 8.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper input validation in Tokens Names could be used to trigger a denial of service.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-06-12
CVE-2025-2254
An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper output encoding in the snipper viewer functionality lead to Cross-Site scripting attacks.
CVSS Score
8.7
EPSS Score
0.001
Published
2025-06-12
CVE-2025-1478
An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in Board Names could be used to trigger a denial of service.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-06-12
CVE-2024-9163
A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs.
CVSS Score
3.5
EPSS Score
0.0
Published
2025-05-23
CVE-2024-7803
An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A Discord webhook integration may cause DoS.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-05-23
CVE-2025-0679
An issue has been discovered in GitLab CE/EE affecting all versions from 17.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Under certain conditions un-authorised users can view full email addresses that should be partially obscured.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-05-22
CVE-2025-0993
An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. This could allow an authenticated attacker to cause a denial of service condition by exhausting server resources.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-05-22
CVE-2024-12093
An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Improper XPath validation allows modified SAML response to bypass 2FA requirement under specialized conditions.
CVSS Score
6.8
EPSS Score
0.0
Published
2025-05-22
CVE-2025-0605
An issue has been discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Group access controls could allow certain users to bypass two-factor authentication requirements.
CVSS Score
4.6
EPSS Score
0.0
Published
2025-05-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved