T
TraceWithin

Gitlab Vulnerabilities

Comprehensive security vulnerability database for Gitlab products

Last updated: Mar 11, 2026
Total CVEs

4

Critical

1

With Exploits

7

Last 30 Days

6

Severity Distribution

Critical1
25%
High2
50%
Medium4
100%
Low0
0%
AllCriticalHighMediumLow
DescriptionVendor / ProductExploit Status
CVE-2026-06024.3

An attacker with an authenticated account could potentially access sensitive metadata from private issues, merge requests, and other project elements due to a flaw in how GitLab handles snippets. This issue affects specific versions of GitLab and occurs under certain conditions when rendering snippets.

gitlabgitlab
Exploit Available
27 days agoMar 11, 2026
CVE-2025-136906.5

This vulnerability allows an authenticated user to crash the GitLab server, leading to a denial of service, by sending specially crafted webhook header names. It affects specific versions of GitLab and requires the attacker to have access to an account on the system.

gitlabgitlab
Exploit Available
27 days agoMar 11, 2026
CVE-2025-127044.3

An attacker could access sensitive Virtual Registry data from groups they don't belong to if they were already logged into GitLab, due to a flaw in the system's authorization checks. This issue affects specific versions of GitLab and requires the attacker to be an authenticated user.

gitlabgitlab
Exploit Available
27 days agoMar 11, 2026
CVE-2025-126974.4

This vulnerability allows an attacker with maintainer permissions to potentially expose sensitive Datadog API credentials. It only affects specific versions of GitLab and requires the attacker to be logged in as a maintainer to exploit the issue.

gitlabgitlab
Exploit Available
27 days agoMar 11, 2026

About Gitlab Security

This page tracks all publicly disclosed security vulnerabilities (CVEs) affecting Gitlab products. Our database is updated in real-time from the National Vulnerability Database (NVD) and enriched with exploit information from GitHub and other security research sources.

Each CVE listing includes CVSS severity scores, exploit availability status, AI-powered vulnerability summaries, and links to official patches and security advisories.